Without a doubt, 2020 has been a tough year for both businesses and individuals in Singapore. While we have responded admirably to COVID-19 by accelerating our use of technology, a side effect of our digitalisation drive has also fueled the growth of cyber-attacks, exposing gaps in business recovery and highlighting some of the pain points that come with an increased reliance on the internet.
Before we start reading the tea leaves for 2021, it is worth having a quick recap of what happened in Singapore during this year. When it came to cybersecurity trends for businesses, Kaspersky researchers found that phishing attacks blocked by the cybersecurity company for small-medium businesses (SMBs) increased by 60% to reach 89,351 in 1H 2020 as compared to the same period in 2019, with phishing topics pertaining to COVID-19, employee appraisals, password check requests used to lure unsuspecting users to click on infected links or malicious attachments. On the ransomware front, Singapore reported a 90% reduction in the number of blocked attacks against local SMBs, which was a positive sign that ransomware attacks have become lesser in quantity.
Regarding cybersecurity trends for consumers, Kaspersky’s Digital Comfort Zone survey found that 72% of Singaporeans felt that their digital lifestyles were secure, but over two in five have knowingly been hacked (44%). Many of the respondents also reported shifting their in-person activities online, with 60% of them shopping online and 48% having their work meetings virtually. Despite the significant shift to conducting one’s personal and work affairs online, a key takeaway was on how 56% of all respondents had yet to adapt their online processes to reflect the new reality of working from home.
“Clearly, the COVID-19 pandemic has reshaped both our physical and digital relationships with each other, whether be it personal or work-related. The snapshot of Singapore’s cybersecurity landscape in 2020, based on our telemetry, shows that while more work is required in building up our cyber-resilience, a quick peek into what to expect for 2021 can help us plan properly and stay ahead of the curve,” says Muhammad Umair, Security Researcher for Global Research and Analysis Team (GReAT) Asia Pacific (APAC) at Kaspersky.
To help you better visualise how it would look like next year, here are five areas you should keep a lookout for as we enter the new year.
Attack Surface Broadening
With the “work from home” culture becoming more prevalent as a result of the pandemic, the attack surface for organisations has significantly increased. The attacks geared towards this particular segment has seen an increase in Singapore and is expected to continue through next year, as security vendors race to provide enterprise-level security to essentially “home” users who are now connecting remotely to their corporate networks.
Companies rapidly transforming their technologies to facilitate remote working model for organisations are likely to see more vulnerabilities discovered and exploited as was the case with Zoom this year. The security issues historically only linked to BYOD setups will now be a norm entering 2021.
Threats to Healthcare Sector
Singapore has been steadily digitalising its healthcare sector and has been investing to bring technologies like telehealth, virtual care, and remote monitoring into everyday use. However, there has been a large increase in the use of such technologies during the pandemic, and this is expected to continue through next year. All these technologies, while convenient, provide additional attack vectors and increase the likelihood of cyber attacks and incidents like the HIV Patient Data Leak in 2019. The health sector thus particularly is expected to see a continued rise in attacks during 2021.
Digitalisation of Local Businesses
Singapore has committed SG$500 million to helping local businesses in their digital transformation. This is bringing about an increased use of e-payments/e-invoices/transactions and is expanding the online Foods and Beverages as well as Services industry. The number of targets for financially motivated attackers is increasing and a rise in such attack activity is expected to be seen in 2021 including an increase in the use of web skimmers.
Ransomware activity as per our telemetry had seen a declinelately. With the online services in Singapore expanding including local businesses and the healthcare sector, this trend is expected to be reversed in 2021 with existing and emerging actors attempting to exploit an increasing number of potential targets.
Cloud Security and AI
An ever increasing number of companies is shifting their business models to incorporate cloud and containers due to the ease of scalability and general convenience they provide. While vendors are catching up with cloud and container security, this is still a relatively new attack surface and more vectors and vulnerabilities are expected to be discovered and/or abused during 2021.
There has also been an increased adoption of AI in security products. Regardless of how sophisticated these AI models might be, there is a likelihood that attackers will start to find loopholes within these to exploit/evade them. Going through next year, we might see malware employing new techniques to such an end.
Thoughts to ponder in 2021
With the increased adoption levels of technology in Singapore, so will the number of attack surface and potential attack vectors throughout various industries and we expect this trend to continue.
While security companies like Kaspersky are playing catch up to this paradigm shift across the globe to deliver relevant and customised solutions, organisations themselves also need to be more vigilant. This vigilance includes both deploying solutions that protect this new mode of business/services as well as educating their employees to be ever more conscious of potential lures and social engineering that in a large number of cases end up forming the weakest link in an organisation’s security.
As the green shoots of recovery start to sprout once the dust from the COVID-19 outbreak has settled, it is equally important that we not neglect our own digital health as well, so we may welcome 2021 with open arms and take advantage of all the opportunities it has to offer.