Data Breach - When Traditional Layers Of Cybersecurity Fail
"How Prepared Are You?"
What happens when your traditional layers of cybersecurity fail? How can you stay ahead of the game? Nobody could ever be prepared enough when it comes to cybersecurity. The best that one can do is to expect the worst and be ready to receive the impact when it comes.
The Age of Digitalisation brought much success to many businesses, be it SMEs or big corporations. However, with these success stories, an alarming number of cyber attacks are reported in recent years. These cyber attacks hinder businesses and greatly affect many aspects such as credibility, work efficiency and most importantly loss in revenue. Cyber attacks can come in various forms, examples include malware, phishing emails and more which can lead to possible data breaches.
According to a 2019 survey by endpoint security firm, Carbon Black, 96% of the surveyed Singapore firms have had data breaches due to cyber attacks. The results are worrying as data breaches can impact a business financially to a huge extent. These attacks are estimated to cost Singaporean businesses $1.7million per breach, according to Channel Asia. These numbers can easily cripple and crumble many SMEs that are not financially ready to receive such an impact. In Singapore and Malaysia, SMEs contribute to 40% each for their nation's GDP, translating that the importance of SMEs in these countries.
With the recent changes to the Personal Data Protection Act (PDPA) in Singapore, businesses that are found guilty of a data breach are now expected to pay a heftier fine based on their annual company turnover. This is to ensure a safer environment in the digitised world by strengthening data protection standards. From SMEs to big corporations, there is always much valuable and personal data that can be potentially compromised. The data may include customer’s personal data as well as employee’s personal data such as NRIC, Date of Birth, residential addresses and bank information. In recent news, Eatigo reported a data breach with potentially 2.8 million accounts illegally accessed. Similarly, Lazada, reported a data breach from their recent acquisition, RedMart. It was reported that personal information from 1.1million RedMart accounts was stolen as a result of the data breach.
If you think that SMEs are safe from cyber attacks, you are wrong. In fact, 43% of cyber attacks were reportedly targeted at SMEs. In 2019, Homegrown fashion label, Love, Bonito reported a data breach with their users’ information compromised. SMEs may not be able to cushion such an impact financially compared to big corporations with deep pockets, especially with the new amendment to the PDPA. For many SMEs, it could mean the closure of businesses. However, there are certain measures that SMEs could implement to prevent being caught in such a situation.
Hire an external consultant
Businesses should always be looking towards increasing productivity and efficiency that translates to revenue. This is why hiring an external consultant or a service provider to manage your data and cybersecurity needs is vital. Businesses shouldn’t be worrying about scouting for cybersecurity talents. Not only are they much more costly, it is also more feasible to let a team of experts who specialise in specific areas of expertise, manage your data and security solutions. In addition, they are well equipped with knowledge and experience which can definitely bring much value in the event of a cyber attack. Hence, there is a business case for engaging MSPs to handle cybersecurity as it is more cost efficient.
Let the experts manage and mitigate cyber risks while your business focus on the main goal of profiting.
Employee Training
You can be well protected in every aspect, thinking there are no loopholes. However, research has shown that more often than not employees unknowingly aid in cyber attacks leading to data breaches. According to Security Magazine, employees are behind 4 in 10 data breaches. Phishing emails and file-based malware are among a few common deceits that employees usually fall for. This suggests a strong need for businesses to provide frequent training on cybersecurity for their employees as they are the weakest link.
The Failsafe
The big question: WHAT IF? When all else fails, what can businesses rely on? Most businesses may already have security measures implemented to prevent cyber attacks however, in the worst case scenario, a data breach might still happen.
Cyber insurance helps businesses cushion their financial impact in the case of a cyber attack and data breach. For example, during an email phishing incident, cyber insurance covers the entire cost of the forensics process which is a huge financial setback for businesses if not insured. In ransomware incidents, bitcoins are usually the currency requested to be paid in. However, if insured, the ransom fee would be covered in full. SMEs can easily crumble if caught in situations like these, paying a huge sum of money for forensics and bitcoins.
Where and How to Get Covered?
Netpluz Asia is the first Managed Communications Service Provider (MSP) to introduce cyber insurance into our existing wide array of comprehensive data, voice and video solutions. As a one-stop MSP with 24/7 support, Netpluz Asia can help spur your businesses on to greater heights while making the journey smooth and secure by the delivery of high quality services.
An upcoming webinar by Netpluz Asia featuring Commercial Director, Kenneth Wee and guest speaker from Chubb, Elsa Xu, Financial Lines Manager, aims to highlight the topic of cybersecurity management, risk transfer, and how insurance comes into play.
Find out more about the webinar and cyber insurance.
References:
Baharudin, Hariz. “Love, Bonito Customers’ Data Breached, Credit Card Details Exposed, Watchdog Investigating.” The Straits Times, 13 Dec. 2019, www.straitstimes.com/tech/love-bonito-customers-data-breached-credit-card-details-exposed-watchdog-investigating.
“Carbon Black Reveals 96 Percent of Firms in Singapore Suffer Data Breaches.” CISO MAG | Cyber Security Magazine, 3 Oct. 2019, cisomag.eccouncil.org/around-96-percent-of-singapore-businesses-suffer-data-breach-survey/#:~:text=Around%2096%20percent%20of%20Singapore%20Businesses%20Suffer%20Data%20Breach%3A%20Survey,-By&text=According%20to%20the%20research%20findings,an%20increase%20in%20attack%20volumes.
“Eatigo Reports Data Breach, Personal Data from Customer Accounts Listed for Sale Online.” CNA, www.channelnewsasia.com/news/singapore/eatigo-data-breach-personal-information-millions-account-13425082.
Henderson, James. “Security Attacks Cost Singaporean Businesses $1.7M per Breach.” Channel Asia, www.channelasia.tech/article/670400/security-attacks-cost-singaporean-businesses-1-7m-per-breach/.
Kapur, Ricky. “Cybersecurity for Small-and-Medium Enterprises in Asia Pacific.” Microsoft Stories Asia, 29 Oct. 2020, news.microsoft.com/apac/2020/10/29/cybersecurity-for-small-and-medium-enterprises-in-asia-pacific/.
“Lazada Suffers Data Breach; Personal Information from 1.1 Million RedMart Accounts for Sale Online.” TODAYonline, www.todayonline.com/singapore/lazada-suffers-data-breach-personal-information-11-million-redmart-accounts-sale-online.
“Microsoft: Digital Transformation Doesn’t Make SMEs Immune to Cyber Threats.” Securitybrief.Asia, securitybrief.asia/story/microsoft-digital-transformation-doesn-t-make-smes-immune-to-cyber-threats.
“Stressed Employees behind 4 in 10 Data Breaches.” Www.Securitymagazine.com, www.securitymagazine.com/articles/93921-stressed-employees-behind-4-in-10-data-breaches.
Wong, Lester. “Parliament: Proposed Changes to PDPA Include Stiffer Fines for Data Breaches, Mandatory Notification When They Occur.” The Straits Times, 5 Oct. 2020, www.straitstimes.com/politics/parliament-proposed-changes-in-law-include-stiffer-fines-for-data-breaches-mandatory.
Author: Sebastian Toh