Cybersecurity Cheat Sheet
Our increasingly digital world is opening up business opportunities like never before. With exponential growth comes an unprecedented transaction volume that inevitably opens up security risks. The Cyber Security Agency of Singapore (CSA) reports that attacks involving ransomware, malicious command &control servers and botnet drones have increased drastically, and phishing, website defacements and cybercrime continue to plague the region.
All businesses in every industry, without exception, are susceptible to adversity caused by cyber-attacks. If you are an SMB in Singapore navigating digital trends to grow your business over the next few years, you and your teams will need to stay on top of your cybersecurity literacy.
Use our cybersecurity cheat sheet to arm yourself with the concepts,regulations and solutions you will need to know about to conduct business safely and stay competitive in today’s market.
Top 10 Cybersecurity Issues You Should Know About
- Social Engineering: Mostly phishing emails that prey on emotions to get people to click on malicious links that load malware onto devices. 1 out of 3 attacks in 2020 used social engineering (Data Breach Report, Verizon).
- Distributed-Denial-of-Service (DDoS) attacks: Cybercriminals form botnets – networks of hacked devices – through malware or criminal activity. DDoS attacks overwhelm operating systems and demand ransom to regain control.
- Passive Attacks: Hackers monitor communication and information flow on networks. Passive monitoring, as opposed to active break-in activity, makes them difficult to detect.
- SQL Injection Attacks: Aimed at data-driven websites. SQL commands read sensitive data, execute operations, modify data, and issue orders on your website.
- Cloud Computing: Unprotected, unpatched cloud servers are hacked to steal data. 5 million attacks on cloud accounts in 2020 (McAfee Labs Threat Report).
- Ransomware & Malware: Programs encrypt private data and demand ransom payments for release. Typically involves system downtime, productivity loss and hardware rebuild/replacement. Ransom amounts reached $1.4 billion in 2020 (Ransomware Report, Emsisoft Malware Lab).
- Internet of Things (IoT) Breaches: Breaches of personal IoT devicesg., phones or tablets. WFH employees at risk. Easy to miss for IT departments.
- Drive-By Attacks: Malicious scripts inserted into weak HTML or PHP website source code. Visitors directed to risky sites or malware downloaded directly on their computers.
- Password Attacks: Weak passwords are easy targets for network hackers. 80% of hacking-related breaches in 2020 linked to passwords (Verizon Data Breach Investigations Report).
- Third Party Breaches: Hackers access data through 3rd party resources, costing $4.29million on average to recover (Security Scorecard).
Malware, phishing, 3rd party breaches, oh my!
Yes, the rising number of cybersecurity challenges you need to prepare for may seem daunting but worry not. Cybersecurity and IT services are evolving to meet the needs of the modern business. Services are being segmented and tailored to meet every size and scope of business. MyRepublic has a number of these.
Whatever your business needs, start with a simple checklist to cover your bases:
Cybersecurity Solutions Checklist
Engage a team of cybersecurity experts to assess your vulnerabilities and risks, or learn how to best mitigate and respond to a security incident.
Make a Recovery Plan Even the most secure of systems can be subject to breaches. Your cybersecurity consultants can map out a recovery planfor you.
Secure Your Network Secure network traffic across your organisation with a managed firewall service. Optfor a dedicated firewall on your physical infrastructure or a virtual firewall.
Managed Endpoint Security With the shift to remote work, endpoint security is especially critical. Safeguard sensitive data on devices connected to your network with a managed endpoint service.
Stay Informed: Singapore’s Regulations and Penalties
Singapore takes cybersecurity seriously. In his foreword for the 2020 Singapore Cyber Landscape, CSA Chief Executive and Commissioner of Cybersecurity David Koh emphasized the data leaks and ransomware attacks on essential services that grabbed headlines all over the world. He wrote, “Taken together, these shifts in our threat landscape over the past year underscore the diverse challenges in cybersecurity, which must be met by a whole-of-society effort and collective responsibility between stakeholders in the public and private sectors. The Government has and will always take the lead in national cybersecurity efforts.”
Familiarise yourself with the cybersecurity laws, regulations and penalties imposed by Singapore:
- Baseline of protection for personal data in Singapore governing the collection, use, disclosure and care of personal data.
- Regulates the flow of personal data and reinforces Singapore’s position as a trusted hub for businesses.- Organizations in Singapore can be fined up to S$1 million or 10% of their annual revenue for non-compliance.
- Framework for Critical Information Infrastructure (CII) owners to proactively protect their data and networks from cyber-attacks.
- Includes sharing CII information with the Cyber Security Agency of Singapore (CSA) in the event of a cyber-attack.
- Non-compliance can result in a S$10,000 fine per issue.
- Penalties for persons knowingly causing a computer to secure access without authority.
- Fine not exceeding S$5,000 or imprisonment for a term no more than 2 years or both.
- Established to provide a cost-effective regime for the info-communications industry to evaluate and certify their IT products against the CC (Common Criteria) standard for Information Technology Security Evaluation in Singapore.
- The CC, now recognised as ISO/IEC 15408, is the driving force for the widest available mutual recognition of secure IT products.
- The CC is adopted by members of Common Criteria Recognition Arrangement (CCRA) of which Singapore is a Certificate Authorizing Member.
- Governs the Intellectual Property (IP) rights of works in Singapore.
- Criminalises copyright infringement. An infringing individual can be fined for up to S$10,000 per infringing copy up to a total of S$100,000, jailed for up to 5 years or given both punishments.
- The MAS regularly issues notices, strategies and guidelines to help financial institutions achieve cyber resilience.
- They have issued 11 Notices on Cyber Hygienefor banks, insurers, capital markets services license holders, designated payment system operators, financial advisors, insurance brokers, settlement institutions and trust businesses.
Cybersecurity Terms to Remember
Advanced Persistent Threat (APT): Sophisticated cyber-attack conducts ongoing cyber espionage & malicious activity.
Attack surface: Sum of all points of exposure to attack by unauthorized users. Includes known, unknown and potential vulnerabilities.
Bot/Botnet: Computer or network of infected devices connected to Internet. Undertakes activities under control of remote administrator.
Bring your own device (BYOD): Employees allowed to use personal devices for work purposes.
Brute force attack: Computational power used to automatically enter vast quantity of number combinations to discover passwords.
Critical Information Infrastructure (CII): Computer or a computer system located wholly or partly in Singapore, necessary for the continuous delivery of an essential service. The loss or compromise of the computer or computer system will have a debilitating effect on the availability of the essential service in Singapore.
Cryptocurrency: Also known as virtual currency or digital currency. A digital token system secured, verified and maintained by a decentralised system using cryptography, rather than a central authority. The digital tokens can be used as a medium of exchange, a unit of account or a store of value.
Dark Web: Part of the internet only accessible through untraceable software or anonymous users.
Data Breach: Unauthorised access, transmission, copy, view, storage, processing or modification of personal or confidential information, whether intentional or unintentional.
Denial of service (DoS): Prevents authorised use of information system services or resources. Impairs access by overloading service with requests.
Downloader: Type of malware that facilitates the download, installation and running of other malware on a system by connecting to another website or server.
Endpoint: Internet-capable computer devices connected to a network, e.g., desktop, laptop, mobile phone.Firewall: Virtual boundary surrounding a network or device used to protect it from unwanted access
Internet of Things (IoT): Everyday objects, e.g., kettles, fridges and televisions, with ability to connect to Internet.
Malware: Malicious software including viruses, trojans, worms, code or content that adversely impact organisations or individuals.
Man-in-the-middle Attack (MitM): Cyber criminals interpose themselves between victim and website when victim tries to harvest/alter information.
Patching: Applying updates to firmware or software to improve security or enhance performance.
Phishing: Mass emails asking for sensitive information or pushing to visit fake website. Generally untargeted.
Proxy server: Server between a computer and Internet. Enhances cybersecurity and prevents attackers accessing computer or private network directly.
Ransomware: Malware that encrypts all data on PC or mobile device. Blocks owner’s access and charges ransom for decryption key.
Social engineering: Manipulating people into carrying out actions or divulging information. Tactics include lies, psychological tricks, bribes, extortion, impersonation.
Spoofing: Faking action of sending address of transmission to gain unauthorised access.
SSL / Secure Sockets Layer: Encryption method to ensure safety of data sent and received from user to specific website and back.
Two-factor authentication (2FA): Use of two different components to verify a user’s claimed identity.
The MyRepublic and Inspira partnership solidifies our commitment toa shared goal: delivering the most sophisticated cybersecurity solutions, consulting, and managed services in Singapore.
With your communications service provider and cybersecurity expert working hand in hand to keep your organization safe from the threat of cybercrime, you can focus on transforming, growing and sustaining your business.