Security attacks continue to rise at an accelerated pace in Singapore with more than 80 per cent of businesses suffering a breach within the past 12 months.
Representing an average of 1.67 breaches per organisation, new VMware findings highlight a 43 per cent spike in attack volumes across the city-state within the space of a year, with 67 per cent “more sophisticated” in nature.
Specifically, OS vulnerabilities (20 per cent) represent the leading cause of breaches, followed by third-party application breaches and web application attacks (15 per cent) - more than double the impact of the previous year. Meanwhile, “island-hopping” has more than tripled in frequency to become the "most commonly experienced attack" for 10 per cent of Singaporean organisations, causing 12 per cent of breaches in the process.
Under the banner of Extended Enterprise Under Threat, findings are based on a survey of 251 Singapore-based technology executives, spanning CIOs, CTOs and CISOs.
Conducted in partnership with Carbon Black - acquired by VMware in late 2019 - research suggests that such an increase in breaches will prompt a rise in cyber defence spending among 90 per cent of executives surveyed during the coming year, with businesses currently using an average of 11 different security technologies.
“Island-hopping is having an increasing breach impact with 12 per cent of survey respondents citing it as the main cause,” observed Rick McElroy, cyber security strategist at VMware Carbon Black. “In combination with other third-party risks such as third-party apps and the supply chain, it’s clear the extended enterprise is under pressure.
“Siloed, hard-to-manage environments hand the advantage to attackers from the start. Evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment. As the cyber threat landscape reaches saturation, it is time for rationalisation, strategic thinking and clarity over security deployment.”
Supported by a supplemental survey - housing more than 1000 respondents from Singapore, the US, UK and Italy - 93 per cent of technology executives in the city-state also reported a sharp increase in attack volumes as more employees work from home.
Specifically, 90 per cent of organisations have experienced cyber attacks directly linked to Covid-19 malware, with an inability to institute multi-factor authentication (MFA) cited as the biggest security threat to businesses.
“The global situation with Covid-19 has put the spotlight on business resilience and disaster recovery planning,” McElroy outlined. “Those organisations that have delayed implementing MFA appear to be facing challenges, as 32 per cent of Singaporean respondents say the inability to implement MFA is the biggest threat to business resilience they are facing right now.”
Delving deeper, 86 per cent of end-users reported gaps in disaster planning specific to communications with external parties including customers, prospects and channel partners across Singapore.
Furthermore, 85 per cent encountered problems around enabling a remote workforce; 78.5 per cent experienced challenges communicating with employees and 73.5 per cent acknowledged that the situation uncovered gaps around visibility into cyber security threats.
“These figures indicate that the surveyed CISOs may be facing difficulty in a number of areas when answering the demands placed on them by the Covid-19 situation,” McElroy added. “We must also collaborate with IT teams and work to remove the complexity that’s weighing down the current model.
“By building security intrinsically into the fabric of the enterprise – across applications, clouds and devices – teams can significantly reduce the attack surface, gain greater visibility into threats, and understand where security vulnerabilities exist.”