SMEs urged to protect against cyber attacks

Mr Steve Lam, advisory partner at EY Advisory, and Mr Paul Van Kessel, EY's global advisory cyber security leader, at the briefing yesterday. EY advised organisations to disconnect infected machines from their networks and take all back-ups offline i
Mr Steve Lam, advisory partner at EY Advisory, and Mr Paul Van Kessel, EY's global advisory cyber security leader, at the briefing yesterday. EY advised organisations to disconnect infected machines from their networks and take all back-ups offline in the wake of the WannaCry ransomware attacks.PHOTO: ERNST & YOUNG

EY says number of ransomware cases worldwide has risen 170-fold over past three years

The number of ransomware attacks has increased about 170-fold across the world over the past three years, with the real risk of even more to come, according to business consultancy Ernst & Young (EY).

Mr Paul Van Kessel, EY's global advisory cyber security leader, told a briefing here yesterday that the estimated total damage of the WannaCry ransomware attack that took place last weekend was "hundreds of millions" of dollars worldwide.

"Taking the business outage into consideration, you reach US$4 billion (S$5.6 billion) in terms of cost," he added.

The briefing was held in response to the WannaCry attacks.

Small and medium-sized enterprises here are said to have been the most vulnerable because they do not have the resources of a large enterprise to protect themselves.

EY is advising organisations to disconnect infected machines from their networks and take all back-ups offline.

The firm also urges companies to activate their incident response plan. Teams investigating incidents should include individuals from different departments, including legal, compliance, information security, business, public relations and human resources.

MORE VULNERABLE

Once you start linking more devices to the Internet, things can be exploited more easily.

MR STEVE LAM, an advisory partner at EY Advisory.

Organisations should identify and address vulnerabilities in their connected ecosystem, a task that can be done by installing security updates, as well as malware and anti-virus detection. They should also patch their systems before powering up computers and keep systems up to date with an enterprise-level patch and vulnerability management programme.

The briefing also touched on Singapore's drive to become a Smart Nation, an initiative launched in 2014 to provide more tech-enabled solutions to improve urban living.

"Once you start linking more devices to the Internet, things can be exploited more easily," said Mr Steve Lam, an advisory partner at EY Advisory.

He stressed the importance of patching such devices to combat the vulnerabilities they possess.

A version of this article appeared in the print edition of The Straits Times on May 17, 2017, with the headline 'SMEs urged to protect against cyber attacks'. Print Edition | Subscribe