Fortify your business: Ransomware is eyeing your small enterprise – are you prepared?

For ZTK Engineering*, the first attack crippled its systems. The second drained its bank accounts.

In 2023, the 130-employee company came to a standstill when hackers encrypted its databases, crippling its operations. Despite the risk of delayed projects and strained client relationships, Mr Low*, the company’s chief executive officer, refused to pay the $80,000 ransom.

Instead, the company staff spent months trying to rebuild the systems and databases from scratch.

They thought the worst was over. But secretly, the hackers also stole sensitive company emails and data, mining their communications for valuable insights. Three months later, the cyber criminals sent a convincing spoof email from a trusted supplier, offering surplus steel plates at half price.

Delighted at the offer, ZTK* quickly transferred $180,000 to what they thought was their supplier’s account, only to discover they had been duped.

“We did not know what was stolen, nor what the hackers would do next,” reflected Mr Low*. “We could have saved ourselves the trouble if we had informed the authorities and implemented stronger security systems right from the beginning.”

This incident was just one of several cited by the Cyber Security Agency of Singapore (CSA) in its Singapore Cyber Landscape 2023 report. The report highlighted how vulnerable small and medium-sized enterprises (SMEs), in particular, are to ransomware attacks.

An SME with weak cyber security is highly vulnerable, much like a poorly defended castle.

Click on the pulsing story elements below to uncover and dispel common misconceptions about business cyber security.

Under siege? Paying the ransom will not protect your keep. Click on the pulsing story elements below to find out how making the wrong choice can leave your business vulnerable to attacks.

You are not alone in this journey. Click on the pulsing story elements below to discover tools and resources that can help you to fortify your business.

SMEs particularly vulnerable to ransomware attacks

Ransomware has emerged as an escalating threat for businesses globally. A prime example is the Russia-linked hacking group

Akira

, which has hit over 350 targets since March 2023, extorting an estimated US$42 million (S$57 million) from businesses. While it has struck major names such as Nissan and Stanford University, 80 per cent of its victims are SMEs.

SMEs are prime targets because they often lack cyber security resources. In Singapore, companies in the manufacturing and construction sector are especially vulnerable because their round-the-clock operations make it challenging to schedule system downtime for critical security updates.

The rise of Ransomware-as-a-Service (RaaS) adds to this complexity. In RaaS, cyber criminals create ready-made tools for others in exchange for a cut of the loot. This has lowered barriers to entry for aspiring attackers and made attacks harder to guard against.

The threat landscape is evolving rapidly. Ms Veronica Tan, director of the Safer Cyberspace Division at CSA, says: “Cyber criminals are using artificial intelligence to create even more convincing phishing emails, which, if successful, pave the way for ransomware attacks. It is thus more critical than ever to strengthen your cyber defences.”

Start building stronger cyber protection for your business 

Even as ransomware cases mount globally, many small businesses here remain ill-equipped to defend against these attacks.

A

CSA survey

revealed that two in three organisations have not fully implemented essential measures, a digital equivalent of installing an expensive security gate while leaving the window wide open.

The survey highlighted significant barriers to cyber security adoption. Nearly 60 per cent of organisations cited a lack of knowledge and experience as their main challenge, while 39 per cent struggled with insufficient manpower and resources. Almost one-third reported budget constraints as another issue.

Getting started with cyber security can feel daunting. But the cost of inaction far outweighs the investment in basic protection.

Companies can get started by using CSA’s

Cybersecurity Health Check

tool. This 10-minute assessment provides a snapshot of an organisation’s security posture compared with industry benchmarks.

For SMEs that lack in-house IT expertise, CSA’s CISO-as-a-Service (CISOaaS) scheme connects them with qualified consultants who can serve as their chief information security officers.

Says Ms Tan: “These experts perform cyber health “check-ups” and identify gaps in the SME’s cyber security implementation, which then helps them to close these gaps. Just like health screenings, prevention is better than cure.”

Cost should not be a barrier to getting help. CSA offers up to 70 per cent co-funding for eligible SMEs to tap the CISOaaS scheme. This support helps businesses work towards achieving the Cyber Essentials mark, a national certification that signals strong cyber hygiene to partners and clients.

Companies can stay ahead of emerging threats by

signing up for alerts and advisories

from CSA’s Singapore Cyber Emergency Response Team (SingCERT) on the latest cyber security and scam threats. They can also check the

one-stop portal

co-developed by CSA and the Singapore Police Force. The portal provides updates on the latest ransomware trends and cyber security initiatives. In the event of an attack, it also offers immediate assistance, including access to decryption tools and recovery resources.

*The names of the organisations and individuals involved have been changed to safeguard their privacy.