There is an increased number of IT incidents worldwide. It is, therefore, essential for organisations to review their IT processes critically, identify IT risks, and manage them appropriately to avoid negative impact on their businesses.

 

Falling prey to attacks that exploit human weaknesses

Recently, customers of major local banks lost over S$13 million due to phishing attacks. Victims received fake SMS sent via official account that urged them to respond to a banking account issue by clicking a phishing link. Unsuspecting individuals ended up disclosing their account credentials where fraudsters used them to transfer money from the victims’ accounts.

Fraudsters managed to trick victims by exploiting human weaknesses. These phishing attacks were well thought through, using legitimate SMS channels with a sense of urgency as a means to manipulate the victims into disclosing their personal information.    

The key lies in human habit and awareness. Individuals and organisations need to be aware of latest cyber threats and practise good cyber hygiene. In addition, organisations should ensure their people do not fall for such traps, be it phishing attacks or ransomware attacks that may cause business disruptions, regulatory fines, and financial losses.

 

The trend continues

Singapore experienced an increase in ransomware incidents and online scams in 2020, according to Cyber Security Agency (CSA) of Singapore. As people worked remotely during the pandemic period, processes and systems vulnerabilities were exposed. Consequently, they became attractive targets to malicious exploitations. Additionally, in light of outsourcing and digitalisation trends, the increased reliance on IT vendors to supply crucial IT services also led to complacency when it comes to managing IT vendors’ access rights to organisations’ IT resources.

Organisations that do not assess and manage IT risks appropriately will be exposed to IT incidents that may cause monetary loss due to operational disruption, data breach, non-compliance with regulatory requirements, and reputational damage.

Some of the more prominent breaches observed in the past one year include:

The table showing the details of different cyber attack and its consequences

Figure 1: Examples of incidents over the past one year

 

What’s next?

Reliance on technology will continue to increase as technology advances and businesses evolve. Organisations should review their existing processes, identify potential risks, assess if they have taken sufficient measures to reduce those IT risks, and instil security as part of the business process and culture to prevent business disruptions. These include staying vigilant and be informed of the latest cyberattack development, updating policies and procedures, and raising awareness amongst employees.

The board and senior management are responsible for IT governance. Their support cannot be overlooked, as the consequences of negligence and laxity could be potentially dire.

 

We help our customer through security awareness training, policy and procedure formation, risk assessment and backup and disaster

Figure 2: How we helped our clients

To find out how our team can assist you in technology risk matters, please consult our specialists:

Adrian Tan  
Partner & Industry Lead, Technology, Media & Telecommunications  
T: +65 6594 7876  
[email protected]

Hoi Wai Khin, Partner & Deputy Industry Lead, Technology, Media & Telecommunications Practice 
T +65 6594 7880 
[email protected]