The rise of cloud computing and the ubiquity of mobile computing have combined to put SMEs at risk of security and data breaches, as endpoints widen the attack surface.
Many businesses are unprepared for the growing sophistication of cybercriminals, nor for the high potential of errors among users in the face of a broader threat surface and the vastly higher number of vulnerabilities available for exploits.
From recent media reports, you should be aware that data breaches, business email compromise, phishing and ransomware are on the rise, and they have serious ramifications for businesses today. According to Trend Micro, nearly 60% of small companies go out of business following a hack and 71% of all cyber assaults occur at businesses with under 100 workers.
In a SolarWinds survey of 101 companies across Singapore and Hong Kong about their cybersecurity practices in 2019, it was reported that most cybersecurity breaches were due to malicious insider attacks and employee mistakes.
Malicious insider attacks are either due to disgruntled employees out to vent their anger or frustration, or greedy to benefit financially from stolen insider information.
However, the vast majority of breaches were a result of:
- Copying data to unsecured devices (38%)
- Accidentally exposing/deleting/corrupting/modifying critical data (45%)
- Poor password management or weak passwords (46%)
Similarly, a 2019 Chubb survey has found that over half the cyber incidents at SMEs were caused by known risks and 53% of these incidents were caused by employees. Most of the incidents were through the loss of company devices such as a USB drive or laptop and administrative or clerical errors.
According to a new global research report from Thales, which surveyed more than 3,000 IT and IT security practitioners, while 48% of corporate data is stored in the cloud, only 32% of organizations admit they employ a security-first approach to data storage in the cloud, and only 31% of organizations believe that protecting data in the cloud is their own responsibility.
SMEs, especially, tend to trust the security features provided ‘as is’ by public cloud providers.
The growing threat
The use of smartphones, tablets, notebook PCs, IoT and other mobile devices (including wearables) for business has become increasingly pervasive, while cloud computing has become the de facto technology infrastructure for most businesses today.
SMEs, in particular, find it extremely challenging to safeguard their important information, employees, customers and business partners from the increasingly sophisticated threats that exploit endpoints. Some key reasons include:
- Wider virtual networks. While it’s relatively straightforward protecting a company’s internal network infrastructure, endpoint devices that employees use to access company networks, apps and data ‘anytime, anywhere’ widen the scope of coverage and increases the challenge tremendously.
- More connected devices. Mobile devices are used more and more on a daily basis for business communications, financial transactions and applications. To protect against any device being the weakest link in the security chain, every single endpoint has to be secured.
- Sophisticated targeted threats. Some of the most worrying cyberthreats today target mobile apps, endpoint devices, and their users. They include ransomware, business email compromise and phishing attacks against unsuspecting end-users.
Safety in and out
You could have already invested in protecting your network and application infrastructure from hackers and other external bad actors. But it would be a waste not to consider protecting against insider threats, especially employee errors and – if working with partners, temp staff or freelancers – the inadvertent potential for user mistakes and theft.
What’s more, with Bring Your Own Device (BYOD) endpoint devices such as laptops, tablets and smartphones being used widely in and out of the office to access important business documents, customer data, applications, communication and financial transactions, it has become critical that these endpoints are properly secured.
Effective endpoint protection today requires multiple layers of security. But SMEs also require simplicity and cost is another major factor.
As part of its suite of cybersecurity solutions for SME, Singtel has made available 5 packages of the TrendMicro Endpoint Protection solutions to meet your specific security needs.
Worry-Free is an all-in-one cloud security solution made simple for SMEs to protect users and data.
Apex One is a great option for businesses seeking an alternative to traditional antivirus software or complicated next-gen deployments. It provides a breadth of capabilities delivered via a single agent, with consistency across SaaS deployments.
Together, Worry-Free and Apex One afford you the ability to select a package that meets your endpoint cybersecurity needs.
These endpoint security offerings are available to eligible SMEs with up to 70% subsidy under the Singapore government’s Productivity Solutions Grant (PSG). Application for the PSG can be made via the Business Grants Portal (BGP).