kirill_makarov - Fotolia
Singapore-listed companies ranked third globally in average cyber exposure, with 60% of them having little or no exposure to cyber threats, according to a cyber exposure index (CEI).
Developed by Kinkayo, a Singapore-based cyber intelligence company, the CEI assessed listed companies through data collected from publicly available sources, such as the dark and deep web, and from data breaches.
The data is then used to identify signs of sensitive disclosure, exposed credentials and hacker group activities against companies.
The greater the amount of uncovered data for a company, the higher the risk and, therefore, the higher the CEI score. Companies evaluated were given a score from 0 to 5, with 0 equating to no exposure and 5 given to the most exposed companies, based on identified exposure, from September 2016 to September 2017.
Globally, 40% of listed companies, on average, have little or no exposure to cyber threats. Other markets covered in the CEI include Australia, Finland, France, Germany, Hong Kong, Indonesia, Malaysia, South Africa, Sweden and the UK.
The top-ranked markets in the index were Hong Kong and Australia, where 74% and 69% of listed companies respectively had little or no exposure to cyber threats. Both earned a CEI score of 1, lower than Singapore’s score of 1.2.
“As businesses leverage technology to become more digitalised, they will be challenged with new risks and threats,” said Mikko Niemelä, president and CEO of Kinkayo.
“The reliance on the internet – the perfect breeding ground for a host of cyber threats – opens doors to vulnerabilities. Companies must employ a proactive and transparent approach to identify these loopholes within their organisations.”
Niemelä added that with six in 10 listed companies in Singapore having done their due diligence to boost their cyber defences, such as understanding where critical information is stored, from where is it leaking and how it is exposed, the impact of a cyber attack can be greatly mitigated. “This is commendable and a right step towards building a transparent business environment,” he said.
M&A data, manufacturing firms at risk
According to Kinkayo, the types of company information most at risk is that of mergers and acquisitions (M&A), databases, intellectual property, registers and business and project plans.
The company also identified manufacturing and industrial firms as having the biggest exposure to cyber threats.
“As there are more companies overall in this sector, it is expected that a large portion of exposure is in these industries. In addition, many companies in manufacturing may not have adequate security IT investment as compared to financial services or healthcare industries,” said Niemelä.
While Singapore-listed companies did well in the CEI, a separate study by Check Point Software revealed that Singapore had become the world’s top launch pad for cyber attacks.
Read more about cyber security in ASEAN
- A former Unit 8200 captain from the Israel Defense Forces shares what Singapore can learn from Israel’s approach to cyber security.
- Even as Southeast Asia works towards coordinating cyber security strategies, more needs to be done to establish cyber norms.
- Companies of all sizes may find themselves faced with highly capable state-sponsored cyber attacks, but steps can be taken to shore up defences.
- Outsourcing IT security to a third party can improve an organisation’s cyber security posture, but in-house capabilities, such as drawing up security blueprints and strategies, should still be retained.
In response to the study, the Cyber Security Agency (CSA) had said that Singapore’s position as a commercial hub with good connectivity makes the country an attractive target for cyber criminals.
The CSA had also called for organisations to maintain high cyber security standards and take necessary measures to protect their systems and data.
The Singapore government is expected to introduce a cyber security bill in parliament next year that will require owners of critical information infrastructure to secure their systems. The bill will also facilitate information sharing, and empower the CSA and industry regulators to work closely with affected parties to resolve cyber security incidents.