By Dennis Chung, Chief Security Officer, Microsoft Singapore
The threat of ransomware across the globe has increased exponentially as businesses and governments digitalize. According to a report from Singapore’s Counter Ransomware Task Force, ransomware is one of the biggest cybersecurity concerns for businesses here. Globally, the number of estimated password attacks per second increased by 74% in the last year alone according to the Microsoft Digital Defense Report. This growing ransomware threat has become a pressing concern for many of the world’s digitally connected nations, including Singapore.
In the past year, threat actors continued to take advantage of vulnerabilities exposed during the pandemic and exacerbated by the subsequent shift to flexible hybrid work environments.
As we embrace a truly hybrid world that reimagines work culture, workplace, and workstyles, we must create a secure environment that enables everyone to work, play, and live safely despite the constantly changing security landscape. It’s a clear call to action for organizations to strengthen and maintain security measures to meet increasingly complex threats and keep their business and people safe.
The state of ransomware
Ransomware in 2023 will remain a threat to organizations all over the world. The emergence of Ransomware-as-a-Service (RaaS), which enables even the most inexperienced cybercriminal to deploy attacks without having any specialized knowledge of coding or hacking, has created an entire criminal ecosystem and enabled some high-profile attacks that we’ve seen in recent years.
In the past, ransomware attacks were sporadic, isolated, and had little impact, but now that cybercriminals have more resources and tools at their disposal, it is easier to launch coordinated attacks on businesses of all sizes. The number of ransomware cases in Singapore reached 137 in 2021, up 54% from 2020, according to the Cyber Security Agency (CSA), with SMBs from industries like manufacturing and IT suffering many of these attacks.
Implementing good cyber hygiene practices
As hybrid work becomes a way of life for many of us, we need to ensure that our digital footprint is secure, whether at home or at work. With nearly every aspect of our lives digitalized, from the way we travel to how we collaborate at work, every unsecured endpoint is a vulnerability that cybercriminals can exploit. By taking a proactive approach to strengthen security postures, businesses will be in a better position to counter modern threats across hybrid and multi-cloud environments.
There is an increasing sense of urgency to adopt a security culture and implement good cyber hygiene practices for greater resiliency, which can protect against 98% of attacks. These include applying zero trust principles, enabling multifactor authentication, using modern anti-malware, keeping your systems up to data and safe-guarding mission-critical data. To strengthen your security against ever-evolving cyber threats, it is important to be deliberate about who has privileged access to systems and to deploy modern security solutions.
Furthermore, early attack detection is essential. The outcome of a cyberattack is frequently predetermined long before the attack even starts. Attackers take advantage of weak environments to gain initial access, conduct surveillance and wreak havoc by lateral movement and encryption or exfiltration. Finally, we must also consider the human element as emphasized in Microsoft’s Digital Defense Report. With a worldwide shortage of security professionals, the private sector and governments alike must work together to address the shortage of security experts, and businesses must integrate security into their culture. In doing so, organizations can empower employees to become a line of defence against cyberattacks by reporting suspicious activity and preventing cybercriminals from using compromised credentials to access vital infrastructure.
Strengthening cyber resilience through public-private partnerships
Cybersecurity is a team sport, and overcoming the challenges posed by ransomware will require new levels of cooperation. Recognizing that the growing ransomware threat is a problem that transcends domains and borders, the Cyber Security Agency of Singapore (CSA) established an Inter-agency Counter Ransomware Taskforce in 2022 to foster stronger public-private collaborations in counter-ransomware efforts.
As an Advocate Partner in CSA’s SG Cyber Safe Partnership Programme, Microsoft is empowering companies with sound cyber hygiene practices and solutions to defend against attacks through deeper partnerships across public and private sectors.
Microsoft released security solutions and advice earlier this year to make it simpler for Singapore SMEs to meet the certification requirements of the CSA’s Cyber Essentials mark. Microsoft received an All-Star Partner award from CSA at the Singapore International Cyber Week 2022 in recognition of the company’s long-standing dedication to making cybersecurity accessible to Singapore’s IT ecosystem.
At Microsoft, we are relentlessly bolstering our capabilities and technology to provide a safe digital experience for every person and organization as we continue to drive innovations to ensure our customers and partners have the cyber resiliency to respond to and counter ransomware threats.