Better Cyber Safe Than Sorry: Don’t Wait till You’re Hacked

Better Cyber Safe
Than Sorry:

Don’t Wait till You’re Hacked

ArmourHacks

Home » Blog » ArmourHacks » Better Cyber Safe Than Sorry: Don’t Wait till You’re Hacked

Better cyber safe than sorry: Don’t wait till you’re hacked

Table of content :

 

2018 was not a good year for Singapore.

In Singapore’s worst cyber attack, unidentified hackers infiltrated the databases of SingHealth, the nation’s largest group of healthcare institutions. Personal particulars of 1.5 million patients, including the outpatient prescriptions of Prime Minister Lee Hsien Loong and a few ministers, were compromised and stolen.

A post-mortem of the incident revealed what most of us already expected: vulnerabilities in the system, coupled with human lapses by irresponsible senior executives, resulted in the unfortunate breach of the healthcare group’s database.

Notably, the Citrix servers to which the SingHealth database was linked were not adequately secured against unauthorised access using 2-factor authentication. Even the most basic security measure, strong administrator passwords, were discovered to be not up to standard after the fact.

The 454-page report released by the investigation committee found weaknesses and misconfiguration issues throughout the entire network. Most damning of all was the fact that a number of these vulnerabilities were already discovered during a 2017 pen test which identified the problem of weak administrator account passwords and strongly recommended a need for network segmentation. Yet, their advice fell on deaf ears.

What does this mean for businesses?

“A cyber breach is a matter of when not if.” This is the forewarning given by researchers who wrote The Singapore Cybersecurity Report 2021, published by The Cyber Security Agency of Singapore (CSA) in October last year.

The report spotlighted an uncomfortable truth that Singapore must contend with as we continue to exploit benefits offered by the digital world; cybersecurity and digitalisation are two sides of the same coin. As we gradually move our activities and business operations online, we also expose ourselves to bigger threats in cyberspace.

And it’s not just state institutions that have to be wary of data leaks and cyberthreats. Businesses and non-governmental organisations alike have also been primary targets of cybersecurity attacks over the past decade.

Along with the rise of worldwide connectivity and the acceleration of digital services, local companies now find themselves in precarious positions where their digital processes become increasingly vulnerable to cyberattacks across geographic borders.

In particular, the number of recorded ransomware attacks in Singapore increased by 154 per cent in 2020. Small and medium-sized enterprises (SMEs) in various industries, including manufacturing, retail, and healthcare, were primarily impacted.

In many of the attacks, the property most valuable to these small businesses, customer database, intellectual property, and source code, were repeatedly compromised and used as ransomware bait.

What is wrong with current cybersecurity systems?

If you’ve ever had to connect to your company’s virtual private network (VPN), you would understand the struggle as a daily user of a centralised network. Traditional cybersecurity services require on-premise infrastructure to support their operation.

Because of this centralisation of security, traffic for all remote and off-network users, ever more applicable now since the transition to remote or hybrid work arrangements, have to be rerouted back to the workplace or a centralised data centre through a complex security protocol. This results in slow connection and an overall bad user experience for all employees.

Furthermore, traditional in-house infrastructure is extremely costly. It includes servers or appliances with databases, software and licences, utility functions and maintenance fees.

All these can add up to a sizable amount for a small company that wants to prevent hacking and conduct routine security checks from time to time.

Armour yourself with Security-as-a-Service (SECaaS)

SECaaS can be understood as a cloud-powered model for outsourcing cybersecurity services. Strictly speaking, SECaaS is not a new service in cybersecurity. 

In recent years, organisations have increasingly turned to SECaaS to ease the burden on internal security teams and reduce the cost of organising an internal security team. 

ArmourZero is revolutionising the cybersecurity space with its cloud setup and flexible subscription model. Future add-ons or new subscriptions in different security categories. 

In addition to its flexible design, the company has self-powered automation and rapid response to threats, 24/7 security alerts, and monitoring of events through its operations centre security  (SOC). All of this is under the supervision of certified security experts working with the latest and most advanced technologies available. 

SaaS and SECaaS Comparison on-premise

A leader in the one-stop cybersecurity orchestration platform, ArmourZero offers a suite of essential SECaaS services for all businesses: 

  • Endpoint antivirus
  • Endpoint next-gen antivirus
  • Endpoint protection with EDR
  • Endpoint protection with EDR and threat intelligence
  • Patch management
  • Email protection
  • Web protection

Armed with these impressive services, businesses can join an expanding network of modern technologies, people, knowledge, and processes to enhance existing security measures. ArmourZero currently provides a 1-year free limited promotion for Endpoint Protection with EDR service that you can get from here.

The consequences of inaction

As Singapore strives toward its vision of becoming a smart nation, cybersecurity must also keep pace to ensure the safety of all users and businesses. The ongoing pandemic has also taught us a valuable lesson in prevention and protection; only with low-cost vaccination can we ensure that we are adequately protected against the ever-evolving virus.

With this safety net, the threat becomes far from dangerous even when infected with different virus variants.

The age-old adage, better safe than sorry, rings particularly true in cybersecurity. Don’t be the one to regret only after something bad has happened. By then, it will already be too late.

 

*This article has been published on e27.co on 5 Apr, 2022 

Deon Tan

Written by: 

Deon Tan, a freelance writer and researcher living in Singapore, cover exciting stories in the tech community.



Share this post



Leave a Comment

Related Posts

Social Engineering Attacks Explanation

What is Social Engineering? How Does it Work?

What is Social Engineering and How Does it Work? Find out more about social engineering attack and how to defend it in this article written by Muhammad Hazim.

Read more

The Scam, The Scammer and The Scammed

If you think you aren’t at risk of being scammed, then you’re likely at risk of being a victim. Learn more from ArmourZero’s mentor and expert Eugene Chung.

Read more

Nur Atiqah

Nur Atiqah – Goal-oriented Shero Who Ensures Security

Nur Atiqah, Lead of Service Assurance at CSP Global Technologies, shares her story and journey as a woman in tech from a cybersecurity engineer perspective.

Read more