More than a third of Singapore’s small and medium enterprises (SMEs) were hit by ransomware attacks in the past year, with many of them having to cease operations to fix the cyber security issue, according to a study released today.
Thirty-five per cent of the country’s SMEs fell victim to the increasingly common cyber threats, revealed cyber security vendor Malwarebytes, which commissioned a study of more than 1,000 such companies across Singapore, France, Britain, Germany, Australia, and North America.
While large businesses and governments have often been the target of attacks in the past, the survey shows that the impact is growing wider as hackers begin expanding their reach.
Among the SMEs affected in Singapore, 21 per cent had to shut down their operations, while 11 per cent lost revenue as a result. Downtime can range from 25 hours for some organisations to as much as 100 hours, as users get locked out of their PCs and files by the hackers.
Fortunately for them, unlike the much larger sums demanded of high-profile victims, Singapore SMEs are often only held to relatively small ransoms – mostly less than US$1,000 and with sums of more than US$10,000 a rarity, according to the study.
With rising awareness, most organisations believe the issue should be of top priority. However, they still lack confidence in their ability to deal with it, according to Malwarebytes.
Of the Singapore SMEs surveyed, 73 per cent place a high or very high priority on fixing the ransomware problem. Despite these investments, nearly half of the organisations surveyed expressed little to only moderate confidence in their ability to stop a ransomware attack.
For many, the source of ransomware is unknown and infections spread quickly. For 30 per cent of organisations in Singapore that suffered a ransomware infection, decision makers could not identify how the endpoint became infected.
Notably, more than 20 per cent of ransomware infections spread to other devices. That means SMEs, often known to be slow adopters in technology in the country, could end up helping the malicious code spread.
If they have their customers’ personal data exposed as a result, they also face the double whammy of a possible fine from the authorities.
“It’s clear from these findings that there is widespread awareness of the threat of ransomware among businesses, but many are not yet confident in their ability to deal with it,” said Jeff Hurmuses, managing director for Asia-Pacific at Malwarebytes.