‘Small Businesses Need to Develop Proactive Mindset to Combat Phishing Attacks’

By Radhika Wijesekera –

The phishing plague saw a sharp rise last year. As AI opens doors to possibilities beyond imagination, it also leaves them ajar for cybersecurity threats. And most firms are struggling to defend themselves. It is a digital war, and most startups and SMEs are fighting with sticks and stones, in the hopes that it’ll be enough to protect themselves.

In an exclusive conversation with AsiaBizToday, Singapore-based Managed Security Service Provider (MSSP) ONESECURE’s founder Edmund How shared his insights into the very real threats that every organisation faces today with data security, and what companies like his can do to help. Edmund has worked with over 100 SMEs and large-scaled enterprises believes that cyber protection does not have to be a tall order, and there are basic measures that SMEs can adopt to safeguard their businesses:

AI is fast becoming a central part of many aspects of the daily lives of everyone, every business and every office. It opens doors to possibilities beyond imagination. At the same time, the ever-evolving nature of AI has made cyberattacks more complex by enabling attackers to conduct more sophisticated and targeted attacks. AI-powered tools can help attackers to identify patterns and exploit vulnerabilities in business software and systems defences. They are able to adapt and manipulate the weaknesses of an organisation’s defences and evade detection by security systems. Beyond that, they are also able to quickly analyse the tools or techniques of the attackers to combat incoming attacks.

While many cybersecurity tools have harnessed AI to defend and respond to advanced cyber threats, cyber teams must still harness human intuition to strategise, and build the cybersecurity stack that minimises their organisation’s cyber risks.

In this new frontier of digital warfare, it is essential for companies to stay ahead of the curve and continuously update their products and services. This is where Managed Security Service Providers (MSSPs) such as ONESECURE come in.

In a world where every click can be a potential trap and every online interaction a doorway to danger, no nation is insulated from the looming spectre of cyber threats. The vast web that has been woven isn’t just about connecting; it’s also about exposing vulnerabilities. However, those countries with a larger population are assumed to be slower to adapt to the fast-changing risks due to the difficulty in communicating the nuances of cybersecurity measures to the masses.

Since smaller businesses generally operate with smaller IT budgets and limited manpower resources, they are at a bigger risk of cyberattacks. They are perceived as easy prey, also due to their perceived tendency to use outdated software that is riddled with exploitable vulnerabilities. One in five small to medium businesses fall victim to digital predators annually. While the rewards for hacking smaller enterprises might not match the potential bounties of larger corporations, the ease of access makes them attractive targets. This underscores a universal truth: irrespective of an organisation’s scale, a robust investment in cybersecurity isn’t just advisable—it’s imperative.

In such a backdrop, it is important to be a sceptic. But mere cautionary tales of what could happen in a phishing attack isn’t always enough. Simulated phishing attacks, modular cybersecurity courses covering all aspects of potential attacks, and online workshops to identify fraudulent emails and tackle breaches should be included as part of a hands-on training for employees. Phishing is the most common cyberattack technique and it attacks in the most inconspicuous ways. As such, it is important for employees to cultivate a sentiment of doubt and scepticism towards emails and website links – checking every suspicious email and every link to ensure that they are not malicious. Rather than accepting the narrative that one’s defences are robust and unbreakable, in-house cybersecurity teams should also be able to detect every suspicious domain that looks similar to the company’s domain to be proactive in the combat against phishing attacks.

Furthermore, every staff member, regardless of their official role, stands as a pivotal pillar in the cybersecurity fortress. They often represent the frontlines, the initial bulwark against the relentless tide of cyber threats. As such, in terms of cadence, it is vital to conduct staff training at least once every quarter. When a training is repeated over time, the team is kept abreast of the latest cyber narratives and defence protocols, and the brain creates a long-term memory to check every email that looks suspicious.

For organisations that do not have the luxury of an in-house cybersecurity team, Managed Security Solutions Provider (MSSPs) like ONESECURE offer a team of highly trained specialists who are able to work round the clock to meticulously scrutinise content alterations on the URLs monitored and flag out any anomalies or disruptions. This helps organisations ensure that they are always a stride ahead of cyber adversaries.

Cyber insurance is gaining traction among businesses today to provide protection from financial losses resulting from financial attacks – including data breaches, and other forms of cybercrimes, depending on coverage. It helps to cover costs associated with notification, credit monitoring, legal fees, and other expenses resulting from a cyber-incident. Today, 43% of cyberattacks are done on small businesses, which results in an average loss of $ 25,000 to ransomware and phishing attacks. In reality though, only 26% of Singapore’s SMEs today have cybersecurity insurance that helps them bounce back from attacks.

Cybercrimes are getting sophisticated; defences need to be made stronger to match these. This means having access to advanced threat-detection accuracy with AI and updated security protocols to combat evolving cloud threats. But not every company has the resources to build or fund a robust cybersecurity team. Which is why Managed Security Service Providers (MSSPs) like ONESECURE are crucial to bridging the current talent gap.

MSSPs can play a vital role in the cybersecurity landscape by providing organisations with comprehensive security solutions tailored to their specific needs. Being based in Singapore and focused on the Asian region for instance, ONESECURE offers several advantages, including regional expertise, cultural understanding, proximity to clients and Singapore’s strong cybersecurity ecosystem.

As the cybersecurity landscape continues to evolve, MSSPs like ONESECURE will play an increasingly important role in helping organisations in the Asia-Pacific region stay ahead of emerging threats and safeguard their valuable data and systems.