Small- and medium-sized businesses (SMBs) are the backbone of the Singapore economy. Singaporean SMBs make up 99 percent of all Singapore companies and contribute to nearly half of the GDP while employing 70% of the workforce. Recognising the challenging global economic outlook for 2017, SMBs in Singapore are realizing the need to transform and adapt to slowing growth with technological change. With 42% of SMBs wishing for greater support for technological change, there is a need to consider the cybersecurity risks involved with digital transformation.

As more businesses increase productivity by digitising data, automating processes and offering services online, they become more susceptible to risks online. SMBs also have sensitive information from employees and customers, proprietary information about products, and they often are part of a global supply chain for other companies. Every business is a target, regardless of size, and none can afford to ignore the security of its IT infrastructure.

The SMB lots of assets, limited resources
SMBs may assume they have little to interest hackers and therefore put cyber security on the back burner. We know this isn’t true. Hospitals, for example, hold sensitive health information and have networked medical devices at risk. Unfortunately, some learned the hard way with episodes of ransomware disrupting business and damaging reputations.

It is not just a company’s own information and systems that are at risk. SMBs have been the channel in high-profile breaches that compromised millions of records. In Singapore, the Personal Data Protection Commission charged K Box Entertainment Group and its IT vendor for PDPA infringement in April 2013. Attackers use a weak link in the administrative accounts to gain extensive control over sensitive data and IT systems, which can cause chaos in every organisation. These accounts are often overlooked and therefore present a path of least resistance, and can be powerful weapons in the wrong hands.

Businesses today run on IT. This makes cyber security a business necessity as well as a technology requirement. A strong security program can not only protect a business’s assets, it can also give it a competitive advantage.

Although SMBs face the same cyber security challenges as large businesses, they often have fewer resources and little in-house expertise to address these challenges. This makes it important that they get the best return on their security investments by prioritizing the right things in their security programs.

The need to know
Cloud computing and hosted services can make advanced technology affordable, and SMBs often find it cost-effective to outsource many IT functions, including security. But at the end of the day, each business is still responsible for its own security. Owners and executives need to understand the basics of cyber security, know what their service providers are doing and what questions to ask of them.

Security needs will vary depending on circumstances. Each company must understand its attack surface—vulnerable areas in the IT environment that could breached to compromise systems—and the impact of each potential breach. By assessing the impact, vulnerabilities can be prioritized, so that the cyber security program focuses on the areas needed to manage risks.

The key to protecting an IT infrastructure is privileged accounts. These accounts, if compromised, can effectively turn an intruder into an insider, giving the attacker rights to move throughout the network, escalate privileges, change settings and configurations and access data. When allocating scarce cyber security resources, privileged accounts must be identified, assessed and prioritized.

A single standard for security
An SMB IT infrastructure may not be as complex as a global enterprise, but the benefits of a layered approach to cyber security applies to all. Additionally, there are documented best practices and basic cyber hygiene practices that should be followed.