SINGAPORE: Singapore has the doubtful honour of rating No. 6 on the planet for having the most databases exposed to the Web final 12 months which hackers might simply breach and exploit.
The number of such prone databases right here was additionally discovered to have grown steadily all year long with elevated digitalisation through the pandemic, based on the examine launched on Wednesday (April 27) by cybersecurity agency Group-IB.
This means that whereas many organisations went digital throughout Covid-19, database safety won’t have stored up.
ALSO READ: Practise good cyber hygiene habits to thwart hackers, scammers and other malicious parties
The United States took prime spot with near 93,700 exposed databases discovered, adopted by China with practically 54,800. Germany was a distant third with nearly 11,200 databases. Sixth-placed Singapore had nearly 5,900.
Globally, 308,000 databases detected final 12 months have been doubtlessly open to hackers.
This comes at a time when cyber threats right here have grown. A Cyber Security Agency of Singapore report final July confirmed that “zombie” gadgets linked to the Internet and contaminated with malware that enables hackers to manage them and launch cyberattacks, trebled in numbers right here through the pandemic.
ALSO READ: Cybersecurity in an interconnected world
Under Singapore’s Personal Data Protection Act, an organization could be fined as much as S$1mil for a knowledge breach. But from Oct 1, this will be raised to a most of 10% of the corporate’s annual turnover in Singapore or S$1mil, whichever is increased.
Databases opened to hackers are a priority.
“When an exposed database gets accessed by an unauthorised malicious party, the consequences can range from a data breach to a subsequent follow-up attack on the employees or customers whose information was left unsecured,” stated Tim Bobak, Group-IB’s assault floor administration product lead. Group-IB is one of Interpol’s official companions and has labored with its cybercrime group.
Bobak stated that Singapore’s number of databases is discovered to be increased than different territories and this may merely mirror the truth that it’s a extremely developed space that hosts a bigger number of info know-how belongings.
“Another reason might be the high level of digitalisation in Singapore,” he stated.
Freddy Tan, an govt committee member of the Association of Information Security Professionals (AiSP), stated {that a} lack of consciousness of knowledge safety and safety amongst organisations right here might be a contributing issue as effectively.
“If you look at economies like Australia, they have a longstanding culture around data privacy. But we don’t have such a long history on data protection,” stated Tan, who can also be managing director of cybersecurity agency Epic Cybersecurity.
He added that the main target of cybersecurity professionals and administration in lots of organisations right here is on infrastructure safety – resembling having firewalls and anti-virus software program – however not knowledge safety.
Group-IB had scanned the 4 most well-liked and generally used database administration programs globally between the primary quarter of final 12 months and the second quarter of this 12 months. The scan didn’t accumulate and analyse the content material of any exposed databases discovered and it was not clear which organisations the databases belonged to.
Some of the databases discovered might be publicly accessed with out even needing a username and password.
In different instances, the databases may be protected by passwords. But Bobak stated passwords alone usually are not sufficient as they are often breached utilizing lists of stolen passwords or just “brute forced” – utilizing software program to guess the passwords by trial and error.
In Singapore, the number of exposed databases found grew pretty often, at round 1,500 databases each three months after the primary quarter of final 12 months.
There have been 1,239 exposed databases found within the first quarter of final 12 months. By the fourth quarter of 2021, the determine had grown to five,882. The number jumped by nearly 2,000 to hit 7,873 within the first quarter of this 12 months.
Bobak stated that as extra organisations go forward with their digital transformation plans, there are an increasing number of Internet-facing companies and gadgets day-after-day.
“Corporate networks keep getting more complex and extended. This leads to an increase in the total number of misconfigured databases,” he stated.
The primary trigger of not configuring databases correctly right here is probably going human error and a failure to comply with cybersecurity practices.
“Information technology infrastructure is growing in both size and complexity for businesses in virtually all industries, so it’s challenging to make sure everything is properly configured and secured,” stated Bobak, noting that easy errors can result in misconfigurations and thus exposed databases.
In Singapore, the common time it took to patch an exposed database within the first quarter of 2021 was 160 days, in contrast with 170.2 days globally.
It then hovered between 125 and 135 days for the following three quarters, in contrast with between 112 and 147 days globally.
Bobak stated a number of components might contribute to the variations within the time wanted to repair databases right here.
The accelerating tempo of digitalisation might imply corporations had extra belongings to handle. Cybersecurity groups can also be dealing with ability shortages and restricted budgets, at the same time as their workloads enhance, with the pandemic disrupting workplaces and enterprise processes, he stated.
Group-IB stated discovering points with high-risk digital belongings like databases in a well timed method is essential as a result of cyber criminals are fast in recognizing alternatives to steal delicate info or creep additional right into a community they’ve infiltrated.
The expertise scarcity right here won’t be as nice as in different nations. AiSP’s Tan stated that there’s one licensed info safety skilled for each 2,000 folks in Singapore.
Compared with one other superior digital economic system like Australia, there’s one such skilled for each 8,000 folks.
To assist stop database publicity whereas organisations’ networks develop, Bobak stated it was vital for them to have a whole and up to date checklist of their digital belongings, in addition to use instruments to assist handle them.
They must also use inner digital non-public networks in order that servers with databases could be hidden from the Internet.
Workers shouldn’t be allowed to make use of a system’s unique log-in particulars, or use “admin” because the username and password. They should use strong passwords, like these no less than 12 characters lengthy. Additional methods to confirm a person’s identification must be in place too. – The Straits Times (Singapore)/Asia News Network
