Global cybersecurity firm, Kaspersky, has reported a 5.9% reduction in web-based threats detected in Singapore for 2023, marking the third consecutive annual drop. Over the course of the year, Kaspersky's security infrastructure, the Kaspersky Security Network (KSN), detected 5,844,634 different web-based threats, a decrease from 6,209,235 in 2022 and 6,776,569 in 2021.
The KSN is a complex, globally distributed structure that processes cybersecurity-related data from millions of participants who have installed Kaspersky's software and voluntarily shared information. The major types of web-based threats which affect people and computer systems include tactics like phishing and exploiting browser vulnerabilities or infected plugins. According to the Singapore Police Force's Annual Scams and Cybercrime Brief 2023, these types of social engineering scams and phishing constituted the top five scam types in 2023.
Interestingly, the reduction in web threats has been coupled with a rise in their complexity and sophistication. The number of users under attack has seen a significant upturn. In 2023, 30.7% of users were targeted, a stark contrast to the 26.5% in 2022 and 21.7% in 2021. These attacks weighed heavily on Singaporeans' finances, with losses mounting up to $651.8 million for scams in 2023 alone.
As the region faces growing cyber threats boosted by advancements in artificial intelligence, Kaspersky advocates for stronger private-public partnerships, proactive policies, and regional collaboration as strategies for improving cyber resilience in Singapore and beyond. On this note, the recent inauguration of the ASEAN Regional Computer Emergency Response Team (CERT) is a significant milestone. The team is expected to enhance information sharing concerning cyber incident responses and support the efforts of individual country CERTS within ASEAN.
In a move to further strengthen cybersecurity, Singapore introduced the Online Criminal Harms Act on 1st February 2024. This law allows for swifter action in reducing users' exposure to online criminal activities. In addition, the Cyber Security Association of Singapore has also recommended that the Safe App Standard be implemented, setting out best practices for app developers and businesses to protect their users from malicious actors exploiting weaknesses in app design.
Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky, emphasised the continued presence of cyber threats saying, "Cybercriminals will innovate to find new ways to exploit their victims. On our part, vigilance and cyber hygiene are key. We must be updated about the latest scam tactics deployed and must be knowledgeable about the proactive strategies one can adopt." He lauded local banks for providing an added level of security through advanced mechanisms, such as the money lock feature safeguarding customers' savings.
For maximum online safety, Kaspersky advises users against downloading and installing applications from unverified sources, clicking on unfamiliar links or suspicious online advertisements. The company also recommends the creation of unique, strong passwords, including a mix of upper and lower case letters, numbers, and punctuation. Updating the software regularly, activating two-factor authentication, ignoring messages that request disabling security systems and using a robust cybersecurity solution appropriate to the individual's system type and devices are also advised for maintaining online security.
Kaspersky advises organisations to keep software up-to-date across all devices, while using strong passwords and multi-factor identification for remote service access. To protect against known and unknown threats, the implementation of endpoint cybersecurity solution for businesses is recommended, supported by cutting-edge threat detection and response products. This helps a timely discovery and remediation of even new and evasive threats. Lastly, Kaspersky advises organisations to utilise the latest threat intelligence information to empower their security experts.