Small and Medium-Sized Enterprises

Published on 01 Feb 2019

Updated on 08 Oct 2019

CyberSense is a monthly bulletin by CSA that spotlights salient cybersecurity topics, trends and technologies, based on curated articles and commentaries. CSA provides periodic updates to these bulletins when there are new developments.


No business is immune to cyber-attacks. As more SMEs go digital, they may find themselves exposed to the ever-growing cyber threats, such as phishing attacks, defacements, and ransomware.

In the “Singapore Cyber Landscape 2017” publication, it was reported that 2,040 website defacements were detected in Singapore, with the majority being websites of SMEs from a range of businesses such as interior design and manufacturing. Many of the cases reported to SingCERT by SMEs involved phishing, ransomware and business e-mail scams. A reason cyber criminals may attack SMEs is because they are seen as a means of getting to larger corporations, to which SMEs are suppliers.

Despite the rising threat of cyber-attacks, awareness of such threats remain low among SMEs. However, as they go digital, it is important that SMEs factor in cyber-attacks as a business risk to prepare for. In Singapore, the Government has been looking into ways to level up the cybersecurity posture of our SMEs. CSA has worked closely with Trade Associations and Chambers (TACs) to help their members tap grants and resources to adopt cybersecurity measures and develop cyber security capabilities. CSA is also working with the Infocomm Media Development Authority (IMDA) to incorporate cyber security in the SMEs Go Digital Programme. For instance, the SME Digital Tech Hub provides specialist technology advice to assist SMEs on their cyber security needs.


CSA reaches out to SMEs to provide advisories on how to pre-empt and prevent cyber incidents. Businesses can sign up for alerts at and seek help from SingCERT if they encounter cyber security incidents.



Local SME, Nuts n Co, was hit by ransomware in 2017 just as it was submitting critical financial information to the authorities. Owner Jasmond Heng, said that a message appeared on his computer asking for payment in the form of BitCoin. He chose not to pay as there was no certainty the information could be recovered. The attack resulted in the company’s entire accounting system being locked up, including the back-up files as they were attached to the affected computer.  After the episode, Mr Heng installed an anti-virus software and firewall that offered better protection.

SMEs are especially vulnerable to ransomware and other cyber threats, because they may not invest nor have the resources of the bigger companies.  This is despite the availability of solutions for SMEs, to minimise their risks to cyber-attacks.

In a study by Osterman Research, an IT research company, it found that one in three Singapore SMEs are hit by ransomware. About 20 per cent of these affected companies even having to shut down as a result, the study noted.

The British Chamber of Commerce (BCC) observed a similar landscape in the UK, where it found that one in five businesses there had been a victim of cyber-attack over the past 12 months. The BCC noted that only small numbers are taking steps to protect themselves.

Read on by clicking on the stories below:


Through “SMEs Go Digital” programme, the Info-communications Media Development Authority (IMDA) aims to progressively raise the standards of the pre-approved digital solutions, to help SMEs grow in the digital economy.

IMDA said that pre-approved digital solutions are evaluated on criteria such as functionalities that meet SMEs’ requirements, ease of use, and affordability. Digital capabilities such as cybersecurity, data protection, data analytics, interoperability, and compliance to standards will be gradually included in the programme. The Association of Small and Medium Enterprises (ASME) has been appointed to operate the SME Digital Tech Hub, to provide specialist digital technology advisory to SMEs with more advanced digital needs, such as data analytics and cybersecurity.

Read on by clicking on the story below:


SMEs embrace technology and innovation to further their business, but may not have the resources or dedicated cybersecurity team to protect themselves against cyber-attacks, data breaches and hackers.

A study by Barclaycard in the UK showed that three types of cyber-attacks SMEs commonly faced are malware, invoice fraud, and cheque overpayment fraud.

Another type of cyber threat that SMEs face is phishing attacks, especially spear-phishing e-mails. Such e-mails are carefully crafted and targeted, often appearing to come from a known sender. The report noted that hackers now even employ professional translators, designers, and other experts to vet their oft misspelled or oddly-worded e-mails, to appear even more legitimate to their recipients.

Read on by clicking on the stories below:



Crimewatch (2013 / 2014):  Technology lets us access information anytime and anywhere. However, we cannot underestimate the growing variety and sophistication of cyber security threats. Crimewatch, produced by the National Crime Prevention Council and Singapore Police Force, aired an episode in 2014, informing views how criminal activities could target users of social media, Internet banking, and mobile devices. Viewers also learn about cyber-crime prevention from experts.

The 2014 episode can be viewed here.


In another Crimewatch episode in 2015, it featured Singapore’s encounter with a series of cyber-attacks allegedly committed by the hacktivist organisation “Anonymous”.  One person with an online name, “The Messiah”, claimed responsibility for the attacks. This episode showed how the officers from the Police Technology Crime Investigation Branch of the CID pursued the case, and eventually arrested the hacker.


SOURCES INCLUDE: Business Computing World, Channel NewsAsia, Computer Weekly, Forbes, Marketing-Interactive, Singapore Police Force, and The Telegraph.