On 1 April 2022, Huawei and the Association of Information Security Professionals (AiSP) held a joint webinar session, themed “SMEs: Are you Cyber Safe”. This webinar session was supported by the Cyber Security Agency of Singapore (CSA).

This panel session moderated by Mr Dennis Chan, Country Cybersecurity and Privacy Officer of Huawei International, brought together a group of cybersecurity experts, including Ms Veronica Tan, Director, Safer Cyberspace, Cyber Security Agency of Singapore (CSA); Mr Johnny Kho, President of Association of Information Security Professionals (AiSP); Dr Liu Yang, Professor at Nanyang Technological University and Co-founder of Scantist; and Mr John Yong, Senior Advisor of Huawei International and Institute of Technology, and Board member of SATA CommHealth. The panelists shared their perspectives and recommendations on how SMEs can improve their cybersecurity posture to protect their businesses and employees.

The session covered the following topics:

1.1 What governments can do to raise awareness of cybersecurity of enterprises (SMEs)?

Speaker: Ms Veronica Tan, Director of Safer Cyberspace, Cyber Security Agency of Singapore (CSA)

In her speech, Ms Tan had shared that the government could play three roles: as a strategist, an enabler and an orchestrator. A good example of this is CSA’s recent launch of cybersecurity certification – Cyber Essentials and Cyber Trust marks – for organisations. With the push of the pandemic, many businesses have gone digital, increasing the risk of cyber incidents, making it paramount for SMEs to ensure that cybersecurity remains top of mind to manage risks.

“Over the past two years, the world has seen an increase in supply chain attacks. Organisations are now more aware, and raising concerns about potential attacks arising from third-party suppliers and partners. As such, Singapore’s cybersecurity certification creates a visible label for enterprises to demonstrate that they have put in place a set of cybersecurity practices and are in a way, “cyber safe”,” said Ms Tan.

This certification programme will help businesses to change the way cybersecurity is thought of, making it a competitive edge instead of a compliance cost.

1.2 How does industry associations raise awareness of cybersecurity of enterprises (SMEs)?

Speaker: Mr Johnny Kho, President of Association of Information Security Professionals (AiSP)

“Rapid digitalization has increased the demand for cybersecurity. An industry associations’ key priority is to create awareness about cybersecurity, to work with its members not only to stay aligned but also to better the cybersecurity strategies being implemented, which will in turn, enable the larger ecosystem,” said Mr Kho.

Safer Cyberspace initiatives have allowed us to see more complete cycles where vendors are coming up with solutions and even accreditation like the trust mark, where one can assess how cyber safe one is. From an association’s perspective, as part of the larger ecosystem, we are doing the outreach for members and, at the same time, connecting the vendors and government agencies, providing a centre where SMEs can benefit; ultimately forming a bridge between the government and the respective market segments.

1.3 How SMEs can kickstart the cybersecurity journey

Speaker: Dr Liu Yang, Professor at NTU and Co-founder of Scantist

“The more we embrace digital, the more cybersecurity efforts are needed, which is especially relevant during this pandemic as more enterprises have shifted online. However, looking at cybersecurity, we have seen that the battle has already shifted from the traditional network and infrastructure security to application security as most SMEs/companies are moving their solutions to the cloud – this makes it crucial for SMEs to ensure that applications running on top of the cloud are secure,” said Dr Liu.

Most applications work by leveraging open-source components in their code. Based on statistics, approximately 99% of these applications use open-source code components, with 60% to 90% of the code being open-source. This means that most of the code in such applications can be readily found online. The real challenge that SMEs may face when dealing with such vulnerabilities is a lack of the right resources or a lack of a large/sufficient budget dedicated to the cybersecurity segment of the business – this is where collaboration comes into play.

1.4 What do SMEs really need

Speaker: Mr John Yong, Senior Advisor of Huawei International and Institute of Technology, and Board member of SATA CommHealth

Small-medium enterprises often question if cyber risk applies to them. Over the past year, two-fifths of SMEs were impacted by cybersecurity issues while three-fifths of SMEs were unaware of these issues. While recognizing and rectifying these risks are difficult, SMEs need guidance to understand how to address these situations and how these risks could impact their business. Today, with multiple free resources available online, there is no excuse for SMEs to ignore the reality of cyber risks.

“Another challenge faced by SMEs is the resources and budgets needed to mitigate these cyber risks. They need to allocate a percentage of their budget for cybersecurity. Given deeply the digital landscape depends on IT, no less than 10% of the IT budget should be spent on cybersecurity. SMEs should also look at various vendors which are trust marked and investigate whether these trusted vendors have the competencies to deal with data protection and cybersecurity protection,” said Mr Yong.

Today, more businesses are leveraging the cloud. For SMEs, it helps to find a cloud service provider that is certified with cyber trust marks. While many cloud providers now offer affordable, reliable and safe options, SMEs need to seek the right partner that is the most suitable for their business needs.