Key learnings from high profile corporate website attacks

A recent spate of cyber-attacks against high profile organisations around the world, including in Singapore, has heightened fears that organisations are losing ground in the ongoing war against cyber criminals.

FacebookTwitterLinkedIn
Key learnings from high profile corporate website attacks

Business benefits-at-a-glance

  • Recent high profile cyber-attacks affecting people around the world have raised fears that cyber criminals are gaining the upper hand
  • In attacks against organisations, poor password security is a common factor, so developing strong and unique passwords adds another layer of protection
  • Pre-emptive protection solutions stops hacks from occurring and keeps customer data safe
  • Singtel’s Web Application Security Services offers a range of effective and affordable forms of protection against evolving threats to website applications and infrastructure
  • Major upside for business in getting cyber security right is to ensure the security of customers’ private data – which in turn protects the company’s own reputation

10 June 2019 | SMB, Digitalisation, Cybersecurity | 7 min read

Leading cyber security agencies are warning that future cyber-attacks will not only be more disruptive, but more destructive, with the potential to damage the reputation and day-to-day activities of businesses unprepared for an attack.

Recent attacks show business needs to be prepared

On May 14 it was reported that a hacking attack against a high profile Japanese retailer had reinforced fears that the global cost of cybercrime could reach a staggering $6 trillion by 2021.

The retailer reported that there were more than 460,000 unauthorised logins to registered accounts via a hack where user IDs and passwords are potentially leaked from other services. Typically, it occurs when people use the same password for different online accounts.

As a result, the retailer requested all online customers to use different passwords for different services and avoid easily guessed or commonly passwords.

Locally, a health-related / charity organisation became a victim of hackers when the personal data of nearly 4,300 potential blood donors was “leaked”, as reported by The Straits Times on May 16.

It was reported that these potential donors’ names, contact numbers, email addresses, declared blood types, preferred appointment dates and times and preferred locations for blood donations were left exposed.

Unfortunately, it was something as simple as a weak administrator password that was believed to have let the hackers in.

Singaporeans were shocked when it was revealed that a vendor had improperly put online the personal information of more than 800,000 potential blood donors. This followed a cyber-attack in July 2018 when the private data of 1.5 million patients were compromised.

The shared result of all these hacks is a potential loss of reputation and trust. On top of customers' important data being compromised, the leaks further increasing the chance of other cyber-crimes.

The most common fragile points in cybersecurity are weak passwords, malware and a lack of protection around website applications and infrastructure. 

Cyber-protection isn't just about strong passwords

The common thread in these hacks are weak passwords. Businesses and customers have been warned for years – if you make your password “password”, your data is unsecure.

This was borne out in research by the UK’s National Cyber Security Centre which confirms that many people still don’t treat their personal online safety as a serious issue. In fact, most people the Centre surveyed used “123456” as their password, followed by their names, their favourite football team or pop band, or their favourite superhero (Superman was number one).

It's not just about passwords though. Businesses with an online presence need their websites secured to protect their customer's data. Hacking attacks can be directed at your business website. Potentially, any web-based application can be targeted.

For businesses, any cybercrime that is linked to their brand is a devastating blow to their reputation, especially in terms of protecting their customers’ private data. Business needs to think about a comprehensive protection solution that moves beyond passwords.

Understanding your website's vulnerabilities

Completely securing your website without expert help is difficult. Even building your website on commonly used platforms like WordPress isn't completely secure. Cybersecurity service provider, Trustwave, has noted an increase in attacks specifically targeting WordPress. In most cases, these attacks are focused on outdated plug-ins or developed by third party vendors. While WordPress allows different plug-ins to enhance the platform's functionality, you need to be sure of their quality and security.

In 2018, Trustwave tested a variety of web applications for vulnerabilities. It found 100% of those websites had at least one weak-spot. Some of these vulnerabilities can be harmless, but others can cause major headaches for business owners. Retail website attacks are mainly aimed at e-commerce transactions and even Point-of-sale systems. Being responsible for customer's credit card information being leaked isn't great for your reputation. 

While not all vulnerabilities will be exploited, just understanding where security is lacking will help you find the right cybersecurity solution.

Solutions that meet your needs

For all businesses, cybersecurity solutions need to be cost effective, easy to install and have a track record of providing a high level of protection.

Singtel’s Web Application Security Services are a web security and performance services featuring web application firewall, web accelerator, visual defacement monitoring and website restoration.

Essentially, the solution offers pre-emptive protection by:

  • Detecting and stopping malicious attacks or software from reaching your web servers. 
  • Utilising the latest threat intelligence so your website is always protected as new threats are discovered.
  • Securing web servers so sensitive information such as company data, employee information or customer details, is always safe.
  • Using a web application firewall to protect your websites from vulnerabilities, ransomware, zero-day attacks and DDoS attacks which can take your website offline.
  • Improve page performance and save bandwidth costs by leveraging on Singtel's globally distributed delivery network.
  • Detecting unauthorised changes or defacements on your website, before your customers do, through automated monitoring.

Latest series threat intelligence constantly guards your website even when new vulnerabilities are discovered.

So-called web defacement, where hackers exploit website security weaknesses to “deface” websites – change words, scrawl across them, taunt site owners – often for political purposes, is on the rise. Web defacement in Singapore was up nearly 17% in 2017, according to the Cyber Security Agency of Singapore’s Cyber Landscape Report.

Singtel’s web defacement protection helps business avoid reputation damage by alerting the owner to unauthorised visual changes to a website in real time. Even if you are hacked, Singtel can restore your original web presence using a secure replica to ensure no downtime, helping to maintain the good reputation of your brand.

Your business reputation can be your biggest asset, so it’s worth protecting. By investing in cybersecurity now, you’re safeguarding business data before a hack occurs. 

Featured Solutions

Other articles you might like

Bridging the cyber talent gap: Why training matters as much as hiringShare
Apr 2025 | -
cyber security
Bridging the cyber talent gap
Singapore is tackling the cyber talent shortage by creating new ways for people to enter and grow in the field—no tech background needed. With industry-led training and support from key industry players, these programmes focus on real-world skills and practical readiness, helping build a stronger, more resilient cyber security workforce for the nation’s digital future.
Shield against cyber scams through preparedness programmeShare
Mar 2025 | -
cyber security
Shield against cyber scams through preparedness programme
Cyber scams are evolving, exploiting both technology and human psychology, making cyber security training essential for organisations. Frost & Sullivan explores how Singtel’s CSI offers a comprehensive Cyber Scam Preparedness programme, emphasising shared responsibility and victim empathy to equip frontline employees as the first line of defence against cyber threats.
Organisations with managed connectivity and cloud-delivered SSEShare
Mar 2025 | -
cyber security
Securing organisations with managed connectivity and SSE
This infobrief explores how managed connectivity and cloud-delivered Secure Service Edge (SSE) can protect IoT and mobile-enabled organisations, highlighting the importance of robust security solutions to safeguard devices, data, and networks in an increasingly connected world.

Ready to get more out of digitalising your business?