SG rank NO 6 in internet facing exposed databases

From the recent Exposed Digital Assets Research conducted by Group-IB’s Attack Surface Management team, we can see that Singapore has been ranked 6th, with 5,882 databases detected to be opened to hackers, in the Top 10 Countries by the amount of Exposed Databases in 2021.

What does an Exposed Database mean?

It could either mean that your Database has no security measures to defend against unauthorized or unintended activities, or your Database Security is at risk due to misconfiguration or not properly secured. “When an exposed database gets accessed by an unauthorised malicious party, the consequences can range from a data breach to a subsequent follow-up attack on the employees or customers whose information was left unsecured”, said Mr. Tim Bobak [Group-IB’s attack surface management product lead].

What should we (Organizations) do?

Organizations should be more wary of the vulnerabilities within their Cybersecurity solutions (Database Security, IT Infrastructure, Network Security etc.) as Singapore’s Personal Data Protection Act states that a company can be fined up to $1 million for a data breach. But from Oct 1, this will be raised to 1 million or 10 per cent for company whose annual turnover exceed 10 million, whichever is higher. It is recommended that company conduct a Data Protection Impact Assessment studies to understand how their company’s data is being collected, stored, used, shared and disposed. This is to obtain a holistic understanding of their data inventory risk and adopt solutions on implement controls to protect them. If you would like to know more about how to conduct Data Protection Impact Assessment, do not hesitate to drop us an email at [email protected] to find out more.

Learn more on ‘Below The Surface: Group-IB Identified 308,000 Exposed Databases in 2021
Learn more on ‘Singapore Ranked No. 6 Globally For Having Most Number of Exposed Databases’

“Enhanced PDPA take effect from 1 Feb 2021”

With the new enhanced PDPA it is mandatory for organization to report any data breach data breach that: (i) results in, or is likely to result in, significant harm to the affected individuals; or (ii) is of a significant scale (i.e., involves personal data of 500 or more individuals). Affected individuals must be notified if the data breach is likely to result in significant harm to them. Organization must report to PDPC as soon as practicable and not later than 3 calendar days

We are information security consultant that can help your organization to implement Information Security Framework based on ISO/IEC 27001:2022, do reach out to us via email at [email protected]