By Jane Lo, Singapore Correspondent
“Singapore’s Cyber Landscape largely mirrors the global landscape” and “so any threats out there will spill over to Singapore”, said Dr Janil Puthucheary (Senior Minister of State, Ministry of Communications and Information & Ministry of Health), at ISACA Singapore Chapter’s GTACS (Governance, Assurance, Security and Risk & Control) 2021 conference (2nd September 2021).
Ransomware
For example, “crippling ransomware attacks are one of the top threats organisations and individuals around the globe face, ”Gregory J. Touhill (Chair, ISACA), pointed out in his overview of “Global Risk and Governance Landscape.”
Like other countries around the world, Singapore also faces the rising threats of these attacks.
In fact, earlier in August this year, a joint adversary on the ransomware operator ALTDOS was issued by the Cyber Security Agency of Singapore (CSA), the Personal Data Protection Commission (PDPC) and the Singapore Police Force (SPF), underscoring the pervasiveness of the threat faced by organisations in the region.
By capitalizing on pandemic related fears, ransomware operators and other threat actors carefully constructed social engineering and phishing tactics using Covid-19 and vaccine-related news as lures.
The severity of ransomware is highlighted by Mr Dan Yock Hau (Assistant Chief Executive, Cyber Security Agency of Singapore), at his Keynote address on “Cybersecurity Landscape in Singapore”.
According to the Singapore Cyber Threat Landscape 2020 report, there had been a 154% rise in ransomware cases (compared to 2019). “At least 60% involved small medium enterprises, with almost half from manufacturing (~30%) and IT (~15%) industries,” he said.
“These affected industries were in line with global observations,” he noted.
“These industries are running 24/7 operations that cannot afford downtime, meaning more unpatched/outdated systems and vulnerabilities to exploit,” he explained. Further, “the affected organisations comprised mainly SMEs, which are unlikely to have dedicated infocomm security officers,” he added.
In fact, he noted, ransomware had evolved from an “isolated and sporadic risk”, and is becoming “targeted and impactful, hitting organisations providing key or essential services.”
Supply Chain and Data Breaches
In addition, supply chain attacks and data breaches are also two other threats faced by Singapore organisations.
Targeting the weak links continue to be means from which to launch attacks.
For examples, Mr Dan noted in a supply chain attack, “the compromise of a single trusted supplier can result in multiple victims,” and “in a data breach, threat actors are constantly probing for weak links to steal credentials to gain access into systems with sensitive data.”
Indeed, data exfiltration (leak of personal data) tops security concerns in Singapore, in a study by Frost & Sullivan that surveyed responses from ISACA Singapore Chapter’s members.
“86% responded that this was a high level of concern,” said Mr Kenny Yeo (Associate Director, Head of Asia Pacific Cyber Security Practice, Frost & Sullivan) at his keynote, “the Singapore Cyber Security Landscape: Learnings from the 2021 ISACA-Frost & Sullivan Survey.”
With about 30% reporting increase in supply chain attacks, “Singapore enterprises must prepare for this growing risk,” he added.
Going forward
What are some key measures proposed to counter these threats?
“Practice good cyber hygiene, such as keeping systems and software updated, raising employee’s awareness on threats, having full visibility of their networks and detecting unusual activity in a timely manner”, said Mr Dan.
“Cultivate a mindset of vigilance as cybersecurity remains the responsibility of all end users,” he stressed.
Practical measures include understanding that “information security cannot simply focus on technology, security practices need to be in place,” said Mr Yeo. These practices include “cyber security awareness programs, governance, risk and compliance tools, cyber drill and” he added.
In addition to end users, “regular cyber risk briefings to management are crucial to change cyber security perception,” said Mr Yeo.
In particular, according to the Frost & Sullivan / ISACA Singapore Chapter survey, more than 70% of senior management are becoming more concerned with cyber risk issues. Therefore, “senior management buy-in is crucial for enterprise information security,” he said.
Steven Sim (President, ISACA Singapore Chapter) shared the need for “ecosystem of public and private partners to work closer together, to enhance the resilience of our business supply chain” in his opening remarks.
Mr Touhill also emphasised “as a global cybersecurity community, it is imperative that we all come together to recalibrate how we hire, how we train, how we retain our future cyber leaders, to ensure we have a solid work force, that is evolving with cybersecurity needs.”
Indeed, David Koh (Commissioner of Cybersecurity and Chief Executive, Cyber Security Agency of Singapore) noted in the Singapore Cyber Landscape 2020, that “Cybersecurity is a Team Sport. In fact, it is an International Team Sport.”