Today on 19 September 2017, Singapore’s Acting Prime Minister Teo Chee Hean announced the establishment of a new cyber security institute and Industrial Control Systems (ICS) community under the Cyber Security Agency (CSA). This is the follow-up to yesterday’s announcement that Singapore had deepened its collaboration with 10 other ASEAN countries.
This furry of new initiative comes about as Singapore embraces the smart nation initiative in an increasingly digitalized world. Cyber security becomes the key competency which she must master and project confidence to its citizens and investors. In the wake of notable and increasing attacks in the past few months, we have seen how the Singaporean government had responded with a firm hand.
In the legislation front, the Computer Misuse and Cybersecurity Act was amended in April 2017 to make it a criminal offense to hack into a computer even both locally and overseas. New legislation will be postponed to year 2018 to allow time for extensive industry consultation.
Operationally, the Ministry of Defence (MINDEF) established the Defence Cyber Organization in March 2017. The Minister of Defence, Ng Eng Hen, noted that the new organization would be headed by a Brigadier-General and staffed with 2,000 specialists in June 2017. MINDEF’s deputy secretary of technology, David Koh, heads the Cyber Security Agency, which is the central civilian agency for cyber security.
Worldwide Lack of Cyber Specialists
Cybersecurity is a relatively new discipline and the Cyber Security Agency was established recently under the Prime Minister Office on 01 April 2015 and its predecessor was created in 2009. From this we can infer that just 8 years ago, cyber security was not a national concern and it surfaced to prominence just 2 years back.
As the need for cyber security specialist exploded, there was a limited number of qualified specialist that can fill the roles and this shortage is not limited to Singapore only. The global IT governance organization, ISACA, found out that this is a global problem in its recent survey of industry professionals.
ISACA found that over a quarter of respondents can’t find the suitable candidates to fill in cyber security position in their organization. Even within the 59% of companies which could find the suitable candidates took a long time to find them.
The majority of the companies took more than 3 months to find the suitable candidates and these responses are coming from established companies around the world. For every open position, there are 5 applicants but only half of them are qualified for an interview. The situation is most severe in Europe where 30% of positions are unfilled, followed by 26% in North America and 22% in Asia.
Given the increasing rate of cybersecurity attacks, Singapore would need to have more well trained cyber security specialists. The current CSA institute complements the existing array of courses from the National University of Singapore, ST Electronics’ COMAT, Singapore Polytechnic, Skillsfuture, IMDA’s List of Approved Vendors and part time diplomas from international institutes such as Stanford University and Harvard University.
Motivations of Cyber Attackers
There are always two sides of the coin. For any cyber security strategy to be effective, it must understand the motivations behind the cyber attackers. While the attacks might be hard to detect and prevent in some instances, the end game of the attack is always clear for the victim.
After surveying the victims of such attacks, ISACA had the following findings. Normally, the attackers would have multiple objectives after spending detailed efforts to penetrate your systems. Hospitals are the prime target for malware specialist to launch ransomware attacks. Hospitals in the US and UK were reportedly made to pay in Bitcoins to unlock their computer systems, stole personal information to claim insurance and force emergency patients to be redirected midway. You can count at least 3 motivations for attackers now.
Hospitals have experienced four times as much attacks this year compared to the previous year because it is a life and death experience to loss access to critical information. They hold the holy trinity of name, social security number and date of birth for identity theft.
Global respondents found out that financial gains and disruption of services are the two prime reasons behind the attacks. In the famous Dyn Denial of Service attack in October 2016, a wide range of multinationals were affected from AirBnb to Playstation to Starhub. If your Starhub internet service was disrupted twice in October, you would have shared the anger of these Singaporeans.
Courier TNT was affected by ransomware, Petya, where the attackers demanded $300 in June 2017. It affected their operations and it will cause them $800 million over 4 years due to loss of revenue, customer claims and security measures to prevent future attacks. In May 2017, Singapore based malls such as White Sands and Tiong Bahru Mall and retailers were hit by the WannaCry ransomware for Bitcoin payment.
Prevention Is Better Than Cure
Such attacks are expected to increase over the next few years as cyber criminals get more attack surface in an increasing digital world. Cybercrime as a service is a reality today where malicious actor don’t even need to know coding. They just need to pay someone to send the attacks.
Source: Enterprise Security Magazine
Cyber-attacks place a real burden on businesses as seen in the TNT case and employees have to shoulder much of the load. IT Solution Systems has a comprehensive suite of firewall solution to lessen to load of companies and it is the only Singaporean company to listed in top 10 of Enterprise Magazine list with the likes of McAfee and Checkpoint.
Prevention is always better than cure. Come talk to us now and we will provide you with a customized solution within your budget for your company!