Orient Magazine Issue 67 - July 2018 | Page 18

Orient - The Official Magazine of the British Chamber of Commerce Singapore - Issue 67 July 2018 - Page 18
MATTERS OF OPINION:
FACING UP TO THE CYBER SECURITY CHALLENGE
Cyber security is back in the headlines this month with Singapore’s health system facing a breach of personal data in an attack on the SingHealth system affecting up to 1.5 million users. Ahead of September’s Singapore International Cyber Week, the British Chamber invited member companies to comment on the topic.

The need for government, policy makers, companies and individuals to consider cyber security in their strategic planning is steadily increasing. During September, Singapore will be hosting the Singapore International Cyber Week (SICW) to bring together industry experts and stakeholders. What are the key themes and recommendations that you believe need be addressed?

Reuben Sinclair
Cyber Security Representative Singapore & SE Asia, Department for International Trade (DIT) Singapore

As Singapore seeks to increase its resilience to cyber attacks, recent news indicates that even the most advanced and well protected systems can be vulnerable. The SingHealth attack represented the most serious personal data breach in Singapore’s history. In the UK there is still high awareness of the impact of the NHS WannaCry incident last year.

As technology rapidly evolves, the challenge of protecting technology and information increases with threats becoming increasingly complex. This means that the cyber security strategies of governments, public sector organisations and businesses need to evolve to keep pace. We are seeing:

• More frequent and more
sophisticated attacks
• An increasing reliance on technology
meaning higher impact of business
interruptions – what was an
annoyance twenty years ago can be
catastrophic today
• Substantial time and cost to resolve
incidents – an average of 168 days to
identify a data breach at an average
cost of £2.48 million (SGD 4.5m).
• Cyber security costs escalating, and
budgets being affected by an
increasing skills shortage
What is the UK doing on the cyber security challenge?
Significant security benefits are being derived from emergent technologies such as artificial intelligence, machine learning and quantum cryptography. Strong examples of this can be found at CSIT in Belfast, the UK’s Innovation and Knowledge Centre for Cyber Security, where research projects include; Device Authentication and IOT, Secure Ubiquitous Networking, Quantum Cryptography, Supply Chain Integrity and Operational Technology (OT) and Industrial Control Systems.

Additionally, the UK has opened two Cyber Innovation Centres in Cheltenham and London. These centres support companies developing the next generation of cyber technologies. The National Cyber Security Centre (NCSC) opened in London in February 2017 and works with both public and private sectors in building cyber security skills, developing innovative defences and helping to manage cyber incidents.

Together with the huge number of cyber innovators and start-ups and the assurance of services available via NCSC, this makes the UK a very compelling cyber security partner. With the adoption of GDPR we are going further to help organisations and citizens protect their information.

The Challenge extends beyond Technology
But whilst technology can assist us, organisations are realising that this is not simply a technical problem. Most cyber risks are not caused by technology - they are caused by the way that humans interact with technology (in the SingHealth attack, early reports suggest that attackers initially gained accessed through the breach of a front-end workstation). So we recognise that for a fuller cyber defence we must look beyond technical solutions. Here are some of the key behaviours that will help us succeed:

• Educate staff, customers and citizens
to be more aware of cyber threats
• Focus on improving cyber hygiene
(good practices and security
procedures that keep systems and
date safe) – 80% of incidents are
caused by poor cyber hygiene
• Create inventories of our systems and
data - we cannot protect what we
don’t fully understand
• Separate critical or sensitive internal
systems from public facing systems
such as internet and email (or deploy
solutions that render these safer from
attacks such as phishing and other
malware)
• Accept that we will probably all
experience a cyber security incident
at some point – focus on building
effective response capabilities and
take advice from industry experts;
• Consider the competitive advantages
arising from cyber resilience
• Look outwards at the threat
landscape as well as inwards to our
defences, consider security threat