Understanding the necessity among Singaporean companies to take an active stance in responding to the increasing cases of multimillion dollar cyber threats globally, an innovative ‘digital defence’ framework has recently been integrated to the country’s Total Defence mechanism since mid-February 2019.
Experts said that although Singapore has invested heavily in cyber defence mechanisms, including the most advanced hardware and software, these are still insufficient to combat cyber attacks if the ‘peopleware’ component is either weak or missing in the equation.
The lack of skilled personnel led to several reported data breaches that made news in Singapore recently.
In June 2018, Singapore had its most damaging cyber attack where hackers sneaked into SingHealth’s IT systems taking into possession the patients’ data of 1.5 million people, including the medical records and outpatient medication prescribed to Prime Minister Lee Hsien Loong.
An investigation by the Committee of Inquiry, showed that the data breach was caused by the personnel’s lapses and their inability to detect the signs of a potential breach and the lack of safeguards within the system.
Another controversial instance was when an Integrated Health Information System (IHiS) staff did not report a security incident right away and failed to comply with the incident reporting procedure.
A top official of IHiS’ security management department also did not raise the issue to his superiors despite signs of illegal logins observed to the patients’ database. The manager feared having to work “non-stop” in providing responses to the management’s queries had he done so.
In a related incident, about 14,200 HIV-positive patient’s health records were illicitly posted online by a certain Mikhy Farrera Brochez, a deported American fraudster. Brochez was said to have obtained the data from his reported partner, Ler Teck Siang, who used to be an employee at the agency.
Ler, who had access to the HIV database as part of his job downloaded the records into his hard drive, did not delete them, and later leaked them to Brochez.
According to the Cyber Security Agency, as cited in the recent public awareness survey in the past year, many Singaporeans remain complacent when securing sensitive information and are vulnerable to cyber attacks.
From the 2,035 respondents in the survey, 30% of them said that they save their passwords in their computers or wrote them down. Some even said that they are using a similar password at work and for their personal accounts.
The survey also showed a slight difference among the respondents’ awareness of potential cyber threats. More than 50% of them cited that cyber attacks like malware and online scams are less likely to occur to them.
President of the Association of Information Security Professionals, Dr Steven Wong said that despite several initiatives being enforced at national level to intensify the public’s knowledge about cybersecurity, its effectiveness wasn’t satisfactory.