Everyone Must Participate for Cybersecurity Prevention to Be Successful
By: Albert Kuo, Vice President, Asia Pacific, ExtraHop
From the highly publicised national healthcare data breach last year to the periodic emails from brands notifying you that they have been the target of a data breach, it is hard to avoid the evidence that cybersecurity incidents are on the rise. As data becomes the backbone of modern societies and hackers devise more sophisticated attacks, the responsibility for protecting valuable, personally identifiable information (PII) lies not only with the public and private organisations but with individual citizens and employees as well. Each group has different responsibilities for protecting data. However, these efforts can only be successful in reducing cyber risks when the groups operate in concert with each other.
The path to a more secure Singapore begins with individual citizens taking simple steps to protect personal information. This includes setting strong online passwords, enabling two-factor authentication where available, and updating software promptly. Users should be aware that due to large data breaches at Yahoo and elsewhere, the password that you used seven years ago has likely been shared online by hackers. When you choose a new password, pick something that is longer but easier for you to remember, perhaps a phrase or lyric that you enjoy. Password entropy, the “strength” of a password, is more affected by length than just special characters. For more information on how citizens can stay safe online, the Cyber Security Agency of Singapore (CSA) provides educational information for people of all ages to learn cyber safety.
Educational initiatives for citizens and businesses are important efforts the CSA is undertaking to help reduce risk. However, the Ministry of Communications and Information (MCA) recognises that it must also be actively involved in the protection of personal data and critical information infrastructure, and the regulation of business practices regarding enterprise cybersecurity and data protection. One example of the government’s efforts is the Monetary Authority of Singapore’s (MAS) new requirements meant to help “raise the cybersecurity standards and strengthen the cyber resilience of the financial sector”.
Public sector agencies must also develop a robust technology infrastructure and processes to protect citizens as they interact with the government through its online services. That means ensuring that employees are properly trained in data protection and that security practices are standardised and enforced across the public sector. A Public Sector Data Security Review Committee was convened earlier this year to provide recommendations for the Prime Minister on ways to raise data security.
Similarly, businesses in Singapore must also create secure network infrastructure and internal processes that will protect the growing volumes of customer information and other proprietary data that are considered so valuable to hackers. The regulatory, reputational and operational consequences are now too great for organisations of any size to ignore.
Technology solutions available can help companies automate the detection and remediation of threats, which can significantly cut down on the time attackers spend snooping around internal systems and the time that security teams spend investigating and remediating incidents. Enterprise security teams can also have a better chance of detecting serious threats early when tech is paired with a governance framework and internal processes that reinforce proper data use and management. However, strong cybersecurity practices need to become a part of the company culture through training and education so that employees understand their responsibilities.
Despite these investments in time, resources and technology, various pieces of research have found that human error contributes to a significant portion of enterprise security breaches – a fact that underscores the importance of continued education about cyber hygiene and data protection practices.
The goal of minimising cyber risks needs to be shared by all key stakeholders in Singapore. As a leading cyber analytics provider in Singapore, we have been committed to educating partners and the next generation of security professionals. The success of Smart Nation and Industry 4.0 initiatives depend on secure networks, protected data, individuals educated in, and vigilant of, cyber attacks, and collaboration between all stakeholders involved.