Search
Close this search box.

We are creating some awesome events for you. Kindly bear with us.

Cyber Security in Singapore: Protecting against the Evolving Threat Landscape

Cyber Security in Singapore: Protecting against the Evolving Threat Landscape

On the morning of November 3rd, OpenGov Asia and its partner Raytheon|Websense held an informative breakfast dialogue. The topic covered was on the new era of cyber security and Singapore’s journey towards a more secured and protected government. Twenty delegates from fourteen Singaporean public sector agencies were represented in this dialogue. Each gave insight into their own experiences with cyber security and what they consider to be formidable security strategies. The speakers included Mr. Mohit Sagar, Managing Director and Editor in Chief of OpenGov Asia, Mr. Anurag Madan, Head of IT Digital Services at Ministry of Social Development, New Zealand and Mr. David Barton, Chief Information Security Officer for Raytheon|Websense.

The breakfast dialogue began with Mr. Mohit Sagar, Managing Director and Editor in Chief of OpenGov Asia. He opened up the discussion by saying, “We know where we are in the current threat landscape, we are getting attacked every minute, and these attackers are not going away. There are many things we need to be considering when it comes to security. What’s most shocking is: most of these threats are internal, the shortage of skilled workers is increasing, and in 2017 there will be a 47% shortage in security personnel.” He went on to ask the delegates, “What are we securing? Is it our perimeters? Is it our borders?” Singapore is on the right track to becoming the world’s first smart nation. Making sure that the nation is secure will help make for a smooth transition towards being fully connected.

Mr. David Barton, Chief Information Security Officer for Raytheon|Websense, joined the discussion as a fellow CISO facing some of the same threats as the delegates sitting at the table. “Attackers have tools to send a lure into your organisation. Typically, if they are unprepared for this, an employee will respond to the email and be led to a compromised website. They are able to access your data. That data now leaves your network,” he said, “We are also studying the concept of ‘dwell time’, where the attacker is inside the network without being detected.”

Mr. Anurag Madan, Head of IT Digital Services at Ministry of Social Development, New Zealand, took the floor to share his experience introducing new security strategies in his organisation. He talks about the context of security within New Zealand and how it has put pressure on organisations to put further protection measures in place. Mr. Madan is running a project on simplification within MSD. This project drives digital uptake, reducing manual labor at the back end, using analytics to support risk mitigation, and taking on a cloud first strategy for speedier time to market. “With Mobile, Cloud, and IoT, there are more chances for attacks. The risk exposure is exponentially rising, we need to start thinking differently about security,” stated Mr. Madan. Getting reactive to adaptive security is a great vision for Mr. Madan and he says this can be attained by looking at security as a managed service.

We opened up the discussion by addressing the security threat landscape as it stands today. On this topic, Mr. Sagar stated, “Data security, means where ever the data goes… we have to protect where it lands.” The poll results show that when the delegates were asked: “What security threats worries you most?” 50% of delegates responded with Advanced and Targeted Cyber Attacks and 28% responded with Data and Identify Thefts. Mr. Chai Chin Loon, Director for Security Tech, Advisory, and Projects Division,  Infocomm Development Authority, believed this question was difficult to answer, and explained, “The way the various security threats are presented, they are all important. A breach in any one of them is already enough to cause a major incident to occur.” Mr. Madan adds that as a public sector organisation, most of the concerns are around the vulnerabilities of the people. Governments are constantly under watchful eyes of attackers; this creates many worries for these organisations.

When it comes to challenges in security architecture, the growing threat landscape has created new challenges for those tasked with protecting their organisations. When delegates were asked: “What do you think is the biggest challenge in your security architecture?” the room was split, as 44% responded with Lack of Collaboration between Various Security Products and 44% responded with Lack of Data Awareness and Visibility. Mr. Sagar said, “I see that many consider a lack of collaboration between various security products as their main challenge… and I agree, but how do we manage this?” Mr. Chng Ho Kiat, Director for Preparedness and Resilience Division, Ministry of Communications and Information, answered Mr. Sagar’s question, and said that, “When it comes to having various products, we have to think about what are the things we want to keep and what can we do without.”

Mr. John Yong, Director of Integrated Operations and Preparedness, Infocomm Development Authority added on, “I do not think anyone in the room dares to say we have built enough security. The problem will become more complex but these security companies become more complicated, meaning they become less standardised. Thus, products are overlapping. I am challenged by lack of collaboration between various security products, as I see it is the most common pain points to my fellow CISO.” One delegate disagreed with the others, saying that they see lack of data awareness and visibility as their greatest challenge, because they felt this is the weakest link in an organisation. The delegate relayed to the rest of the delegates that awareness programs are very difficult to move forward within their organisation.

Each organisation will have a different security measure that is most important within their organisation. The poll results show that when delegates were asked: “Which of the following security measures do you think is most important to you?” 38% of delegates responded with Data Protection and Data Loss Prevention, 44% responded with Insight and Real Time Protection against Security Threats and 11% with Insider Threat Detection and Prevention. Mrs. Agnes Lim, Head Army CIO Office HQ Signals & Command Systems, Ministry of Defense, stated, “I picked Data Protection and Data Loss Prevention as most important, because the outcome is important and I want to ensure that data is protected.”  The room of delegates agreed that all of the security measures considered are of great importance to ensuring the organisation is protected against all threats.

In discussing the security of mobile apps, we must remember how the data is being shared between the network and the endpoint. During this journey, information has the potential to be compromised and networks can be breached. Mrs. Geraldine Chin, Deputy Director for Corporate Systems Department 2, JTC Corporation, is especially concerned about this, she said, “I am responsible for more the application side, so I am frightened about data loss. We are wondering if there is some area we should pay especial attention to. There are certain measures in place but we must look at a holistic level to prioritise which are most important to the organisation.”

Mr. Madan responded, “With respect to apps, we could be looking to predict the data in transit. This will give us the benefit of knowing how the data is traveling.” To this, Mr. Yong said, “First off, understand your risk. With apps there is a risk in information exchange transaction, within that transaction you want to know what is going on. Do you have the visibility to manage this? Security design in most of the apps is built for the risks considered. Our challenge is whether or not we understand what the risk is.”

It can be believed that whoever is tasked with the responsibility of securing the network within the organisation is burdened with the blame of when something goes wrong. We found that many delegates believe that this responsibility should be shared. When asked about who within the organisation ultimately owns the responsibility for security, our delegates had a variety of answers. Mr. Chng Ho Kiat said, “Based on the intent of the question, it should be everyone. As much as we want to assign responsibility, it is a shared responsibility.”

One delegate thought that it is up to the senior management when something serious happens. Mr. Sagar prompted the question, “Rather than responsibility, it is about ownership, is this correct?” Mr. Yong responds saying it depends on the specifics of the situation, “There are different responsibilities so it is about who has been assigned the responsibility to protect the system…We must think how to assign the task clear enough otherwise there will be gaps.” If these gaps are left alone, this is where organisations are left most vulnerable.

Within the security community, it is known that there is potential for each organisation to have a number of internal attacks.  When this was brought up, one delegate said, “We have so many employees and each employee is a security threat to themselves.” Mrs. Chin adds on to that, by saying, “I believe that the greatest threats lie inside, there are a lot of risks that we unintentionally create. In designing the app we must consider how we and others treat the data.” Mr. Darren Chan, CIO, Intellectual Property Office of Singapore, disagreed with both, and stated, “I picked outside as the range of threats available, range is wider from the outside.” The risk from outside can be seen as much harder to control, which is why some are more worried about what external threats are coming their way. It is worth considering the permissions and access granted to employees, as internal attacks are still possible.

We see a world where everything is changing towards more modern and digital processes. This requires us to revalidate our security strategies. We must make sure that people are protected from threats and consequences of cyber-attacks. It is thought that raising the security IQ of the employee base in an organisation will decrease our threat profile exponentially. Mr. Barton helps close out the conversation by saying, “What see trending in the security sphere is, it is not a matter of if you get attacked, but when.”

The threat landscape is fluid. It is clear that security strategies need continuous focus and improvement. “We are constantly saying that this threat landscape is constantly changing, constantly evolving, and this must keep us on our toes,” said Mr. Sagar.  When it comes to security collaboration, Mr. Madan said, “You have to start looking at innovation, which is starting to take priority over standards. We have not solved the problem but we are trying to think out of the box. I hope this leads to collaboration within the security industry.”

Moving towards a more secure government requires responsive movement to meet a growing threat landscape. While working towards becoming a more secure government, although there are many solutions already in place, we must believe we are always vulnerable. Government plays a big role in dealing with security as they are at the forefront of attacks.  “Government can play a role in helping organisations to wake up to this new threat landscape,” said Mr. Chng Ho Kiat. Delegates must now think about what they can do in their organisations to make improvements to their security infrastructure.

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

As a Titanium Black Partner of Dell Technologies, CTC Global Singapore boasts unparalleled access to resources.

Established in 1972, we bring 52 years of experience to the table, solidifying our position as a leading IT solutions provider in Singapore. With over 300 qualified IT professionals, we are dedicated to delivering integrated solutions that empower your organization in key areas such as Automation & AI, Cyber Security, App Modernization & Data Analytics, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Renowned for our consulting expertise and delivering expert IT solutions, CTC Global Singapore has become the preferred IT outsourcing partner for businesses across Singapore.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.