Cyberspace is transnational and borderless. This means that cyberattacks can be conducted by anyone, from anywhere in the world. Regardless of who the malicious actor is, putting in place cyber resilience measures to protect ourselves is key.
Singapore needs to take precautions in cyberspace to protect the digital security of Singaporeans against cyberattacks by private firms allegedly at the behest of state actors and state-backed entities. Singapore also should take additional and updated steps to address the risk of such attacks in the wake of developments over the last six months.
2021 put cybersecurity under the spotlight with a spate of cyberattacks and serious vulnerabilities discovered around the world; the most recent event of concern being the vulnerability found in an open-source Java package that is widely used by software developers. When there are known incidents and vulnerabilities, the Cyber Security Agency takes immediate steps to ensure that our Critical Information Infrastructure and enterprises are secure.
CSA called for two emergency meetings with CII sectors to issue technical details and mitigation solutions and heightened monitoring for unusual activity. Public advisories and alerts were issued; trade associations and chambers were also briefed on the urgency for enterprises to implement the mitigation measures.
To strengthen Singapore’s cybersecurity, CSA encourages adopting a “zero-trust” posture. This comprises two key principles: first, do not trust any activity on your networks without first verifying it and second, ensure constant monitoring and vigilance for suspicious activities. To raise standards, CSA is developing the CII Supply Chain Programme to ensure that CII owners and their vendors adhere to international best practices for supply chain risk management.
At the same time, CSA also developed actionable cybersecurity toolkits and resources for businesses under the SG Cyber Safe Programme to improve their cyber defences. These toolkits and resources can be found on CSA’s website.
CSA has consistently advocated that the best defence against cyberattacks is a population that is vigilant and adopts good cyber practices. Businesses and organisations are responsible for their own cybersecurity and must take action to strengthen their posture.
This includes regularly updating their software and systems, and practising incident response and business continuity plans to ensure that employees are well-prepared when incidents happen. Individuals should practise good cyber hygiene and stay vigilant against phishing links. We must all strengthen our defences to participate in the digital domain safely and securely.
As reported by OpenGov Asia, CSA has launched a series of tool kits for enterprises, which guide cybersecurity issues tailored for senior business leaders, owners SMEs, as well as employees. The new toolkits help to simplify cybersecurity and enable businesses to make more informed trade-offs between security, system usability and cost.
The toolkit for enterprise leaders and SME owners will focus on the business reasons for business leaders and SME owners to invest in cybersecurity, such as rationalising investment in cybersecurity, and how fostering a culture of cybersecurity would enable enterprises to reap the benefits of digital transformation.
Although 80 per cent of Singapore SMEs embrace digital transformation and have digital transformation in place, cybersecurity has been the key reason for small enterprises not digitalising. Topics include the cultivation of cybersecurity leadership and guidance for employee cybersecurity education.
The programme is one of the major initiatives under the Safer Cyberspace Masterplan, which was launched last year. The master plan was developed in consultation with the cybersecurity industry and academia, to raise the general level of cybersecurity in Singapore for individuals, communities, enterprises, and organisations. Key areas of focus include securing Singapore’s core digital infrastructure, safeguarding cyberspace activities and empowering a cyber-savvy population.
