Events > Home > Features

Facing up to the Cyber Security Challenge

As Singapore seeks to increase its resilience to cyber-attacks, recent news indicates that even the most advanced and well protected systems can be vulnerable. The SingHealth attack represented the most serious personal data breach in Singapore’s history. In the UK there is still high awareness of the impact of the NHS WannaCry incident last year.

As technology rapidly evolves, the challenge of protecting technology and information increases with threats becoming increasingly complex. This means that the cyber security strategies of governments, public sector organisations and businesses need to evolve to keep pace. We are seeing:

  • More frequent and more sophisticated attacks
  • An increasing reliance on technology meaning higher impact of business interruptions – what was an annoyance twenty years ago can be catastrophic today
  • Substantial time and cost to resolve incidents – an average of 168 days to identify a data breach at an average cost of £2.48 million (SGD 4.5m).
  • Cyber security costs escalating, and budgets being affected by an increasing skills shortage

What is the UK doing on the cyber security challenge?

Significant security benefits are being derived from emergent technologies such as artificial intelligence, machine learning and quantum cryptography. Strong examples of this can be found at CSIT in Belfast, the UK’s Innovation and Knowledge Centre for Cyber Security, where research projects include; Device Authentication and IOT, Secure Ubiquitous Networking, Quantum Cryptography, Supply Chain Integrity and Operational Technology (OT) and Industrial Control Systems.

Additionally, the UK has opened two Cyber Innovation Centres in Cheltenham and London. These centres support companies developing the next generation of cyber technologies. The National Cyber Security Centre (NCSC) opened in London in February 2017 and works with both public and private sectors in building cyber security skills, developing innovative defences and helping to manage cyber incidents.

Together with the huge number of cyber innovators and start-ups and the assurance of services available via NCSC, this makes the UK a very compelling cyber security partner. With the adoption of GDPR we are going further to help organisations and citizens protect their information.

The Challenge extends beyond Technology

But whilst technology can assist us, organisations are realising that this is not simply a technical problem. Most cyber risks are not caused by technology - they are caused by the way that humans interact with technology (in the SingHealth attack, early reports suggest that attackers initially gained accessed through the breach of a front-end workstation). So we recognise that for a fuller cyber defence we must look beyond technical solutions. Here are some of the key behaviours that will help us succeed:

  • Educate staff, customers and citizens to be more aware of cyber threats
  • Focus on improving cyber hygiene (good practices and security procedures that keep systems and date safe) – 80% of incidents are caused by poor cyber hygienei
  • Create inventories of our systems and data - we cannot protect what we don’t fully understand
  • Separate critical or sensitive internal systems from public facing systems such as internet and email (or deploy solutions that render these safer from attacks such as phishing and other malware)
  • Accept that we will probably all experience a cyber security incident at some point – focus on building effective response capabilities and take advice from industry experts;
  • Consider the competitive advantages arising from cyber resilience
  • Look outwards at the threat landscape as well as inwards to our defences, consider security threat intelligence solutions to better inform us of emerging threats
  • Start to think like the attacker - use security testing services that allow a vision of our vulnerabilities as the attacker sees them

So, we see that whilst new technology presents some of the risks it can also contribute to the protective solutions. It’s really a combination of people, process and technology working together with good information sharing that will provide the answer.

The UK has developed a deep and productive dialogue with Singapore’s Cyber Security Agency and we share information and know-how across our governments. We also continue to work together in our shared pursuit of a free, well-regulated international cyberspace. The UK is also assisting other ASEAN States in increasing their cybersecurity capabilities.

 

References:

--------

i) https://www.nmhc.org/news/articles/cyber-hygiene-prevents-80-percent-of-breaches/

Original article written for British Chamber Singapore's Orient magazine

Devices with lock, shield, profile, credit card icons with 'hacking detected' text