Cyber Risk Leaders Magazine - Issue 6, 2021

Page 22


Singapore Cyber Landscape – highlights at ISACA Singapore Chapter’s GTACS 2021 conference By Jane Lo, Singapore Correspondent


ingapore’s Cyber Landscape largely mirrors the global landscape” and “so any threats out there will spill over to Singapore”, said Dr Janil Puthucheary (Senior Minister o f State, Ministry of Communications and Information & Ministry of Health), at ISACA Singapore Chapter’s GTACS (Governance, Assurance, Security and Risk & Control) 2021 conference (2nd September 2021).

Ransomware For example, “crippling ransomware attacks are one of the top threats organisations and individuals around the globe face, ”Gregory J. Touhill (Chair, ISACA), pointed out in his overview of “Global Risk and Governance Landscape.” Like other countries around the world, Singapore also faces the rising threats of these attacks. In fact, earlier in August this year, a joint adversary on the ransomware operator ALTDOS was issued by the Cyber Security Agency of Singapore (CSA), the Personal Data Protection Commission (PDPC) and the Singapore Police Force (SPF), underscoring the pervasiveness of the threat faced by organisations in the region. By capitalizing on pandemic related fears, ransomware operators and other threat actors carefully constructed social engineering and phishing tactics using Covid-19 and vaccine-related news as lures. The severity of ransomware is highlighted by Mr Dan

22 | Cyber Risk Leaders Magazine

Yock Hau (Assistant Chief Executive, Cyber Security Agency of Singapore), at his Keynote address on “Cybersecurity Landscape in Singapore”. According to the Singapore Cyber Threat Landscape 2020 report, there had been a 154% rise in ransomware cases (compared to 2019). “At least 60% involved small medium enterprises, with almost half from manufacturing (~30%) and IT (~15%) industries,” he said. “These affected industries were in line with global observations,” he noted. “These industries are running 24/7 operations that cannot afford downtime, meaning more unpatched/ outdated systems and vulnerabilities to exploit,” he explained. Further, “the affected organisations comprised mainly SMEs, which are unlikely to have dedicated infocomm security officers,” he added. In fact, he noted, ransomware had evolved from an “isolated and sporadic risk”, and is becoming “targeted and impactful, hitting organisations providing key or essential services.”

Supply Chain and Data Breaches In addition, supply chain attacks and data breaches are also two other threats faced by Singapore organisations. Targeting the weak links continue to be means from which to launch attacks. For examples, Mr Dan noted in a supply chain attack,