It can be difficult for an organisation, especially in the public sector, to mitigate cyber security risks, more so if it must adopt remote working and has less control over the behaviour and security of its employees’ devices.
Software and passive measures are not only ineffective but often create vulnerabilities in systems. Antivirus software’s deficiencies, which rely on static, signature-based methods to identify ransomware, are directly responsible for the high success rates of ransomware attacks.
Effective cyber security must start from the top with a strong cyber security culture reinforced by frequent training which will guarantee that every employee recognises cyber security as their responsibility.
The ideal solution should provide awareness and information before a ransomware attack, continue to provide visibility and actionable insights throughout the attack and explain why the attack occurred.
Experience in responding to data breaches, unique insight into how attacks occur and understanding of what operational tactics attackers use to carry out successful attacks are all part of the expertise discipline.
According to experts, ransomware must be combated with a new method that highlights behavioural analysis. Data should be collected and shared across several endpoints and managed by a specialised research team that is familiar with how attackers operate.
Zero Trust, in addition, is a comprehensive framework for safeguarding infrastructure and data in today’s modern digital transformation. It uniquely handles contemporary company concerns such as protecting remote workers, hybrid cloud environments and ransomware attacks.
It demands enterprises to continuously monitor and validate a user’s and their device’s privileges and attributes. It also calls for enforcing a policy that considers the risk of the user and the device, as well as compliance or other requirements to think about before allowing the transaction.
The Public Sector Cybersecurity Forum on 28 September 2022 at Mandarin Oriental Singapore offered the latest information on how to deploy the Zero Trust model seamlessly, overcome common obstacles in Zero Trust adoption and best strategies to combat the rising threat of ransomware.
Increasing Data Security Through Zero Trust Approach
Kicking off the session, Mohit Sagar, CEO & Editor-in-Chief, OpenGov Asia acknowledges that Zero-Trust architecture implies that organisations must constantly check and make sure that a user and their device have the right privileges and attributes.
“Cyber threats are always morphing to take advantage of online behaviour and trends. The emergence of COVID-19 is not an exception,” Mohit observes.
Cyber-criminals assault computer networks and systems of individuals and organisations – locally and even internationally – at a time when cyber defences may be weakened owing to the health crisis and other critical events.
The COVID-19 outbreak has altered people’s lifestyles and work environments. Most people began working from home, and schools and nearly all institutions of higher education shifted to an online model. People’s entire lives went online – medical consultations by video call, remote working, entertainment, almost all commerce and food.
While a quick and effective way to work around the pandemic, this new reality has made citizens more susceptible to cyber assaults in an expanded digital environment.
The Singapore Cyber Landscape (SCL) 2021 evaluates Singapore’s cybersecurity position in the context of global trends and events, stressing the nation’s efforts to develop secure and reliable cyberspace.
SCL 2021 emphasised Singapore’s initiatives in combating new and emerging cyber threats where Cybersecurity Strategy 2021 is one key initiative highlighted. The plan takes a more proactive approach to address threats through a broader scope of protection, closer relationships with international partners and a better emphasis on labour force and ecosystem progress.
In addition, global developments continue to shape and influence the cybersecurity landscape. From the ever-changing tactics of cybercriminal and hacktivist groups to the emergence of Web3 and the ‘Metaverse,’ the SCL2021 publication examines the key trends to watch for and their impact on the cyber landscape in the future.
Against this backdrop, Singapore adopts a zero-trust approach. The nation’s new cyber-security strategy, which went into effect in October 2021, outlined its strategy to protect government applications and information technology systems by ensuring that all activities on them are safe.
Mohit believes that training the employees and creating a talent pipeline can prevent an impending attack from a security operations centre.
Digital transformation is more than the technologies; it is also about organisational culture, who will use the technologies and how staff across the organisation will collaborate to implement these new tools and systems. Organisational cultures that support successful digital transformations do not typically emerge organically; rather, they must be actively built.
Whether an organisation is just beginning to consider a digital transformation initiative or is already in the process of modernising its digital systems, it must consider the role culture plays in the plan and what aspects of organisational culture may need to change.
The increasing likelihood for hackers to take advantage of SMEs’ lack of readiness is one serious issue. Fraudulent and phishing activities involving coronaviruses are becoming more prevalent.
Therefore, it’s crucial to keep in mind that even though the crisis’s accelerated adoption of digital tools may have a silver lining, there will always be a need for advice, support, and guidance from trustworthy sources to solidify the transition, address risks and fully utilise the potential of the new tools.
According to Claribel Chai, Country Director, Singapore, Palo Alto Networks, to face the global cyber threat challenge, cybersecurity vendors, service providers and organisations need to work together.
With fragmented security vendors and products dominating the cybersecurity environment, organisations struggle to secure themselves. However, nobody can combat sophisticated cyber threats on their own.
The nature of current cybersecurity concerns necessitates collaboration between parties to properly address problems. Collaboration shortens the amount of time between finding a new threat and putting protections in place, which helps organisations keep up with the constantly changing threat landscape.
The objective of the collaboration is to surpass isolated efforts by competitors and aggregate information of indicators of compromise so that customer organisations can strengthen their threat protection posture.
Accelerating the supply and distribution of threat intelligence is essential for developing a robust cybersecurity programme. Suppliers must make it as simple as possible to break down silo walls and automate the sharing of threat indicators.
“As the digital era progresses, we will understand what it means to be a Smart Nation with limitless possibilities,” says Claribel. “Smart Nation is the best way to move forward. Integration of technology will be so smooth that it will change how people work, live, and play.”
Singapore’s goal is to be a digital-first country, with a Digital Government, Digital Economy, and Digital Society that use technology to change health, transportation, city life, government services and businesses.
She emphasises that a Digital Government continues to invest in infrastructure and establish open, shared platforms for businesses and individuals to learn and grow, while businesses are encouraged to invest in technology and skills by the Digital Economy to expand internationally.
A Digital Society encourages individuals to build their skills and equip themselves with the most advanced digital tools to realise their greatest aspirations and live better lives collectively.
Zero trust plays a vital role, particularly in the public sector, where organisations must protect not only their data but also the data of the people and constituency they are sworn to serve, organisations must rethink how to secure their applications and infrastructure as they transfer to the cloud.
“The public sector must adopt a holistic zero trust approach to cyber security that will enable us to a digital economy, digital government and digital society,” Claribel concludes.
Cybersecurity Principles for a Safer Singapore Through the Lens of Our Retired Police Commissioner
According to Khoo Boon Hui, Commissioner of Police, Singapore (1997-2000), smart, connected objects offer tremendous opportunities for value creation and capture, but can also create tremendous risk, demanding new strategies for value protection.
“A single vulnerable device can leave an entire ecosystem open to attack, with potential disruptions ranging from individual privacy breaches to massive breakdowns of public systems,” says Khoo.
A defining element of the Internet of Things (IoT) is that objects are not merely smart – equipped with sensors and processing power – but also connected: able to share the information they generate.
As the Police Commissioner, Khoo’s core mandate was to implement strategies to drive down crime in Singapore. These strategies were built from his principles of Vigilance, Collaboration and Foresight.
Making a system secure is not a once-and-for-all proposition. Both hardware and software degrade over time due simply to age and progressive innovation. Worse, the nature and intensity of attacks can change in ways that render previously effective security measures obsolete.
No level of security is perfect and the best efforts still leave any system vulnerable. Consequently, security must be complemented by vigilance such as monitoring to determine whether a system is still secure or has been compromised.
Khoo added that within the organisation, vigilance must be upheld at all levels. As good and necessary as technology is, the human factor is the first line of defence and, with the right training and tools, can be the most powerful link.
Cross-border and multi-agency approaches strengthen the organisation collectively. Construct more communication bridges and establish infrastructure for threat sharing across public and private domains. Maintain awareness of the changing cybersecurity threat scenario.
A Breached Mindset means when there are processes in place to quickly neutralise threats, prevent further spread and recover, limiting the damage and resuming normal operations are much simpler and more efficient.
Better policymaking soon as possible with a more comprehensive foresight process, which allows for the timely identification of additional strategies that may be needed to protect emerging technologies and data, as well as an evaluation of the potential effects on innovation and biosecurity.
What makes someone digitally minded is more than just technical know-how. It is a set of attitudes and actions that help people and organisations see what might happen.
Some of the major digital forces reshaping and destroying the world today include social media, big data, mobility, cloud computing, artificial intelligence (AI), robotics and others. These forces permeate every sphere of life and commerce.
For firms to flourish, they must be able to develop and implement a business strategy that takes into consideration these forces’ profound effects. However, organisations are about individuals.
Consequently, for an organisation to be successful, it must have the proper personnel and a Digital Organisation requires personnel with a Digital Mindset, which is characterised by the capacity to:
- Recognise the capacity of technology to democratise teams and procedures
- Adapt to the magnitude of output and quicken every interaction and action
- Understand the impact of interdependence; Accept the changes and disturbances with composure
It is essential to emphasise that digital knowledge is not synonymous with a digital mindset. Digital savviness merely indicates a person’s ability to use specific technologies and enables them to adopt a digital mentality more easily if they so want.
In the digital age, however, failure to adopt a digital mindset has fatal consequences. With big shifts occurring swiftly and more on the horizon, businesses, executives, and employees must examine how to handle these shifts and function in a way that promotes commercial success.
This necessitates several modifications, not only to processes and procedures but most crucially to the mindset. This is something that begins at the highest level. Therefore, leaders must view business from a digital-first perspective.
Cyber resilience is important because traditional security measures aren’t enough to keep information, data, and networks safe anymore. Hence, Zero Trust is removing implicit trust regardless of what the situation is.
“No matter who the user is, where they are or what application they are trying to use, the same thing will happen. I’ll do this as strictly as I can, with continuous validation at every stage of digital interaction,” says Khoo.
The Evolving Cyber Threat Landscape
“Because of our increasing reliance on technology, cybersecurity has become an existential issue. As a result, each day, we must focus on gathering and analysing the most recent threat intelligence and applying our findings to respond to cyber-attacks,” says Wendi Whitmore, Senior Vice President, Unit 42, Palo Alto Networks, Inaugural Member – Cyber Safety Review Board, U.S. Department of Homeland Security.
Palo Alto Networks has formed a new cybersecurity consulting group to assist businesses in responding to emerging threats and costly, crippling cyberattacks. Since 2014, the expanded Unit 42 has been fighting emerging cyber threats and has become one of the world’s most respected cybersecurity brands.
The group’s mission is to assist organisations in dealing with the most complex cyber threats, ranging from ransomware to state-sponsored espionage while bringing a relentless passion for protecting our digital way of life.
The combined team provide services that will allow organisations to respond to threats more quickly than ever before, as well as new proactive services that will complement Palo Alto Networks’ product offerings. It will also expand incident response services to more Asian, European and Middle Eastern countries.
Because of the evolving threat landscape, organisations must have access to up-to-date threat intelligence on emerging threats, as well as support from experts with extensive experience responding to breaches.
Security teams must have sufficient time to scale up and test their defence plan before a new, more sophisticated attack surfaces. When reputation, profitability and consumer trust are at stake, firms must recognise, respond to and manage security issues proficiently.
Therefore, companies must be ready. Wendi urges organisations to consider testing the present response capabilities of their security team within a scenario-driven, simulated cyber range.
“Cyberattacks evolve rapidly; therefore, your organisation’s training must assess its adaptability and responsiveness to new attack techniques,” Wendi elaborates. “Cyber ranges allow security professionals to discover and respond to threats in a realistic setting utilising a variety of technologies and run-books.”
This tends to promote enterprise-wide communication and teamwork since teams have a better awareness of the responsibilities of other divisions.
Training in an authentic but controlled environment can assist security staff respond rapidly to crises, thereby enhancing corporate security.
Organisations increasingly rely on their employees as their first line of defence. Despite the increasing maturity of effective security technology, cybersecurity employees must learn in realistic and immersive environments.
Cyber-attacks will not cease, so neither should the security personnel. By utilising cyber range training and reinforcing incident response strategy, organisations may change their approach and defend proactively against attacks that are rapidly evolving.
Power Talk: Making Smart Nation Cybersecure: Addressing Risks in an Increasingly Connected Urban Future
The most effective and cost-effective way to protect an organisation is to conduct regular cyber security risk assessments, according to Tan Too Ping, Chief Information Security Officer, Changi Airport Group.
There are several dangers associated with digital transformation that organisations need to be aware of. Organisations run the danger of incurring significant losses if they fail to account for the risks. In addition, the process of digital transformation is more susceptible to dangers in some sectors than others.
Many companies are turning to multi-cloud and hybrid cloud infrastructures to provide them with the flexibility and agility they need to succeed in the market as digital transformation projects gain traction. However, this change may also bring up new dangers, especially when it comes to cloud environment regulation.
One of the most vulnerable sectors is the supply chain and sales channels. If an organisation decides to switch entirely to a digital sales channel, the partner, customer or consumer on the other end may not have a strategy to support the change. This may result in supply chain interruptions and economic losses.
On the other hand, if the organisation has one sales channel, it is vulnerable to changes or disruptions in that channel. As a result, businesses must carefully consider their digital transformation strategy to reduce risks and smooth the transition.
Moreover, the IoT is one of the most revolutionary technologies that introduce a new set of risks.
According to Marcus Tan, Head of the Cybersecurity Department, Institute for Infocomm Research (I²R), A*STAR, the datasets used by data scientists to train models and the platforms where those models are generated are the primary risk components in analytics.
If these datasets are not of high quality or are not representative of the real-world data that the model will encounter, the model will likely perform poorly. Furthermore, there is a risk of poor performance if the platform on which the model is deployed is incapable of handling the volume or complexity of data that the model will encounter in production.
The world has become hyper-connected, and although this provides many significant benefits to both organisations and individuals, it also comes at a high cost to our privacy and security.
Every nation has already realised that cyber threats are not just a technical problem, they are a fundamental threat that affects almost every part of the new normal.
Cyberattacks are now a frequent occurrence and organisations may be obstructed by these daily attacks and breaches, which have the potential to cost hundreds of millions of dollars in losses.
Cybersecurity experts are continuously looking for novel solutions to address the many issues they confront and stay ahead of the dangers in this dynamic threat environment. Hence, the battleground for cybersecurity has emerged.
One of these issues is the development of artificial intelligence and machine learning, which, although beneficial to cybersecurity, also presents a risk that it will be utilised by hackers to compromise systems and steal important data.
Huang Shaofei, Chief Information Security Officer, SMRT Corporation added that designing software, firmware, hardware and networked systems that collect, transport, combine and analyse data needs efforts on all fronts in this environment. It also requires a new mindset designed to resist unimaginable adversary efforts.
Sean Duca, Vice President, Regional Chief Security Officer Asia Pacific & Japan, Palo Alto Networks believes that applying techniques for incorporating resiliency into a product when faced with a threat is another defence that designers can use.
Adopt a “Zero Trust” mentality, which emphasises constant monitoring and an awareness of the growing importance of data security.
Utilising technology and designing for cybersecurity will probably still fall short. There are too many different attack avenues and attackers never stop being inventive. More education and training are required, as well as greater awareness.
Smart Nation is also required to speed up the process of integrating technology into collective efforts to improve people’s lives. Hence, the entire government must constantly look for ways to improve, innovate, and use digital technology as a multiplier for effectiveness to better serve the public.
In addition, Smart Nation is the future of urban living, leveraging digital technology, data, and design thinking to enhance the efficiency and efficacy of citizen services.
In delivering the closing remarks, Claribel emphasizes that the goal of cybersecurity should not be to increase safety with a single tool. Instead, it should be a multi-layered approach with many different parts to make sure full protection.
“We should not think about the concept of implicit trust rather we should think about the layers of our security and ensure the security of our organisation,” says Claribel.
She encouraged the delegates to reach out to her and her team for their assistance as they provide zero trust and transformation workshops for the public sector which could help their respective agencies in their digital journey.
Mohit highlighted the value of a partnership that comes in its ability to offer a variety of benefits such as learning opportunities, sales opportunities, and growth opportunities. “Collaboration also harnesses the network’s combined expertise to provide outstanding IT services that meet the challenges along with their path to digital transformation.”
He is firmly convinced that having a technology partner can help an organisation scale more quickly, respond more effectively to the rapidly shifting technical landscape, fill in gaps, reduce consumer pain points and boost productivity and security.