Singapore’s IT Security Outlook
Singapore continues to be a role model when it comes to the fight towards cybersecurity readiness in Southeast Asia. The city-state has learned a lot from last year’s SingHealth data breach, that brought Singapore into the stage of renewed cybersecurity renewal. Singapore established bug bounty programs, now in its 3rd edition this year 2019, its leaders are also establishing new policies for “interim” technical measures that will hopefully lessen the attractiveness of the country in future cyber attacks.
Singapore’s public sector is now in full swing with its core project implementation of automated email filtering. When it comes to determining if the email is legitimately safe to open, the use of automated anti-spam and anti-phishing tools is more time-efficient. Of course, humans operating the computers will always be the front liners when it comes to any cybersecurity initiative, hence, massive public sector campaigns through user retraining programs are now being implemented across the city-state’s public sector and government agencies.
The initiative is under the supervision of Teo Chee Hean, a Senior Minister and concurrently a Coordinating Minister for National Security. His agency released initial findings, confirming threats, not only the public sector of the island nation but also against private enterprises. Minister Hean established a committee that will evaluate the progress of various government agencies to be fully compliant to the IT security policy set at the wake of SingHealth incident of 2018.
For Singapore, everything starts from the awareness, readiness, and eagerness of public servants in the area of safe computing habits. Regular IT audits are also in full swing which hopefully will address weaknesses in the public sector’s networks and computers. From the perspective of the Chief Information Officer (CIO)/Chief Information Security Officer (CISO), the move to cloud computing goes beyond “cost reduction measures” and gives control over IT-related assets.
Singapore is no different from the rest of the world, which cannot stop the march of cloud-computing. It is where the trade-off between security/privacy and convenience of accessibility of data is re-evaluated by each organization engaging with cloud-computing platforms. Cloud assumes that the security department will have veto power. It may or may not actually be. However, if you do not give too much veto power, you will make mistakes. For example, even if it is “compliance” (that is, important confidential information that can not be placed in the cloud environment), IT vendors immediately start selling “certified solutions” (in fact, such solutions already exist.)
In Cloud computing, it considers data (that is, confidential information) to be as liquid. We can control the flow of this liquid and let it flow in the desired river. User data is like gas, and behaving like gas is a new concept. The data will spread to fill the area being processed, true but really troublesome for any IT professional trying to secure devices in an organization. The convenience of information processing may be lost due to confidentiality. It is not clear if this fact could be learned from the information security of the past 20 years. If only one method can ensure the necessary convenience, the user is willing to adopt that method, even using a USB memory. To think that data (information) resembles a gas just because users do their own risk assessments related to policy violations. If the important data can be put into the cloud environment and work that leads to the improvement of the convenience of the company can be realized, users who are employees (good or bad) will try to take the risk of putting data into the cloud environment.
Also Read,
Singapore’s Countermeasure in Security Its Financial Sector