Will Singapore’s strong emphasis on security be sufficient to safeguard the public’s cyber safety?
Although Singapore have not been directly affected by the plethora of cyber attacks that had impacted the globe through 2017, it still needs to remain on high alert as stealthier breeds of attacks may threaten the privacy and security of the public in the near future.
The recent breaches involving the Ministry of Defence and local universities highlighted the need for continuous efforts to guard against malicious threats. In the first six months of 2017, the Singapore Police Force received 366 cyber crime reports which denotes a 46.4% rise from 250 reported for the same period in 2016.
As a result, cyber security has been a growing concern with agreement from 93% of listed companies involved in the recent 2017 Singapore Board of Directors (BOD) Survey. As malwares continue to reinvent themselves beyond recognition, Singapore needs to remain committed and step up its game to ramp up efforts within cyber security.
Singapore’s first Cybersecurity Bill
Singapore has recently unveiled the first draft of a proposed cybersecurity bill, which aims to provide a framework to monitor and manage the country's cyber security well-being whilst empowering authorities to carry out their functions within prevention, detection, regulation as well as counter measures in the investigation of cyber security threats.
This will allow the Cyber Security Agency (CSA) in Singapore to have greater visibility and authority into how data is used, processed, and stored. The bill would require Critical Information Infrastructures (CIIs) such as financial services to report any cyber incidents to the Commissioner of Cybersecurity, as well as any modifications of system design or security. Notably, privacy laws that keep banks from sharing confidential personal information are overruled by the Cybersecurity Bill, allowing the CSA to access any computer system relevant to an investigation. Lack of compliance can result in fines of up to $100,000 or in extreme cases, up to 10 years imprisonment.
These proposed new laws would ultimately facilitate information sharing across critical sectors and allow CSA to take proactive measures to protect local CIIs as well as swiftly respond to threats and incidents, said Singapore's Ministry of Communications and Information (MCI) and CSA.
The CSA will create its first academy to boost the skills of cyber security professionals in the government sector and Singapore's 11 critical sectors such as banking and finance. Having consulted relevant agencies and taking into account their perspective towards the Bill, it is currently undergoing revisions and is set to be introduced in Parliament in early 2018.
Launch of the Asia-Pacific Regional Information & Analysis Centre by FS-ISAC in Singapore
The Financial Services Information Sharing and Analysis Centre (FS-ISAC) is a global intelligence gathering and sharing initiative for the financial sector, with over 7000 members worldwide. This new centre in Singapore would facilitate the sharing of cyber threat information in a timely manner, and enable a rapid and coordinated response to emerging threats.
The setting up of the regional centre in Singapore demonstrates a growing collaboration to fight cyber crime and currently supports 49 financial institutions across nine Asia Pacific countries namely Australia, India, Japan, Malaysia, New Zealand, Singapore, South Korea, Taiwan and Thailand. It provides 24/7 local and global coverage with information sharing on threats, actionable intelligence, as well as tools and resources to respond to incidents. Members also benefit from regional meetings, regionally-focused monthly threat calls, webinars on hot topics, cyber security training and summits.
To meet the growing need for talent within cyber security, FS-ISAC had signed a memorandum of understanding with Temasek Polytechnic to provide internship opportunities for the Polytechnic’s students. Partnerships with tertiary institutions will enable the younger talent to be groomed for the demands of the workforce in the sector as these students would be given a hands-on opportunity to tackle real world cyber threats to build up their skills within cyber security.
What can we expect from the sector?
Although the primary objective of a cyber security push is to safeguard Singapore against cyber attacks, it also results in potential economic benefits. Cyber security expenditures had hit US$75 billion globally last year, and is expected to cross US$100 billion mark by 2020. Locally, the cyber security market is expected to generate 2,500 jobs by 2018, and reach S$900 million in terms of market share by 2020.
Singapore’s overall vision, goal and priority within the online space is based on four pillars: Building a resilient infrastructure; creating a safer cyber space; developing a vibrant cyber security ecosystem; and strengthening international partnerships which would be an ongoing commitment for the coming years to support the city-state’s smart nation initiatives. As we grow in our reliance towards information technology, there is an even greater need for cyber security. It is thus essential for businesses and financial institutions to realise how cyber security is vital to their operations, and to the protection of our infrastructure systems.
In addition, with an increase of banking regulations, financial institutions are also looking to strengthen their systems to accommodate these new requirements whilst building up their trade surveillance systems. This would update infrastructure systems to cater for network security, data leakage protection, perimeter and endpoint security and access management in particular. Although there is access to a relatively good talent pool within the above mentioned areas, excluding tool or security product specialists, there is still many more generalists as compared to those who specialise within certain product sets. This will create a competition for talent as banks which are going on their digital journey have also increased their hiring for professionals experienced in application security testing, penetration testing and ethical hacking as well as those within DevOps security.
Commercial, technology and financial institutions alike have been building up their security teams in the recent years and have been actively hiring the following – Cyber Security Managers, Cyber Security Risk Officers, Security Operations Analysts and Engineers, Threat and Incident Response Analysts. This competition for talent will in turn create an upward pressure on salaries as well.
Finally, the ability to groom the younger generation to meet the shortage of skills within the sector would be key to ensure Singapore’s online community is safe from cyber attacks. According to ISACA, the cyber security skills shortage is projected to reach 2 million unfilled positions by 2019. If you would like to find out more about what other organisations are planning to do or perhaps get a competitive edge by connecting with the limited talent available in the market, do connect with April Jimenez or follow us on LinkedIn for other relevant insights.
Source: zd.net, The Straits Times, Channel News Asia, CSO Online, Open Gov, The New Paper.