We are creating some awesome events for you. Kindly bear with us.

Cybersecurity – a constant in the ever evolving digital landscape

Cybersecurity is a very present threat in today’s digital landscape. Governments, financial institutions and organisations alike are victims of it. While organisations are constantly finding protective measures around it, the threats remain and evolve.

This was the topic at Kaspersky’s insight session: “The State of Enterprise Security in Singapore”.

Senior executives of Kasperksy shared their learnings and case studies of cyberattacks that have been detected, apprehended and resolved.

Stephan Neumeier, Managing Director, APAC and Japan, Kaspersky opened the discussion session with a quick summary of how real the threat of cybersecurity is.

Though Singapore is viewed in the region as being highly advanced in infrastructure and cybersecurity protection, it has been the victim if several attacks that have penetrated the considerable security layers it deploys.

Some better-known examples he cited were the hack on SingHealth and the leak of information of HIV patients.

Being in a financial hub within the region, Neumeier added that there is an increasing demand from financial institutions to boost the security of systems, applications and services.

Yeo Siang Tiong, General Manager, South East Asia at Kaspersky went into details of the relevance of cybersecurity threats in Singapore.

As a highly digitised economy, Singapore is investing deeply into cyber protective measures as a sixth pillar of defence.

Cyber security is such a sensitive and expensive issue that insurance companies have launched cybersecurity offerings – a major indicator of the prevalence of cybersecurity threats.

Yeo shared findings from Kaspersky’s “B2B IT Security 2018” report which covered 31 countries and had responses from 155 enterprises in Singapore.

While close to 42% of enterprises in Singapore experienced malware infection of company-owned devices, over 38% experienced electronic leakage (e.g. personal  and / or company data) from internal systems.

Over half of respondents indicated that it is becoming increasingly difficult to tell if the attack is generic and 42.6% said that they lack sufficient intelligence on threats faced by their businesses.

Over 40% of these enterprises expects a 10% – 29% increase in their IT security budget over the next three years.

Yeo talked about various causes of cyberattack incidents which included viruses/malware/trojans on computers and mobile devices, phishing attacks and social engineering, DDoS attacks, crypto-malware (hijack of devices)/malware and careless or uninformed employees

He mentioned that such attacks and loss of information result in serious financial, legal and reputational consequences for organisations.

Yeo shared of how in the past, the notion of cybersecurity was basically anti-viruses on PCs. Today, organisation understand that cybersecurity is data protection and much more.

He added that growing investments on cybersecurity such as network detection, threat intelligence capabilities, and additional training of personnel must be expected and planned for.

Vitaly Kamluk, Director, Global Research & Analysis Team, APAC, Kaspersky talked about targeted attacks in Singapore.

He made a comparison to Chernobyl and explained that just like how despite the Chernobyl incident occurring almost 30 years ago and there still being traces of radiation around, attacks to cybersecurity is a constant threat that organisations will face.

Kamluk laid out future manifestations of cybersecurity attacks:

  1. Cyber-physical attacks: Cyber threats converted into real-physical threats
  2. IoT Swarms: Gadgets with lack of regular updates and security controls are ticking bombs before hackers discover the vulnerabilities of these devices eg. Air-conditioners
  3. Targeted lockdowns: Hacking of software systems of companies, such as the ones which deal with heavy machinery, resulting in the lockdown and paralysis of the machinery systems
  4. Invisible threats: Attackers are constantly trying to move into the shadows and attack from places which are least expected or hardest to track eg. Hard drives
  5. Supply chain attacks
  6. Deploying a Trojan in the heart of an enterprise

Kamluk went into a case study on supply chain attacks which Kaspersky had handled, “ASUSforceupdate”, a mystery update.

On installing it, the update report showed that the device was clean of malicious attacks but in reality, had infected their systems. It spiralled into more companies being hacked – from gaming to pharmaceutical companies.

With the MAC address of the organisation’s device within the system, he explained, the organisation was likely to be targeted by the attacker.

Another case study he cited on the deployment of virus through a programme was an organisation using Microsoft’s VisualStudio that had failed to recognise an invalid digital signature prompt. As a result, the hackers had gained access to the programme.

Such a hacks mean that there will always be a backdoor for hackers to get through secure channels and inject malicious viruses as they are already embedded in the programme.

He concluded his segment on points of advice that organisations should adhere to:

  • Ask developer about secure development lifecycle- a trustworthy developer would know about it
  • Validating software before installing it
  • Do not rely on reputable names for services
  • Do not blindly trust digital signatures
  • Implementing additional security controls

Kamluk said, “The only thing worse than being breached is to ignore it is coming”.

When OpenGov asked Yeo on how cybersecurity must be constantly evolving to counter evolving methods of hackers, he said “Organisations have to constantly adapt themselves around their framework as cybersecurity is a constant threat which will continue to exist in the atmosphere.”

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

CTC Global Singapore, a premier end-to-end IT solutions provider, is a fully owned subsidiary of ITOCHU Techno-Solutions Corporation (CTC) and ITOCHU Corporation.

Since 1972, CTC has established itself as one of the country’s top IT solutions providers. With 50 years of experience, headed by an experienced management team and staffed by over 200 qualified IT professionals, we support organizations with integrated IT solutions expertise in Autonomous IT, Cyber Security, Digital Transformation, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Well-known for our strengths in system integration and consultation, CTC Global proves to be the preferred IT outsourcing destination for organizations all over Singapore today.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.

Send this to a friend