In June 2021, hackers posted the data of 700 million LinkedIn users on the dark web for sale. In August, an insurance firm in Singapore suffered from a ransomware attack; and in October, a healthcare platform was breached and patients’ personal data was compromised.
These attacks were examples given by Minister of State for Communications and Information, Mr Tan Kiat How highlighting the growing risk of cyber threats. “Digitalisation presents tremendous opportunities, but also significantly increases our cybersecurity risk,” said Tan.
Mr Tan was speaking at the launch of the Cyber Security Agency of Singapore’s (CSA) new cybersecurity certification programme – Cyber Trust and Cyber Essentials marks – on 29 March 2022.
Cyber Essentials is targeted towards small and medium enterprises that have put in place cyber hygiene measures and aims to help such enterprises prioritise the baseline cybersecurity measures needed to safeguard their systems and operations from common cyber attacks.
As an Advocate Partner in the CSA’s SG Cyber Safe Partnership Programme, Huawei’s cloud security services can help Singapore enterprises to digitalise securely.
Huawei enabling enterprises in their certification journey towards CSA’s Cyber Essentials mark
“Today it is typical for an organization transiting to cloud as part of their digitalisation journey. Moving business onto the cloud can help organisations to work more efficiently and also facilitate quick Go-to-Market. But on the other end they may encounter potential threats if they are not well prepared for this shift,” said Dennis Chan, Huawei’s Country Cybersecurity & Privacy Officer in Singapore. “It’s important to ensure that organisations are using high availability cloud services with a high level of cybersecurity.”
Last year Huawei launched its Product Security Baseline to share on best practices in managing cybersecurity; hence enterprises including SMBs can subscribe to a wide variety of security services on Huawei Cloud to improve their cybersecurity posture, Dennis highlighted.
Huawei Cloud offers a basic suite of security features such as asset management, protection via multi-factor authentication and ensuring cloud resources are having the latest update. Huawei Cloud also offers other value-add services such as antivirus, anti-DDOS, malware detection, etc.
In addition, Huawei Cloud also uses advanced technologies like AI and Machine Learning to assist and automate on identifying and analysing potential security risks.
Taking into account the differing profiles of enterprises, including their operational needs and exposure to security risk, Huawei will work with its business partners to advise its customers on suitable cybersecurity measures and also encourage them to attain CSA’s Cyber Essentials mark.
“We are glad to play a part to promote not just awareness but also readiness for cybersecurity for the business community, and given us the opportunity to collaborate closely with CSA to baseline our cloud security with CSA’s Cyber Essentials, helping enterprises on their certification,” Dennis shared.
“CSA is delighted to work with our SG Cyber Safe partners such as Huawei to raise awareness and encourage adoption of cybersecurity practices. Cybersecurity is a team sport and public-private sector collaborations will be key to helping Singapore enterprises benefit from digitalisation securely,” said Ms Veronica Tan, Director of Safer Cyberspace Division, CSA.
Building a cyber safe Singapore together with CSA
The CSA’s certification programme will validate if the organisation has adopted a satisfactory level of cybersecurity measures. There are two certification marks catering to the different sizes and needs of organisations.
Cyber Essentials mark is targeted at small and medium enterprises with limited resources and budget, or which are just starting out on their digitalisation journey. It establishes five priority areas for organisations to focus on. which include backing up their data, having an incident response plan, and regular software updates. The certification process will involve desktop review and verification of the enterprise’s self-assessment by an independent assessor from the appointed certification body. Cyber Essentials certification will be valid for two years.
The Cyber Trust mark is catered for larger or more digitalised organisations that are at higher risk of cyber attacks. Certification is split into five tiers. Organisations can determine which tier to apply for based on their cyber risk level. The Cyber Trust certification is valid for three years, with a yearly audit required.
For instance, organisations that rely extensively on digital in their operations will need more stringent measures. As such, they can apply for a higher tier, which will require them to put in place more measures. This guides organisations to adopt cybersecurity practices that are best suited for them, without over investing in unnecessary resources. It also lays a pathway for organisations to eventually achieve international cybersecurity standards.