Building a country's digital defence

By CyberArk

National threats are taking on a new form. How can governments raise their digital barricades?

You wouldn’t head into a machine gun battle wielding a wooden medieval shield.

Unfortunately the cyberwarfare space is constantly evolving with defences falling out of date within months. And governments must constantly be up to date or risk a catastrophic hack.

Experts from security firm CyberArk uncover the threats pressing in on Singapore’s digital frontlines, and explain what the government can do to reinforce their cyber barricades.

Digital threats in Singapore

Last year, Singapore introduced Digital Defence as a new pillar in its national defence strategy. Minister for Communications and Information and Minister-in-Charge of Cybersecurity, S Iswaran, highlighted cyber attacks and online scams as prominent threats Singapore needs to guard against.

Aside from the high profile breach of major public healthcare system SingHealth, cybercriminals have targeted other institutions with critical information. Over the last six years, ministries for foreign affairs and defense, as well as top universities in Singapore, have fallen victim to cyber attacks, reported Today.

As a centre of cutting-edge research, Singapore should expect such malicious attacks to increase. “Covid-19 has for example taught us to expect cyber attacks against medical institutions – some have been opportunistic ransomware attacks, but others appear to have been aimed at exfiltrating cutting edge research such as biomedical data and data related to vaccine development,” wrote Dr Shashi Jayakumar, Head of the Centre of Excellence for National Security at the S. Rajaratnam School of International Studies.

Online scams are another threat Singapore needs to watch out for. In 2019, the Cyber Security Agency of Singapore (CSA) discovered 200 per cent more phishing URLs, which mimic official websites to steal personal information from users, than in 2018, according to its recent cyber landscape report. Victims lost a total of S$2.3 million (US$1.68 million) to e-commerce scams last year, the top cybercrime concern in Singapore, the report stated.

The danger with digital

The insidious nature of cyber threats can make them even more difficult to guard against. Hackers often sneak into networks and remain undetected until they cause major damage, said Minister Iswaran. Phishing techniques are also becoming more sophisticated, as scammers use social engineering techniques to exploit vulnerabilities in human nature, wrote CSA’s Singapore Cyber Landscape 2019 report.

On top of this, Singapore’s Smart Nation vision will make digital defence even more crucial. “The very connectivity that we rely on for economic growth and efficient public services, also leaves us vulnerable to threats from the digital domain,” said Minister Iswaran. CSA CEO David Koh has said that “we can’t be a Smart Nation that is trusted and resilient if our systems are open and vulnerable”.

Singapore’s digital defence strategy centers around its people. CSA launched a new SG Cyber Talent initiative this year, which will both nurture promising cybersecurity talents in the next generation and boost the skills of current professionals.

Singapore has been teaching cyber skills to its public servants through simulation training programmes and workshops. Since 2017, CSA has been conducting cyber crisis management exercises to prepare critical infrastructure leaders to respond to a cyber attack. Such exercises are important in strengthening and coordinating responses across the public sector, CEO Koh told The Straits Times.

Shields up

While good cyber hygiene skills can help governments sidestep some attacks, the more crucial thing to do is to limit the hackers’ damage radius once they enter the network. After all, it’s “nearly impossible” to stop hackers from infiltrating a network, said June Tay, District Sales Manager, Public Sector at CyberArk.

CyberArk’s privileged access management tool offers a solution to these inevitable attacks. It allows security teams to easily revise the level of access of both human and machine user accounts. This means that once an account is compromised, IT teams can cut off its access to critical information and limit the amount of damage the hacker can deal.

Their solution also allows security teams to automatically identify and isolate compromised sections in the network, so data stored in other areas within the network remains secure.

In a war against cyber, cyber knowhow and helpful software tools are essential to ensuring that critical data remains safe out of hackers’ reach. To find out more about CyberArk’s privileged access security solution, click here.

Join us on 18th August, 10AM SGT to hear from cyber experts how governments can build security in a cloud-first world. CyberArk will discuss how to secure cloud workloads with privileged access management. Register here today.