Four cybersecurity risks to look out for
Explained: Trends in public service digital tools and how to mitigate their security risks.
Image: Changi Airport, Facebook page.
As governments go digital, there is an increasing threat of cyber attacks. Different technologies carry different risks and require different strategies. Here are four technologies to look out for, their associated risks and how to minimise them.
1. Biometric security risks
In October 2018, the Singapore government launched a SingPass mobile app, allowing users to use fingerprint and facial ID for authentication. Biometric controls have proven effective in consumer devices, and attackers will increasingly target this channel to gather massive amounts of biometric information.
Instead of building a wall around these data, governments should look at giving individuals more control over their biometric information.
This can be done by storing biometric information on users themselves - using cards and security tokens - and not in central databases to reduce the risk of data loss and cross-linking across systems. In ensuring the privacy of its citizens, these data should not be processed beyond what is necessary.
2. Official social media accounts hack
Social media platforms are quickly emerging as one of the top pathways for a government to communicate with its citizens. While social media allows for the rapid dissemination of critical information, it can also spread misinformation quickly.
Last year, the Hawaiian government sent a false missile alert through text messages, sending citizens into a widespread panic. Just months after, Japanese broadcaster, NHK did the same thing. These mishaps provide a glimpse of how attackers could hack into official social accounts to spread chaos.
Just recently, there was a security lapse on Whatsapp, leaving users vulnerable to having malicious spyware installed on their phones without their knowledge. And in May, Instagram suffered a security breach, which left the data of 49 million users exposed.
These are warning signs that social media companies are not quite as safe and secure as they should be. Given the amount of information they hold and the impact that they can create, it is critical for agencies to practise good personal cybersecurity hygiene.
3. Cloud vulnerabilities
As government agencies move to the cloud, security is expected to be embedded into it. But with cloud computing, there are multiple moving parts, and organisations must realise they cannot monitor everything.
While security can be designed into the cloud, mismanaged credentials or insider theft are ever-present risks. This is where privileged access management comes in, according to Budiman Tsjin, ASEAN Solutions Engineering Manager from CyberArk. He says accounts holding valuable information and access should take priority to be monitored and locked down first.
4. Securing supply chains with blockchain
The ability to track and trace where an object is in a supply chain is vital in government purchases to ensure transparency. And the distributed nature of blockchain makes it well suited to validate every step in the procurement process.
Governments in Seoul to Peru are already using blockchain in the procurement process to stamp out corruption and improve public transparency. Cyber hackers are aware of this and are increasing attacks higher up in the supply chain. While ledgers are secured cryptographically, accounts with access to these encryption keys need to be guarded too.
The cybersecurity threat landscape is becoming more complex, making it harder for governments to defend against it. But with the right strategies for these technologies, risks can be mitigated.