View from industry: Singapore’s internet policy

As Singapore blocks internet on all government devices, we reached out to a leading industry figure to see how it compares. Tony Jarvis is Chief Strategist on Threat Prevention at Check Point, a global cyber security specialist.

What does he make of the policy - and how can government make it work?

Is banning internet the right approach to securing government?

There is no right or wrong approach around banning the Internet. At first glance, the decision to ban Internet access might seem extreme.

However, it is important to note that this decision will have been made after careful review, taking into consideration a number of factors. For example, removing access to the Internet will bring with it the benefit of reducing exposure to many threats.

Unfortunately, this comes at the expense of the productivity and effectiveness of the organisation and its employees. These are policy decisions made by organisations, in this case, the government, and we are certain that they have considered multiple aspects.

This particular case highlights the ongoing challenge organisations have remaining secure in a connected world. 

What advice would you provide to manage digital risks?

There are three pillars to any successful security program: people, processes and technology. Training users in proper cyber hygiene is a good first step.

Having robust procedures in place to manage risk is another step in the right direction. These should ideally leverage best practices where available. Technology allows policies to be enforced and protections to be automated.

Not all technologies are created equal, so it is important to identify what risks an organisation is exposed to, and what technologies are best suited to providing the required protections.

How can governments secure infrastructure without endangering productivity and innovation?

The best way of achieving this would be with a solution that provides users with the flexibility they have grown accustomed to, while at the same time keeping the organisation secured.

Today's advanced threats are constantly changing, and traditional defences based on signatures were never designed to protect against these dangers.

These protections are still necessary, but should be viewed as elements of a multi-layered approach to security. Solutions that are able to identify malicious behaviour in files that have never been seen before are a necessity today.

Most security vendors allow threats into the network and then begin the process of evaluating their behaviour. Once a suspicious activity is identified, it can often be too late.

With Check Point, threats can be kept at bay by providing users with cleaned versions of documents while evaluation takes place in the background.

This ensures productivity is not impacted, and the organisation is kept secure at all times. Image by Xiaobin Liu, used under CC BY-SA 2.0