Building a secure Singapore from the ground up

Oleh Annabel Lee

Annabel Lee, Director of Digital Policy (APJ) and ASEAN Public Policy at Amazon Web Services (AWS), says that a focus on fundamentals will drive the success of Singapore’s cybersecurity posture.

The overall cybersecurity posture of Singapore will depend on public-private partnerships to make cybersecurity accessible and nurture a security culture. Image: Canva

A defining maxim of the UK’s National Cybersecurity Centre is that “Security that doesn't work for people, doesn't work”, and at AWS, we couldn’t agree more. There are few areas of modern life that aren’t touched by cybersecurity in some way, and as digitalisation progresses this is going to become even more pronounced over time.

 

According to the Singapore Cybersecurity Health Report 2023 published by the Cyber Security Agency of Singapore earlier this year, 99 per cent of organisations in Singapore which encountered a cybersecurity incident reported that they suffered a business impact.

 

In today’s digitalised world, organisations need to focus on building a strong foundation of digital technologies that have security at its core. This will allow organisations, irrespective of their size, to take full advantage of  digital transformation and focus on increasing their productivity in a secure environment.

 

To subscribe to the GovInsider bulletin click here.

Making cybersecurity understandable

 

Across the world, and certainly in Singapore, pessimistic cybersecurity statistics leave many organisations feeling overwhelmed. Language surrounding “sophisticated cyber-attacks" can leave smaller entities with an overwhelming sense of helplessness when it comes to managing cyber risks.

 

Industry needs to shift away from alarmist and overly technical security rhetoric to help small entities and individuals feel empowered to manage their cyber risks effectively. Small and medium-sized businesses need to be inspired to access the full security and performance benefits of modern technologies and not discouraged from making the move.

 

The government can also play an important role in leading this change. By choosing to use measured and less technical language with minimal jargon when talking about cybersecurity,  the government and industry can make cybersecurity more accessible, achievable, and empowering across Singapore’s economy.

Simple solutions for secure foundations

 

Incorporating security as a “business as usual” activity allows organisations and their employees to innovate safely and quickly. Moving to the cloud automatically puts in place some of the most effective security fundamentals.

 
Amazon Web Services' Director of Digital Policy (APJ) and ASEAN Public Policy at Amazon Web Services, Annabel Lee, shares her perspectives on embedding a security culture in the workplace. Image: Annabel Lee via LinkedIn

Through the shared responsibility model for security, we take on the security of the cloud – we develop, deploy, and maintain the infrastructure that supports digital service development.

 

AWS’s core infrastructure is built to satisfy the security requirements for military users, global banks, and other organisations with high security requirements. All customers using AWS can take advantage of this and build applications that meet the highest security requirements.

 

By building on top of that secure infrastructure, AWS customers can take charge of managing the security of their own applications and data. This is where good digital practices by individual customers and businesses are crucial to maintaining strong security foundations.

 

For businesses, building security into the workflow is crucial. Embedding a security culture into the organisation ensures that growth and the ability to innovate can continue securely.

 

For individuals, this means protecting your accounts and data by maintaining strong password practices; activating multi-factor authentication (MFA); and not reusing passwords. These are simple, practical measures that can be done now by everyone to effectively increase their protection against cyber threats.

Automating good security

 

For organisations, working in the cloud also comes with the huge security benefits of visibility and automation. One cannot protect against threats that one does not see, making visibility essential to effective security.

 

Automation, especially when powered by artificial intelligence (AI), takes business-as-usual security tasks off the plates of employees and allows security teams to spend their limited time on the highest value security tasks.

 

For example, instead of conducting periodic cybersecurity reviews, AWS sees a future where more organisations will shift to continuous automated cybersecurity assessments.

 

This will create an environment where organisations can understand their security status in real-time. It will also make it easier to take cybersecurity decisions earlier in the development of business processes and digital products. 

 

By automating security steps such as incident response and recovery, organisations can shift the primary focus of security teams from reacting to incidents to analysing the overall security of the organisation, and proactively improving it.

 

This is a simple and actionable way for businesses and governments to respond to the global shortage of security professionals which is affecting small and medium businesses most keenly.

 

To subscribe to the GovInsider bulletin click here.

Drive awareness and education

 

AWS believes that cybersecurity is a feature of modern life, and having a cybersecurity literate society and broader workforce is important for reducing risks over time.

 

To help achieve this, AWS has trained more than 400,000 people in Singapore on cloud skills since 2017. This is ongoing work and with the rapid adoption of cloud-enabled technologies, even more can be done to upskill the workforce at scale.

 

Under AWS’ recently announced AI Spring initiative, AWS is working with the Institute of Technical Education (ITE) to incorporate AI education into ITE’s curriculum, with an aim to train 5,000 individuals across these learning institutions on AI skills yearly from 2024-2026.

 

Ngee Ann Polytechnic is working with Singapore’s Infocomm Media Development Authority (IMDA) as a Training Partner to reskill 18,000 people in tech roles over the next three years. In January 2024, Ngee Ann Polytechnic unveiled its Gen.AI Hub, established with AWS to help students explore the possibilities of generative AI, learn critical AI and cloud computing skills, and showcase their AI innovations.

 

Collaboration between industry and government will be crucial to continuing to expand access to cybersecurity education for Singaporeans.

 

We believe cybersecurity education and awareness should be considered as foundational – a core part of everyday life. And it is through collaboration, program development, and ongoing skills training, that we can realise a more secure future for Singapore together.

 

Annabel Lee leads Amazon Web Services’ (AWS) public policy work on Digital issues for APJ. She has deep subject matter expertise on digital policy issues, including data protection, privacy, cybersecurity and emerging technology, from both the industry and government perspectives.

 

This piece was produced in partnership with Amazon Web Services (AWS).