Written by Staff Writer.
ISACA Singapore Chapter’s flagship annual conference returned for its 9th edition at Marina Bay Sands in Singapore on Sept 15th 2022. The 300 event attendees were addressed by notable leaders and speakers that included:
- Guest of Honor Mr Tan Kiat How, Senior Minister of State for Ministry of Communications and Information and Ministry of National Development
- Keynote speaker Mr Dan Yock Hau, Assistant Chief Executive, National Cyber Resilience, Cyber Security Agency of Singapore
- Keynote speaker Mr Leon Chang, Assistant Chief Executive, Cyber Defence Group & Chief Risk Office, Integrated Health Information Systems (IHiS)
Centered around the theme – RESILIENCE BY DESIGN: securing digital trust in the next normal, the event delved into today’s challenges in deploying cyber security, global practices for achieving resilience, and strategies for securing digital trust for organization.
The event is timely, coming a day after the head of the World Health Organisation said that the end of the covid-19 pandemic is in sight.
While the pandemic had accelerated digitalisations such as remote working and enterprise cloud adoption, the end of pandemic reveals that many of these transformations are being fully embraced. One obvious example is the hybrid-work model, which is now becoming a popular working arrangement.
In this “next normal” where we grow more reliant on technologies, threat actors have also increased their attacks in the cyber space.
For example, the “Singapore Cyber Landscape 2021” [1] published by the Cyber Security Agency of Singapore (CSA) noted a 54% in ransomware attacks compared to the previous year.
There were also increases in other key cyber malicious activities – phishing (17%), malicious Command and Control (C&C) Servers & Botnet Drones (more than 300%), cybercrime (38%).
In many cases, these cyber incidents led to exfiltration of sensitive corporate and government information, and personal information. Often, for the victim, the result is a painful assessment of whether to continue trusting the organisation’s ability to safeguard their data.
In this “next normal” of increased interactions in the cyber space, what does trust mean, and how do we secure it?
Here are some highlights by the guest-of-honor (GOH) and keynote speakers.
Digital Trust
“With our personal information stored around the world, trust is important,” said Mr Tan Kiat How in his GOH address.
“Trust is a precious commodity enabling society to stay together”, and “applies not just in the physical realm but also in the cyber realm world”, and “during the covid pandemic and after the pandemic”, he stressed.
Referencing the example of Log4j where a “trusted” single open-source component was discovered to contain vulnerabilities that could cause wide-spread damage, Mr Tan cautioned that “trust can be easily undermined, and cannot be taken for granted.”
Building on the theme of trust in the digital world, Pamela Nigro (Chair ISACA Board of Directors; Vice President-security, Medecision) introduced the term “digital trust” in her keynote.
“Trust is assured reliance on the character, ability, strength, or truth of someone or something,” she noted. And “digital trust focuses on how trust manifests in a digital context.”
“Digital trust is behind every online exchange,” she explained, and is “a major driver when consumers and enterprises are deciding with whom they want to conduct business”.
However, there are implications beyond the commercial.
According to the Health Insurance Portability and Accountability Act (HIPAA) Journal, healthcare has seen a major rise in data breaches, over 500 in 2021. Mr Leon Chang pointed out that the impact extended beyond financial or reputational losses to patient safety.
Programs, initiatives, recommendations
For sure, in today’s digital world that we live in, it is nothing without trust.
Building and sustaining that trust, “so that our society can keep the faith and enjoy the full benefits of technology,” is an important consideration, as Mr. Tan stressed in his address.
So what are some practical steps towards building resilience to “securing digital trust”?
Mr Dan Yock Hau highlighted a few programs and initiatives launched by CSA.
One is the “Cybersecurity Labelling Scheme” (CLS), which is aligned to the European Standard EN 303 645 ‘Cyber Security for Consumer Internet of Things: Baseline Requirements’ in assigning cybersecurity rating levels to registered smart devices. [2]
Another is “The Cyber Essentials” mark, which is a cybersecurity certification for SMEs embarking on their cybersecurity journey [3].
Besides these technical aspects, Mr Dan also reminded the delegates of other key aspects that are crucial to building resilience (such as managing the “people are the weakest link” risk, adopting best practices such as security-by-design).
Similarly, Mr Leon Chang also underlined that the solution is not only technology– people, process and gaining senior management and board support form part of the resilience framework.
Most importantly, he also urged us to take heed of potential attacks and act on our strengthening resilience journey to protect against breaches not as a matter of if or when but rather “why not now?”
In closing, Mr Leon Chang also gave an analogy of treading water, which requires many parts of our body all coming together to stay afloat. This is akin to resiliency, where many parts of the organisation need to come together and continuously tread the ‘resiliency water’ so that we can stay afloat.
Indeed, the threat landscape that we face today is not only one of increasing number of cyber incidents, but also one of cyber threat actors with rising sophistication and stealth.
Coupled with the continued digital transformations, building resilience, and securing digital trust in the next normal is arguably more urgent than ever.
[1] Cyber Security Agency of Singapore, “Singapore Cyber Landscape 2021”, https://www.csa.gov.sg/News/Publications/singapore-cyber-landscape-2021
[2] The rating (four levels representing the extent to which the product has been tested and assessed) is intended to help consumers easily assess the level of security offered and make informed purchasing decision.
[3] Particularly, for SMEs with limited IT and/or cybersecurity expertise and resources, the Cyber Essentials mark aims to enable them to prioritise the cybersecurity measures needed to safeguard their systems and operations from common cyber-attacks. It also serves to recognise the organisations that have put in place good cyber hygiene measures.