More can be done to boost cyber security for S’pore businesses: Josephine Teo

A recent survey found gaps in the cyber-security preparedness of local organisations. ST PHOTO: AZMI ATHNI
Timothy Goh
Updated
Mar 20, 2024, 08:08 PM
Published
Mar 20, 2024, 01:20 PM

SINGAPORE - More can be done to improve cyber security for Singapore’s companies and organisations, said Minister for Communications and Information Josephine Teo. 

Beyond strengthening digital infrastructure like cloud services and data centres, the cyber security of Singapore’s companies is important as it provides services that people use and defines their online experiences, she added. 

Mrs Teo was speaking at a conference organised by Temasek-backed cyber-security firm Istari on March 20.

Her remarks came on the back of a recent survey by the Cyber Security Agency of Singapore (CSA), which found gaps in the cyber-security preparedness of local organisations. The survey, which covered more than 2,000 entities across 23 industries and seven charity sectors, found that the majority of these organisations had encountered at least one cyber incident in the year prior to being surveyed, such as ransomware attempts.

The survey queried organisations on the cyber-security measures they have adopted in five areas, such as using secure configuration settings for hardware and software, controlling access to data and services, and updating software on devices and systems. 

In each of the five areas, organisations on average adopted about 70 per cent of essential measures. While the adoption rate is “reasonably encouraging”, CSA believes that partial adoption of the measures is inadequate, Mrs Teo noted. 

She added: “Unless all these essential measures are adopted, the organisations are still exposed to unnecessary cyber risks.”  

In CSA’s view, the “passing mark” should be set high enough to give assurance to the company’s stakeholders, such as employees and customers. “This means adopting the package of essential measures in all five categories,” she said. 

“There is much room for improvement as only a third of organisations surveyed adopted all measures in at least three categories,” she added. 

The survey’s findings, which will be fully disclosed next week, revealed that small and medium-sized enterprises fared better in some categories compared with others. 

For example, SMEs have high adoption rates – more than 70 per cent – in essential measures related to software updates and incident responses. But they are struggling in virus and malware protection and access control, where the adoption rate was well below 20 per cent. 

The survey also found that almost 60 per cent of businesses and non-profit organisations reported a lack of knowledge or experience to implement cyber security effectively. This finding is “not at all surprising”, Mrs Teo said, adding that cyber risks have increased and continue to evolve quickly.

“This has contributed to the shortfall in cyber professionals; even the most sophisticated organisations struggle to keep up,” she said. “It was therefore reassuring that 75 per cent of organisations surveyed were at least aware of the need for cyber security.”

Mrs Teo said that she hopes the survey findings will help to motivate organisations to progress from awareness to taking concrete actions, so that they can minimally “pass” by adopting all the essential cyber measures.

Her remarks came after the announcement during the annual debate on the Ministry of Communications and Information’s budget on March 1 that the five-year-old Cybersecurity Act, which establishes a framework for overseeing and maintaining national cyber security, will be expanded to include foundational digital infrastructure like cloud services and data centres. 

More On This Topic
New law mooted to minimise digital service disruptions due to cloud, data centre outages
Cloud, data centre operators in S'pore to come under proposed amended Cybersecurity Act

It was also announced then that the ministry is exploring the introduction of a new Digital Infrastructure Act, which comes on the back of recent outages in the banking and healthcare sectors that MPs said have dented public confidence.

At the cyber-security conference on March 20, Mrs Teo provided updates on the CyberSG Talent, Innovation and Growth Plan, or the TIG Plan. Announced in September 2023, the plan seeks to boost the Republic’s cyber-security talent and industry development efforts.

Mrs Teo said CSA, Singapore Management University and Istari will be collaborating on the third run of the Cybersecurity Strategic Leadership Programme. CSA has conducted two runs of the programme since 2022, with 46 C-suite participants successfully completing it.

She also announced that the TIG centre, a $20 million collaboration between the National University of Singapore (NUS) and CSA, will be leading a delegation of Singapore cyber-security companies to London in June to understand common cyber-security problems to be solved, build connections and broaden their business reach.

“Businesses keen on exploring opportunities to enter the United Kingdom or other foreign markets should keep an eye out for applications opening in the coming weeks,” she said.

The one-day cyber-security conference, held at Capella Singapore, had more than 20 speakers discussing topics like protection against terrorist cyber attacks and risk governance. 

The conference was attended by more than 200 participants, and speakers included NUS Middle East Institute chairman and former diplomat Bilahari Kausikan and Ukraine Deputy Minister of Digital Transformation George Dubynskyi.

More On This Topic
S’pore to host and fund Asean emergency response team to combat regional cyber threats
Cyber-security workforce to be beefed up as AI threats mount

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top