Forum: Hold vendors to same high cyber security standards, or they may become weakest link
Sign up now: Get ST's newsletters delivered to your inbox
Follow topic:
I read with concern the recent news that DBS and Bank of China (Singapore) customers had their personal data stolen in a ransomware attack targeting a printing vendor ( More than 11,000 DBS, Bank of China customers’ information compromised after data attack on vendor,
While it is reassuring that customer accounts and login details were not compromised, this incident reminds us that cyber security is not only about protecting our own systems, but also about ensuring our partners do the same.
In this case, the breach did not happen within the banks themselves. It occurred at Toppan Next Tech, a third-party vendor tasked with printing customer letters and statements. The data stolen reportedly includes names, addresses, and in some cases, account information. Such data can be exploited in phishing attacks or identity theft, especially when combined with other online sources.
The banks were quick to clarify that their systems were unaffected, but as members of the public, we might ask: Shouldn’t the banks be responsible for ensuring their vendors are just as secure?
Many businesses today rely on external vendors for printing, cloud storage, or customer support. However, if these vendors are not held to the same cyber security standards, they may become the weakest link in the chain. In the cyber security industry, this is often referred to as “third-party risk”.
Cyberattacks are growing in both frequency and impact, and it is commendable that the Cyber Security Agency and Monetary Authority of Singapore are taking this incident seriously.
But moving forward, we must shift from a mindset of “reacting to incidents” to “preventing them through stronger oversight”, especially where customer data is involved.
Trust is hard-earned, and in the digital world, it’s built not just on what companies do themselves, but also on whom they choose to trust.
Zulkifli Jalil
