The public report by a high-level panel tasked to probe last June's cyber attack on SingHealth, Singapore's worst data breach, has highlighted serious areas of concern. These include staff who fell prey to phishing attacks, weak administrator passwords, not applying a patch that could have stopped the hacking, and an IT cyber-security team that could not even recognise a security incident. To be fair to SingHealth, such failures reflect perhaps the confidence that comes from Singapore's technological abilities. This could easily slip into a "won't happen here" complacency that puts these institutions at risk. Although the Committee of Inquiry's (COI) report is about SingHealth, it applies to other entities as well.
In the attack, hackers stole the personal data of 1.5 million patients and the outpatient prescription details of 160,000 people, including Prime Minister Lee Hsien Loong. The patently political nature of the attack should alert all organisations, but particularly those in the public sector, to the danger of sophisticated cyber incursions that are linked usually to the national agendas and the technological prowess of states. Every organisation in Singapore must see itself as a potential victim of cyber predators who could breach its defences to achieve objectives that are unrelated to the mandate of those organisations. Cyber security is an irreplaceable part today of the alertness that Singapore has displayed traditionally to preserve its core interests.