Use behavioural analytics and leadership oversight to bolster cyber defence: Experts

Mr Nadav Zafrir (left) from Team 8 and Mr Keith Alexander from IronNet Cybersecurity commented on Singapore's response to last year's data breach on SingHealth, the country's worst cyber attack ever.
Mr Nadav Zafrir (left) from Team 8 and Mr Keith Alexander from IronNet Cybersecurity commented on Singapore's response to last year's data breach on SingHealth, the country's worst cyber attack ever. ST PHOTO: KHALID BABA

SINGAPORE - Countries around the world, including Singapore, need to do better in cyber security by using behavioural analytics and having leaders take ownership of it, urged international experts.

Speaking to The Straits Times on Thursday (Jan 24), Mr Keith Alexander from IronNet Cybersecurity and Mr Nadav Zafrir from Team 8 also commented on Singapore's response to last year's data breach on SingHealth, the country's worst cyber attack ever.

The two chief executive officers of global cyber security companies were in town as part a new government committee that will draw up plans to deal with "next-generation cyber threats" in the telecommunications sector for the next five years.

Often, data breaches are stealthy and go undetected for extended periods, said Mr Alexander.

Most attacks, in his experience, are only discovered after stolen data is discovered in a place where it does not belong.

Behavioural analytics involves software that detects abnormal actions or patterns. Such tools could flag stealthy cyber attacks that employees would miss out on, he said.

Added Mr Alexander: "Behavioural analytics can be used to detect anomalies so that if somebody happens to get in the network, you can still detect them very quickly. Most networks globally, not just here in Singapore, have no capability to do that.

 
 

"So that means if somebody gets in, they get in, and you don't have any way to track them. And now you have to be lucky to find them or see them when they're taking data out."

Mr Zafrir said leaders in organisations have to view cyber security as their responsibility and make decisions at the top level to keep online attackers at bay.

He added that key decision makers need to factor in cyber security because it presents a big threat to any organisation by having the potential to disrupt it so much that it would cease to function.

"There aren't many things that can bring a company to its knees like a cyber attack can. And a cyber attack has a crippling effect, because of the complexity of the networks in a world where everything is connected," said Mr Zafrir.

Mr Alexander and Mr Zafrir had worked in the US and Israeli militaries respectively before crossing over to the digital realm to work on fortifying defences online.

Mr Alexander was the former US National Security Agency director while Mr Zafrir was a former commander of an intelligence unit in the Israel Defence Forces.

When asked how his prior experience helped him prepare for his current work, Mr Zafrir said the sense of urgency and the importance of working with the right people was the same in both fields.

The two experts also weighed in on the Government's response to the data breach in SingHealth, where hackers stole the data of 1.5 million patients and the outpatient prescription details of 160,000 people, including those of Prime Minister Lee Hsien Loong.

A Committee of Inquiry (COI) set up to look into the attack recommended various measures to beef up cyber security, such as improving incident response processes, using automation to roll out security patches and introducing tiered Internet access in the healthcare sector.

Mr Alexander, who was an expert witness for the COI and gave his expert opinion on Nov 12 last year, said the COI's investigations made clear the threat that online attackers pose. It also reflected how the Government prioritised cyber security.

"It says to the people of Singapore that the Government is not going to stand by idly when these things happen, which I think is exactly the right thing to do," he added.

While he also applauded the actions Singapore took following the SingHealth data breach, Mr Zafrir said one should expect to see more such cyber breaches hunting for data that are "personally identifiable information".

He said: "We will probably see more of these attacks because if data is the new gold, then criminals, nation states and others will go after data."