Cybersecurity​ ​Against​ ​Cyberattacks

Cybersecurity​ ​Against​ ​Cyberattacks

David Nagrosst 01/12/2017 28

A new era of cybersecurity threats has dawned. The first two quarters of 2017 saw the inordinate of cybersecurity meltdowns: viral, state-sponsored ransomware, leaks of spy tools from the US intelligence agencies, and full-on campaign hackings. This is the continuation of the cyber war from the​ ​early​ ​years.







Throughout the years, common cyberattacks that include viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorised access to confidential information, and taking control of systems,​ ​have​ ​evolved.​ ​The​ ​strongest​ ​of​ ​these​ ​malicious​ ​cyberattacks​ ​is​ ​Ransomware.


The first ransomware attack was reported in 1989. Cybercriminals had illegally planted ransomware in computers, IT systems and other devices to disable them until the owner or operator pays a sum of money​ ​to​ ​regain​ ​control​ ​or​ ​access​ ​to​ ​these​ ​devices.


Twenty-eight years later, ransomware is still creating chaos. It has since evolved into different forms, dressed​ ​in​ ​different​ ​names.



Source:  AO Kaspersky Lab (2016). All Rights Reserved. The diagram shows the percentage distribution of ransomware variants observed by Kaspersky Labs, 2015-2016. Image via SecureList.



Some of the newer variants discovered in 2017 include WannaCry, Petya/NotPetya/Nyetya/Goldeneye, Wikileaks and Cloudbleed. In Singapore, it was reported that one in three SMEs suffered a ransomware attack last year.


As cybercriminals get more intelligent, we must be more vigilant and conscientious than before in taking preventive measures. Basic security measures include the use of firewalls, anti-virus software, intrusion detection and prevention systems, unique encryption and login passwords, and casting cyber​ ​insurance​ ​policy​ ​as​ ​a​ ​safety​ ​net.



Another area we must consider is the cybersecurity regulation. In a nutshell, cybersecurity regulation is an act that gives an added push for companies to seek professional assistance in protecting their systems and information from cybercriminals. It is, therefore, imperative that we include cybersecurity in our regulatory examinations to make sure that our systems are safeguarded always.


On a national level, Singapore takes cybersecurity threats very seriously. As Singapore has the highest level of digital connectivity in the world, a cyberattack on our critical information infrastructures or CIIs will have a colossal impact countrywide.


Singapore’s current Computer Misuse and Cybersecurity Act focuses on cybercrime per se. However, CSA Chief Executive David Koh emphasized that we need a “more multi-faceted bill to oversee the evolving cybersecurity landscape.” That called for the Ministry of Communications and Information (MCI) and the Cyber Security Agency of Singapore (CSA) to seek feedback on the proposed Cybersecurity Bill in 2016.


In the same year, our Prime Minister Lee Hsien Loong rolled out Singapore’s Cybersecurity Strategy to create a more resilient and trusted environment for our nation.


Four pillars underpin its strategy:

1. Educate the public about internet security and online safety


2. Step up the protection of Singapore's essential services in key sectors such as emergency 
services, e-Government, banking and finance, utilities, transport and healthcare


3. Establish a professional workforce for the cybersecurity sector and this includes creating opportunities for existing professionals (e.g. the Cyber Security Associates and Technologists (CSAT) program allows existing ICT professionals with three years of work experience to 
switch over to cybersecurity roles via a six-month training scheme)

4. Build stronger international relationships with regard to cyber incident response and even 
prosecuting cybercrime that crosses national boundaries



In July of 2017, the MCI and the CSA released a new Singapore Cybersecurity Bill  for public consultation. The draft bill aims to be a broader omnibus cybersecurity law, highlighting a coordinated national approach to cybersecurity with provisions applying equally to both public and private sectors.


The following are the key proposals under the draft Cybersecurity Bill:


1.  Appointment of Commissioner of Cybersecurity: 
The Bill will vest in the CSA's chief as Commissioner of Cybersecurity to investigate threats and incidents to ensure that essential services in key sectors - such as emergency services, e-Government, banking and finance, utilities, transport and healthcare - are not disrupted in the event of a cyberattack.

 

2. Critical Information Infrastructure
: The Bill aims to protect critical information infrastructure (CII) across both public and private sectors, requiring all organisations to share information to support cybercrime headed by the CSA. Banking and privacy rules that forbid the sharing of confidential information will be superseded by the Cybersecurity Bill.

3. Measures to be Undertaken by CII Owners in Response to Cybersecurity Threats and Incidents
: CII owners are required to:

a. ​Notify​ ​the​ ​Commissioner​ ​of​ ​the​ ​CII​ ​suffering​ ​a​ ​cybersecurity​ ​attack;

b. Conduct regular system audits by a​ ​Commissioner-approved​ ​third-party;
c. Conduct​ ​regular​ ​risk​ ​assessments​ ​of​ ​the​ ​CII;

d. Comply with directions issued by the Commissioner, including providing access to premises, computers​ ​or​ ​information​ ​during​ ​investigations.

4.​ ​CII​ ​Designation

The Commissioner may identify and designate new systems as CII during times of national emergency. The designation of a computer or computer system as a CII is an official secret under the Official​ ​Secrets​ ​Act.


 

5.​ ​Regulation​ ​of​ ​Cybersecurity​ ​Service​ ​Providers

Cybersecurity providers performing either investigative work (e.g. hacking and forensic examination) or non-investigative work (e.g. managed security operations) must meet basic requirements to qualify for a license. Investigative cybersecurity service practitioners such as hackers must also apply for individual licenses. Unlicensed providers will face a maximum fine of S$50,000, imprisonment of up to two​ ​years,​ ​or​ ​both.


CSA also reported that Singapore will collaborate with Germany to boost both countries’ cybersecurity.


The draft Cybersecurity Bill will undergo the legislative process and is expected to be passed into law in 2018. It would be interesting to see if there would be changes in the draft after the public consultation​ ​held​ ​in​ ​August​ ​2017.


As we grow to be more reliant on information technology, with e-commerce becoming an important contributing sector to our economy, we must take cybersecurity very seriously before it’s too late. Cybersecurity is vital to our business operations, especially in safety-critical systems, such as emergency​ ​response,​ ​and​ ​to​ ​the​ ​protection​ ​of​ ​our​ ​infrastructure​ ​systems.


So, what have we done to combat cybercriminals, and in building a resilient and robust security system alongside our government’s anti-cyberattack initiatives? And how have we responded to Singapore’s​ ​cybersecurity​ ​regulation?​ ​The​ ​clock​ ​has​ ​started​ ​ticking.



For other articles on Cybersecurity, IT, and Sales Leadership, I invite you to my blog at blog.nagrosst.com

Share this article

Leave your comments

Post comment as a guest

0
terms and condition.
  • Timothy McLean

    I appreciate these type of articles so much! I've learned enough to know that I want to learn more cyber security and computer science.

  • Thanks, Timothy! Happy to share

  • Amy Lowis

    Humans are almost always the weakest link in the chain of trust.

  • David Blackwood

    In reply to: Amy Lowis

    The biggest flaw of a security system is human, and hackers always compromise humans first because they are the most vulnerable

  • William Creggett

    Well written, well delivered.

  • Thanks, William!

  • Rony P

    Spot on with everything. I have really enjoyed reading this! I have a pretty decent amount of experience with IT stuff, but I still managed to learn at least one new bit of info

  • Thanks, Rony! Glad you did.

  • Frank Hodges

    Explains the topic enough so that non-technical people understand the threats and how to mitigate them. Great job!

  • Curtis Densmore

    In reply to: Frank Hodges

    It's a shame that the internet is insecure

  • Thanks, Frank!

  • Cody Postuta

    You blew my mind on how cybersecurity regulation can be delivered in an easy and understandable way

  • Thanks, Cody!

  • Phil Melling

    I am coy that with the rise of AI computers can't be pulled to the light side or the dark side

  • Chris IG

    In reply to: Phil Melling

    Do one on AI please !!!!! That would be interesting to know how governments will tackle AI cyber attacks in the future

  • Yorkshire Lad

    It sounds so simple when you talk about cyber security. Singapore is doing a great job at tackling cyber attacks unlike our clueless Brexit Government

  • Thanks!

  • Gary Churchill

    Well Said !! If governments aren't securing the internet or protecting us from cyber threats like they should with more regulation, then we will allow ourself to be at risk of hackers.

  • Thanks, Gary!

  • Nicolas Salomon

    Very nicely explained. Thank you

  • Thanks, Nicolas....

  • Nilay Kumar

    Such an easy way to learn more about an interesting topic

  • Thanks, Nilay....

  • K Sharma

    Hacking can also be a good thing. Hackers like Anonymus are changing the world by using cyber security attacks to protect the world from major threats.

  • Hocine Zahraoui

    In reply to: K Sharma

    All the perpetrators of Internet crimes are lonely virgins with no friends

  • K Sharma

    In reply to: Hocine Zahraoui

    Hacking will never be a thing of the past and I hope that it's not. Cyber crime is the most powerful form of protesting and if you don't want the NSA breathing down your back at all times seeing what you say and privately do on the internet I recommend that you get on board with that

  • Hocine Zahraoui

    In reply to: K Sharma

    You are wrong and I don't want to waste my time debating with you. The best way to avoid hackers and ignorants is by shutting down their internet service. Hacking in any form is immoral and illegal.

  • Joel

    I wanna learn how to protect my computer, maybe it's time to change all my passwords.......

Share this article

David Nagrosst

Tech Guru

David is the Head of Sales, Asia Pacific and Japan at Cyxtera Technologies. He is an exceptional international leader and CISSP Qualified IT Security Expert with 20 years+ demonstrable experience in business, sales and providing IT Security, Cloud, and Datacenter Solutions to Organizations from Start-up to Fortune 150. He is also an international keynote & workshop speaker and a member of AmCham Singapore. He is committed to developing, testing and continually creating new methods to drive efficiency, cost saving, growth and profit alongside innovative technical expertise. David holds a Bachelor in Information Technology at the New Jersey Institute of Technology and is currently completing an MBA in Business Administration and Management at the University of Manchester.

   

Latest Articles

View all
  • Science
  • Technology
  • Companies
  • Environment
  • Global Economy
  • Finance
  • Politics
  • Society