Stay on this page and when the timer ends, click 'Continue' to proceed.

Continue in 17 seconds
Sign in Subscribe
Singapore

More can be done to boost cybersecurity for S'pore businesses: Josephine Teo

More can be done to boost cybersecurity for S'pore businesses: Josephine Teo

Source: The Straits Times
Author: Timothy Goh

SINGAPORE - More can be done to improve cybersecurity for Singapore's companies and organisations, said Minister for Communications and Information Josephine Teo.

Beyond strengthening digital infrastructure like cloud services and data centres, the cybersecurity of Singapore's companies are important as they provide the services that people use and define their online experiences, she added.

Ms Teo was speaking at a conference organised by Temasek-backed cybersecurity firm Istari on March 20.

Her remarks came on the back of a recent survey by Cyber Security Agency of Singapore (CSA) which found gaps in the cybersecurity preparedness of local organisations. The survey, which covered over 2,000 entities across 23 industries and seven charity sectors, found that the majority of these organisations had encountered at least one cyber incident in the year prior to being surveyed, such as ransomware attempts.

The survey queried organisations on the cybersecurity measures they have adopted in five areas, such as using secure configuration settings for hardware and software, controlling access to data and services, and updating software on devices and systems.

In each of the five areas, organisations on average adopted about 70 per cent of the essential measures. While the adoption rate is "reasonably encouraging", the CSA believes that a partial adoption of the measures is inadequate, Ms Teo noted.

She added: "Unless all these essential measures are adopted, the organisations are still exposed to unnecessary cyber risks."

In CSA's view, the "passing mark" should be set high enough to give assurance to the company's stakeholders such as employees and customers. "This means adopting the package of essential measures in all five categories", she said.

"There is much room for improvement as only a third of organisations surveyed adopted all measures in at least three categories," she added.

The survey's findings, which will be fully disclosed next week, revealed that small and medium enterprises (SMEs) fared better in some categories compared with others.

For example, SMEs have high adoption rates, or more than 70 per cent, in essential measures related to software updates and incident responses. But they are struggling in virus and malware protection and access control, where the adoption rate was well below 20 per cent.

The survey also found that almost 60 per cent of businesses and non-profit organisations reported a lack of knowledge or experience to implement cybersecurity effectively. This finding is "not at all surprising", she noted, adding that cyber risks have increased and continue to evolve quickly.

"This has contributed to the shortfall in cyber professionals; even the most sophisticated organisations struggle to keep up," she said. "It was therefore reassuring that 75 per cent of organisations surveyed were at least aware of the need for cybersecurity."

Ms Teo said that she hopes the survey findings will help to motivate organisations to progress from awareness to taking concrete actions, so that they can minimally 'pass' by adopting all the essential cyber measures.

Ms Teo's remarks on March 20 come after the announcement during the annual debate of the Ministry of Communications and Information's budget on March 1 that the five-year-old Cybersecurity Act, which establishes a framework for overseeing and maintaining national cybersecurity, will be expanded to include foundational digital infrastructure like cloud services and data centres.