Skip to main content

Advertisement

Advertisement

Rising cyberspace threat boosts demand for security services

SINGAPORE — From corporate sabotage where machine settings are changed to disrupt production lines and disgruntled employees stealing confidential information before jumping ship, to international hacking syndicates targeting Singapore’s wealth of public- and private-sector information online, the Republic’s cyberspace is constantly under siege.

A man types on a computer keyboard on Feb 28, 2013. Photo: Reuters

A man types on a computer keyboard on Feb 28, 2013. Photo: Reuters

SINGAPORE — From corporate sabotage where machine settings are changed to disrupt production lines and disgruntled employees stealing confidential information before jumping ship, to international hacking syndicates targeting Singapore’s wealth of public- and private-sector information online, the Republic’s cyberspace is constantly under siege.

In recent months, there have been several high-profile hacking cases, including an incident in July where about 1,560 SingPass accounts were found to have been compromised.

A month later, personal details of hundreds of thousands of karaoke company K Box’s customers were put up for public download by hackers.

However, cybersecurity firms and experts told TODAY such incidents are only the tip of the iceberg. Demand for their services has increased exponentially in the past year or so. For example, security software company FireEye said that, every month, it deals with an average of more than 4,000 security breaches suffered by its clients here.

Infotect Security managing director Wong Onn Chee, who leads an informal group of Singapore-based cybersecurity experts, noted that the country is a prime target for hackers because of its high level of connectivity and the value of information that these criminals want to get their hands on.

“How many countries can claim they have all their citizens’ health records online?” he said. “We are very connected. The pot of money you can get through hacking is bigger.”

The Government has been beefing up the nation’s defence against cybersecurity threats. Just last month, it unveiled a raft of measures, including the setting up of a Monitoring and Operations Control Centre, whose role is to coordinate activities and operations against such threats and use the results of investigations to execute measures against potential attacks on the entire government infrastructure.

SECTORS TARGETED

A recent FireEye report put the average “advanced persistent threats exposure” in Singapore at 41 per cent, higher than the global average of 36 percent. This figure could be even higher, as most sophisticated attacks go undetected or unreported, said Mr Ong Geok Meng, FireEye’s director of security research.

The report singled out certain sectors that had been exposed to attacks, such as government, finance, defence, automative, manufacturing and pharmaceuticals.

Industry players said hackers could range from individuals embarking on “revenge attacks” to syndicates that sell data to willing buyers or have been hired by rival companies.

Mr Ali Fazeli, who owns cybersecurity and digital forensics company Infinity Forensics, has seen clients in the manufacturing sector suffer cyberattacks launched by competitors.

“If they hack into the machines, which these days are connected to servers, and manage to change any element of the product, it will result in a (product of) lower quality or a wrong product. This will result in a shutdown of the production line for a week or two,” he said.

NForce Solutions said it had been previously called upon to investigate a cyberattack on a government-linked company here. The hacking reached a point where it drew complaints from the United States Embassy here.

“That server was used as a gateway for the hacker to leverage and attack other servers in (the company’s) internal network. The hacker then used that compromised server as a zombie to send out spamming emails to the US,” said NForce Solutions managing director Jacky Le, adding that the firm has a large network of thousands of computers and a few hundred servers.

Insider jobs make up a sizeable proportion of hacking, cybersecurity firms said. Mr Anthony Lim, a member of the Application Security Advisory Board at ISC2, a not-for-profit association for information security professionals, noted that insiders would already have partial permission to access company information, compared with external hackers.

Mr Fazeli said his firm had been engaged by organisations to identify employees behind the illicit activities.

RISING DEMAND FOR TESTING SERVICES

Demand for services to test how well company systems stand up against threats or attacks, such as penetration testing, has grown significantly. For example, NForce Solutions said demand had jumped about 300 per cent in the past year, while Infinity Forensics said demand had increased by 40 percent since the middle of last year.

Mr Fazeli noted that many more small and medium enterprises were making enquiries than in the past.

Mr Lyon Poh, head of IT assurance and security at KPMG, attributed the trend to more stringent regulations in the finance sector, for instance, and the fact that more information is being stored online.

“A significant increase in demand ... has also come through the government and healthcare sectors as more of their services go online,” he said.

Mr Gerry Chng, advisory partner at Ernst & Young Singapore, added: “What was once regarded as an IT support function, check-in-the-box activity and the responsibility of a few individuals in a small group of security practitioners has come under the spotlight and is drawing increased interest and attention from senior management and external customers.”

The higher demand for cybersecurity services has led Singapore Polytechnic, for example, to double its intake for its Diploma in Infocomm Security Management course from 40 to 80. The school makes sure its students do not abuse the knowledge acquired during training — they are made to sign an agreement to use the knowledge lawfully.

“Several measures are in place to imbue in our students the importance of cyberwellness and ethical use. The course modules cover the Computer Misuse Act, as well as field trips to the State Courts, High Court and prison,” said a spokesman.

Read more of the latest in

Advertisement

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.