enterprisesecuritymag

The Race against Cybercrime: Five Fundamental Strategies to Get you to the Finish Line

By Destiny Bertucci, Head Geek™, SolarWinds

Destiny Bertucci, Head Geek™, SolarWinds

Singapore has seen tremendous progress in transforming its landscape and integrating with modern technology. The understanding that digital transformation is vital to growth—not to mention convenience and added efficiencies—is deeply rooted amongst the population. This has resulted in the heavy use and reliance on the internet for personal, professional, and business gains. According to Hootsuite®, the internet penetration rate in Singapore stands at 84%, percent, placing the country well above the global average of a mere 48.9 percent%. While the locals embrace the ease of connectivity, cybercriminals seem to view Singapore as the new hot target. This is likely due to the large amounts of data being shared and stored online, coupled with the trust Singaporeans place in their devices and the parties responsible for protecting data.

This year saw cyberattacks on an unprecedented scale. With the recent SingHealth cyberattack, Shangri-La Hotel data leak, and HealthHub® breach, Singaporeans witnessed the growing sophistication and scale these attacks could bring. Given that such incidences took on a multipronged approach—where all agencies, such as the government, businesses, and individuals were attacked—a tighter stronghold on cybersecurity must be enforced to ensure a strong defence. In fact, the Singapore government underscored the importance of cyberdefence amidst continual innovation with the National Cybercrime Action Plan (NCAP), commissioned in 2016. The plan spells out the priorities needed in the fight against cybercrime and key recommendations for cybersecurity enhancements, while also serving as a sobering reminder that more can be done when it comes to cybersecurity.

Organisations and government agencies must focus on some basic but highly effective fundamentals to protect against potential attackers. Some of these involve simple and basic security hygiene and others  require more of an investment, both in terms of capital and human resources and long-termthinking.

Embrace Network Modernization

Modern businesses may find it difficult to function without good network connectivity; therefore, as companies digitize, it is critical we do not overlook network modernization. Modern networks are better equipped to handle cyberattacks, easier to manage, and more efficient. Moreover, modernized networks can work in any environment and can adapt to changing threat conditions. They can also automatically detect and respond to potential attacks without the need for human intervention, effectively mitigating the threats before damage occurs.

Modernization often leads to standardization, which means fewer device types and configurations to manage. This helps reduce vulnerability because configurations can be refined, deployed, and maintained more easily.

Implement Continuous Monitoring

Remember prevention is always better than cure—putting in place an effective and consistent monitoring system can help to detect potential threats ahead of time and clamp down on the source of threats early, potentially saving companies from the legal and reputational repercussions of a breach.

A proper continuous monitoring solution contains a variety of components working together to strengthen an agency’s defence against many attack methods. Those solutions could include log and event management tools that track login failures and make it easier to spot potential security incidents, device tracking solutions that can detect unauthorized network devices, or network configuration management solutions that can improve network compliance and device security. All of these can be done without human intervention, and most can be easily updated.

Remember to patch

Patching and updating software stitches up the holes in your cyber defence system and deters potential threats lurking for the next open opportunity to penetrate the system. Around 80% 80 percent of attacks take advantage of vulnerabilities for which patches already exist—many of which could have been patched over a year before the attack.

But with the sheer magnitude of software that powers federal networks, manually patching servers is near impossible. Automated patch management tools can analyse various software programs and scan for known vulnerabilities and available updates. These updates can be automatically applied as they become available, keeping software up-to-date and well-fortified against the latest threats.

Implement Strong Encryption

Encryption is like the notes you pass around in high school—a bunch of gibberish to the rest, but a secret message to a friend who holds the key to decoding it. In the words of Edward Snowden, “Properly implemented strong encryption systems are one of the few things that you can rely on.” However, ensuring the security of data at rest and in transitis not necessarily an easy task, considering the hybrid cloud and IT environments many agencies have adopted.

Still, strong encryption protocols must remain in place, regardless of where the data resides, and data that travels from a hosted site must receive the same level of encryption—or, perhaps an even greater level of encryption—than data that exists on-premises. The slightest vulnerability in an unencrypted network can be a window to cyberattackers, while solid, end-to-end encryption remains extremely difficult to penetrate, no matter where the data exists.

Adopt the Cybersecurity Framework

With the introduction of the Cybersecurity Act which will equip the Cyber Security Agency of Singapore (CSA) with the necessary powers to effectively address increasingly sophisticated threats, the new legislation establishes a comprehensive framework for the prevention and management of cyber incidents, and complements the existing Computer Misuse and Cybersecurity Act (CMCA), which will continue to govern the investigation of cybercrime.

Road to a Cybersecure Nation

The race against cybercrime is a marathon—there is no shortcut to the finish line, only consistent effort put into educating every individual and leveraging technology along the way. The right steps are being taken through government initiatives and industry legislation; to support the effort, organisations need to ensure they consciously practise greater cyberhygiene, diligent maintenance, and upgrading of cybersecurity infrastructure—and relentless monitoring of lurking threats.

Read Also

Creating a Culture of Security

Creating a Culture of Security

Lyle Hardy, Global CIO, Teleperformance
The ever-changing cybersecurity strategy - how to get it right?

The ever-changing cybersecurity strategy - how to get it right?

Nilesh Jain, Vice President of SEA and India, Trend Micro
Upholding the Principle of Cyber-Awareness

Upholding the Principle of Cyber-Awareness

Gabor L. Varjas, Group Chief Information Security Officer, MOL Group
Devising Effective Disaster Recovery Strategies

Devising Effective Disaster Recovery Strategies

David Nichols, Chief Risk Officer, Xinja