Stay Cyber Ready to be Cyber Safe

When was the last time you changed your email password?

More importantly, was it ‘123456’, ‘password’, ‘qwerty’ or ‘football’?

Passwords that are obvious and easy to crack can leave your email accounts, both personal and professional, vulnerable to cyber attacks. But beyond hacking your password, a growing number of crafty cyber criminals are using even more elaborate methods to steal personal data, intellectual property or confidential company information.

Ransomware, where a malicious piece of software infects your computer and encrypts all your files until you pay the attacker, is one such method, according to Ms Jacqueline Poh, CEO of the newly-formed Government Technology Agency (GovTech) of Singapore.

Ms Poh was speaking at Cyber Safe Cyber Ready 2016, an inaugural seminar and exhibition organised by GovTech that is dedicated to educating public sector employees on the importance of cybersecurity today.

Question Marks around Cybersecurity

“People tell me, ‘I know somebody who has ransomware in their personal computer and all their family photos got locked up until they pay. What should I do in that situation?’,” Ms Poh shared.

“The reason we’re having this conference today is to give practical tips on what to do to protect your organisation and staff, and give you a better idea of what the threats are that may be coming not just today, but tomorrow and beyond.”

Held at Pan Pacific Singapore on 21 October 2016, the event brought together senior practitioners from government, industry, law enforcement and academia, who talked about various forms of cyber attacks, including phishing scams, ransomware, malware and cyber extortion.

“Cyber attacks are a real and present threat, and increasing in sophistication. Nowadays, you hear a lot about government systems and banks being hacked,” Ms Poh noted.

To raise cybersecurity awareness among government employees, she added that in the two weeks since GovTech officially started operations, the agency had already organised two inaugural events related to cybersecurity.

Just the week before, on 11 October 2016, GovTech held the first Smart Nation IoT conference, a meeting of minds to discuss the current security challenges in the areas of IoT security.

React and Respond

The role of human error was covered by Mr Richard Iau, Director of Cybersecurity Policies, Advisory and Technologies at GovTech, in his talk, ‘Employees are the weakest link’.

“In IT, we talk about people, process, technology. We know technology; it never fails. But what about people? Sometimes we get distracted, sometimes we’re too trusting,” said Mr Iau, adding that according to experts in the field, 95% of all successful attacks are caused by human error.

“It’s no wonder this 95% holds out, as people may fail to recognise warning signs of attacks, or follow protocol.”

Companies must thus move beyond being compliance-based—implementing the bare minimum amount of cybersecurity measures just to pass audits, he said.

“Companies need to be more context-based and ask, what’s at risk and is it really worth protecting with more security solutions and processes, and training of people?” he remarked. At the heart of all is the classification of data—the higher the data is classified, the more it needs to be protected; and thus, the more expensive it will be, he shared.

Mr Iau rounded off his speech with a tip for the IT professionals in the crowd, advising them to get to know the assets that they are trying to protect—because you can’t protect what you don’t know.

“This is the first step,” he said. “If you don’t know what’s in your data centre, chances are, you won’t be able to protect it.”

The event saw several illuminating and helpful sessions, with speakers sharing tips with attendees on how to identify a phishing scam from grammatical errors, unknown email addresses and suspicious links in the email body, for example.

There were also several exhibition booths showcasing the latest in cybersecurity tools and solutions, which drew the attention of the full-house crowd.

Spread the Awareness

Armed with practical advice on how to circumvent cyber threats, attendee Ms Queenie Tan, Assistant Director at SkillsFuture Singapore, noted that on a personal level, she is now a lot more conscious about the need for cybersecurity—especially when it comes to passwords and things to avoid such as spam emails.

“On an organisational level, attendees should share these areas of awareness across their organisations, and even propose to management the security measures that need to be put in place,” she said.

“It doesn’t mean that if you are not involved in IT security, you don’t need to know how it works; a company needs to function as a whole,” said Ms Serene Yap, Senior Business Development Executive at BridgingMinds Network, one of the companies on display at the exhibition, and which carries out training and certification courses on IT processes and security.

Ms Yap went on to say that there was a high level of participation among attendees, who were enthusiastic and open to learning more about cybersecurity.

“They will break it down and ask me, ‘what if I’m an end user? How can this help me improve myself?’”

In a nutshell, the key learning points from the Conference talks are fairly simple for end users to follow:

• Change your password regularly;
• Never click on suspicious links;
• Clarify with the email sender when in doubt;
• And most of all, spread the awareness of cybersecurity importance among your friends and colleagues!