Cyber-security awareness must keep pace with rapid digitalisation
As a result of the Covid-19 pandemic, 2020 has been a year marked by rapid digitalisation at an unprecedented pace.
But this process has also come with increased cyber-security risks in the form of QR code scams, WhatsApp hijacking and phishing e-mails, as hackers and scammers look to exploit the opportunities that have opened up to them, with more companies and individuals going online.
Experts speaking at a Straits Times webinar on digitalisation and cyber security on Wednesday warned of the dangers lurking online and how to guard against them.
Cyber Security Agency of Singapore (CSA) chief executive David Koh, who was among the four panellists, noted that the agency handled 60 ransomware cases from January to October, almost twice the 35 cases reported last year.
Ransomware is malware that infects unprotected computers and locks them down with a note demanding ransom.
Mr Koh said: “Our dependence now on digital infrastructure (such as) smartphones and computers has gone up tremendously (because of Covid-19). It also means that the cyber-attack surface – the angles at which the bad guys, the malicious actors, the crooks can attack us – has gone up as well.
“We see many themes in phishing e-mails, many of them about Covid-19. I fully expect the crooks will now pivot and will be talking about vaccines next.”
Mr Koh was joined at the webinar by Associate Professor Steven Wong from the Singapore Institute of Technology, Associate Professor Chang Ee-Chien from the National University of Singapore’s School of Computing, and Mr Benjamin Ang, head of the Cyber and Homeland Defence Programme at the Centre of Excellence for National Security.
Mr Ang recounted how – in his capacity as an executive committee member of the Internet Society’s Singapore chapter – he once received a phishing e-mail that impersonated the society’s incumbent president to ask the treasurer to transfer some money out of a bank to pay a vendor.
A phone call to the president confirmed that no such e-mail had been sent, and the transaction was aborted.
Mr Ang said: “(It) comes down to the culture in organisations. Our organisations need more digital empathy.
“Organisations have to be able to say, ‘Okay, I’m going to give space for you to stop and think before we push the button’. We don’t want to build a culture where, the moment I see an e-mail asking me to transfer money, I do so straightaway.”
In October, CSA launched its Safer Cyberspace Masterplan to raise the general level of cyber security across Singapore, including through free cyber-health screenings for businesses, and the use of artificial intelligence to sniff out security threats in key infrastructure, including broadband and 5G networks.
Mr Koh likened what CSA is trying to do to how national water agency PUB manages Singapore’s water supply.
“The problem today is that companies and enterprises are trying to purify their own water when it comes to cyber security, and so are individuals, who are doing the equivalent of tying a sock to the tap and hoping that it filters the water to some extent,” he said.
“It will be more efficient and effective if we (CSA) can do it upstream, similar to what PUB does for the real water supply.”