Back to all videos

New centre to help SMEs in Singapore improve cyber resilience

By CNA

SME Cybersecurity InitiativesSupply Chain CybersecurityRansomware Defense StrategiesCybersecurity Certifications
Share:

Key Concepts

  • Cyber Security Support Hub: A new central initiative in Singapore to bolster cyber defenses for Small and Medium Enterprises (SMEs).
  • SMEs (Small and Medium Enterprises): Businesses that are often targeted due to limited resources and expertise in cybersecurity.
  • Cyber Hygiene: The practice of maintaining good cybersecurity habits and measures.
  • Digitalization: The adoption and integration of digital technologies into business operations.
  • Supply Chain Attacks: Cyberattacks that target weaker links within a company's supply chain to gain access to larger organizations.
  • Ransomware: A type of malware that encrypts a victim's files and demands a ransom for their decryption.
  • Phishing Attacks: Deceptive attempts to obtain sensitive information by masquerading as a trustworthy entity.
  • Malware: Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems.
  • Two-Factor Authentication (2FA): A security process that requires two different forms of identification to access something.
  • Cyber Essentials Mark & Cyber Trust Mark: Certifications indicating a company's adherence to basic cybersecurity standards.
  • CSA (Cyber Security Agency of Singapore): The national cybersecurity agency responsible for protecting Singapore's cyberspace.
  • SBF (Singapore Business Federation): An apex business chamber that is leading the new cyber security support hub.
  • Queen Bees: Larger companies that can influence and support the cybersecurity resilience of their supply chain partners.

New Central Hub to Strengthen SME Cybersecurity in Singapore

Singapore is launching a new central hub to provide enhanced cybersecurity support for its Small and Medium Enterprises (SMEs). This initiative aims to bolster business confidence in digitalization, especially as a significant number of organizations (over 8 in 10) report experiencing cybersecurity incidents annually. The hub will offer a range of services including workshops, system evaluations, and post-incident assistance.

The Growing Threat Landscape and SME Vulnerabilities

The transcript highlights the increasing prevalence and sophistication of cyber threats. A recent data breach involving money lenders in June last year, which led to the theft of personal data for over 190,000 individuals (including NRICs, addresses, and credit details), demonstrates that even regulated firms are not immune.

Key Arguments & Evidence:

  • Adversaries Target Weakest Links: "A lot of these adversaries they will not necessarily attack the strongest uh companies. They will assess your entire supply chain and obviously attack the weakest uh link in the whole supply." This indicates that SMEs, often lacking robust defenses, are prime targets.
  • SME Resource Constraints: SMEs are identified as vulnerable due to a lack of resources, skills, expertise, and finances. Many do not have dedicated IT teams.
  • Underestimation of Risk: Many SMEs underestimate their risk exposure, believing their size makes them less attractive targets. However, this is precisely why they are targeted, as they represent "low-hanging fruits" due to weaker defenses.
  • Outdated Technology and Lack of Basic Protections: SMEs often use outdated hardware and software, fail to train employees on security risks, and do not implement basic protections like two-factor authentication.
  • Prevalence of Attacks: "Eight in 10 organizations in Singapore suffer a security incident. And in fact, one in two has multiple attacks."
  • Ransomware Targeting SMEs: "three in five of the ransomware attacks targetmemes."

The Role of Vendors in the Supply Chain

The transcript also points out that IT system vendors, even those pre-approved, can serve as potential entry points for attackers. To address this, ICT vendors will now be required to meet basic cybersecurity standards. This measure aims to build confidence in partners' cyber hygiene and strengthen overall supply chain security.

The New Cyber Security Support Hub: Services and Objectives

The new center, set to launch next year, is designed to:

  • Boost Cyber Defenses: Proactively strengthen the cybersecurity posture of businesses.
  • Improve Cyber Hygiene: Educate and encourage the adoption of best practices.
  • Speed Up Recovery: Provide support and resources to minimize disruption after an attack.

Key Features and Services:

  • Staffed Helpline: A dedicated helpline will be available for businesses to seek advice and support during and after cyber incidents. This addresses the common issue of SMEs not knowing who to turn to when their data is compromised or locked by ransomware.
  • Cyber Drills: These exercises will help strengthen response skills and prepare businesses for potential attacks.
  • Pre-Incident Support (Clinics): Described as a "health checkup" for cybersecurity, these clinics will help companies identify their gaps and weaknesses.
  • Cyber Essentials Mark and Cyber Trust Mark: The center will guide companies towards achieving these certifications, demonstrating their commitment to cybersecurity standards.
  • Workshops: Educational sessions to impart knowledge and best practices.
  • Post-Incident Support: Assistance with containment strategies, regulatory advice, and a list of pre-qualified vendors for incident response. This is likened to the "ScamShield" initiative for consumers, providing a central point of contact for businesses.

Public-Private Partnership and National Strategy Alignment

The center is a unique public-private initiative, involving:

  • Singapore Business Federation (SBF): Leading the initiative.
  • Chinese Chamber of Commerce: To cater to Mandarin-speaking businesses.
  • SG Tech: The industry association for IT companies.
  • Cyber Security Agency of Singapore (CSA): A key public agency partner.

Alignment with National Cyber Security Strategy:

  • Data Collection and Threat Intelligence: The post-incident reporting, especially through the anonymous hotline, will provide valuable data on the overall threat landscape in Singapore. This information will be fed to the CSA for better threat analysis and policymaking.
  • Increasing Adoption of Standards: The pre-incident engagement aims to increase the number of organizations achieving Cyber Essentials and Cyber Trust marks, which is currently a "drop in the ocean" compared to the total number of companies in Singapore.
  • Empowering SMEs: By providing accessible support and guidance, the center aims to overcome the barriers that prevent SMEs from investing in cybersecurity.

Long-Term Cyber Resilience

Long-term resilience is built by encouraging companies to take proactive steps:

  1. Diagnosis: Utilize the clinics to identify cybersecurity gaps.
  2. Commitment: Embark on the journey to achieve Cyber Essentials or Cyber Trust marks.
  3. Practice: Engage in drills and exercises, such as phishing simulations, to build muscle memory and improve response capabilities.

The initiative also encourages larger companies ("Queen Bees") to extend their cybersecurity efforts to their supply chains, recognizing that the strength of the chain depends on its weakest link.

Key Arguments and Perspectives

  • Mr. Tan: Emphasizes that investing in cybersecurity is crucial not only for protecting business operations but also for earning the trust of partners and customers.
  • Mr. Cock Ping Sunoon (Chief Executive of SBF):
    • Highlights cybersecurity as a "clear and present danger" for businesses.
    • States that SMEs are prime targets due to their lack of resources and knowledge, making them "low-hanging fruits."
    • Explains that many SMEs pay ransoms due to a lack of IT support and fear of business disruption.
    • Stresses the importance of the center providing "end-to-end support from pre-incident to post incident."
    • Notes that the center's data collection will improve the understanding of Singapore's threat landscape.
    • Advocates for a multi-pronged approach involving businesses, government, and larger corporations.

Conclusion

The new cybersecurity support hub represents a significant step by Singapore to address the growing cyber threats faced by its business community, particularly SMEs. By offering a comprehensive suite of services, fostering public-private collaboration, and aligning with national cybersecurity strategies, the initiative aims to enhance cyber resilience, build trust, and enable businesses to confidently embrace digitalization in a more secure environment. The emphasis is on proactive measures, accessible support, and a collective effort to strengthen Singapore's cyberspace.

Chat with this Video

AI-Powered

Hi! I can answer questions about this video "New centre to help SMEs in Singapore improve cyber resilience". What would you like to know?

Chat is based on the transcript of this video and may not be 100% accurate.

Related Videos

Ready to summarize another video?

Summarize YouTube Video