Live Chat Software by Kayako
National Security Conference 2015
Posted by Thang Le Toan on 30 July 2016 01:12 AM
SPEECH BY DR YAACOB IBRAHIM, MINISTER FOR COMMUNICATIONS AND INFORMATION AND MINISTER IN CHARGE OF CYBER SECURITY, AT THE NATIONAL SECURITY CONFERENCE 2015 ON 27 OCTOBER 2015, AT 9.10 AM, AT THE GRAND BALLROOM, GRAND COPTHORNE WATERFRONT HOTEL
2 Cyber threats are a large and growing business risk, across the region and the world. Recognising this, Singapore is increasingly focused on addressing cyber threats. At GovernmentWare 2015 earlier this month, I announced that the Singapore Government is taking reference from Israel and South Korea and will be looking into setting aside 8-10% of our total ICT expenditure for cyber security for government ICT projects. I have also asked CSA to study how this can be institutionalised beyond the Government Critical Infocomm Infrastructure sector. As we study this, businesses should also ask themselves: “How much am I prepared to invest in cyber security?”.
Investing in cyber security
3 Notice I use the word ‘invest’ deliberately. In the 21st century, spending to build up a business’ cyber defences is no longer just about trying to prevent potential losses, whether monetary or reputational, that may be suffered from a successful attack. A forward-looking business will also adopt strong cyber security measures as a means to stay ahead of evolving threats. On the one hand, it insures the business against devastating cyber attacks that may bring it down at one fell swoop. On the other hand, in the present day when cyber attacks are part of daily life, good security adds value by boosting stakeholders’ trust and customers’ confidence in entrusting the business with their valuable data. This, in turn, can translate into a competitive advantage for the business.
5 I advise local businesses to do the same, and not be left behind. An area where firms can focus more on is cyber security-by-design. Cyber security measures should be considered at the outset when putting systems and networks in place. This pre-emptive, proactive approach will go towards ensuring that these systems and networks are well-protected.
Focusing on ‘peopleware’
6 To be fully secure, businesses will need to protect themselves against vulnerabilities in three main areas – hardware, software and ‘peopleware’. It is not enough to only rely on enhancing hardware and software systems to counter the latest cyber threats. Businesses will also need to build up ‘peopleware’, by equipping their employees with the awareness, tools and capabilities to handle these threats. Unfortunately, many businesses will emphasise hardware and software, but fewer will also focus on ‘peopleware’. Do not forget Edward Snowden. To take an example, SBF’s recent dipstick survey found that only about 20% of local businesses regularly conduct training for their employees on cyber security.
7 I would strongly urge businesses to correct this situation. When it comes to security, people matter as much as software and hardware, if not more. A fortress may have thick and strong walls, but will still be vulnerable to attack if the guards carelessly leave the gate open. Similarly, careless or ignorant employees can severely weaken a business’ defence against cyber threats. All it takes is for someone to access an unsafe email or URL; to use weak passwords; to disclose company information without proper safeguards, or to lose a company device.
8 This is not idle rhetoric, but an unfortunate fact. IBM’s Cyber Security Intelligence Index 2014 estimated that 95% of all cyber security incidents investigated by IBM involved human error. In such an environment, a business can and should no longer operate in faith that it is secure so long as its hardware and software systems are updated.
11 Another step is to learn from the experience of others in the business community, and from expert practitioners. Platforms for knowledge sharing such as this year’s National Security Conference are helpful in this respect. This year’s conference will focus on minimising vulnerabilities, especially on the ‘peopleware’ front. I would encourage businesses to take in the ideas and insights from today’s discussions, and turn them into long-term solutions that address their unique needs.
12 In conclusion, businesses today can no longer afford to see cyber security as a luxury, but need to treat it as a business priority. Strong cyber security capabilities can provide a distinct competitive edge. However, this requires much work, in strengthening hardware, software, and especially ‘peopleware’. I look forward to the discussions for the day, and I hope they will energise businesses to make that effort to stay ahead in the 21st century.
 Actual figure was 18.49%
Read more »