ISCA Lunch Talk On Cyber Hygiene

The ISCA Lunch Talk on June 19, titled “Making Cyber Hygiene Your Organisation’s Top Digital Priority”, reinforced the importance of building a firm foundation in cybersecurity, provided an overview of prevalent cybersecurity risks, and discussed the urgent need to implement robust cyber hygiene practices.

The event, held at ISCA House, was conducted jointly by Alvin Neo, Director for Cybersecurity, Crowe Singapore, and Veronica Tan, Director of Safer Cyberspace Division, Cyber Security Agency of Singapore.

Against the backdrop of the evolving cyber threat landscape, organisations must ensure that they have put in place robust hygiene measures to mitigate risks, and to fortify their cyber resilience. Some of these risks include those associated with digital transformation and artificial intelligence (AI).

The speakers highlighted that over 80% of organisations in Singapore have encountered at least one cybersecurity incident within a year. They also shared that with the rapid adoption of digital technologies, AI and cloud services increase our exposure to cyber threats. Key risks include AI-generated misinformation and machine learning threats, ransomware, malware attacks, phishing scams, and sophisticated data breaches, which often exploit human and third-party vulnerabilities. Also, AI tools, while beneficial, pose risks such as deepfake technology and AI-powered phishing; these risks demand enhanced vigilance and countermeasures. Cybercriminals are also leveraging AI to develop complex phishing scams and social engineering techniques that imitate human behaviour and evade traditional security measures by adapting their tactics in real time based on collected data.

Participants were also introduced to the key components of cyber hygiene:

• Assets: Identifying and securing assets (hardware and software)
• Secure/Protect: Implementing antivirus, malware protection and access control systems
• Update: Updating software and firmware promptly
• Back up: Backing up critical data and storing them securely
• Respond: Developing and regularly updating an incident response plan to detect, respond to, and recover from cyber incidents

The speakers also shared that maintaining organisation-wide cyber hygiene is crucial for legal and operational reasons. For compliance, it ensures adherence to regulations like the Personal Data Protection Act, Monetary Authority of Singapore guidelines, and Cybersecurity Act 2018. Good cyber hygiene practices also help to prevent losses from breaches, lower cybersecurity insurance premiums, and maintain trust with customers and stakeholders.

Organisations were also encouraged to achieve their Cyber Essentials Certification. The Cyber Essentials mark is a national cybersecurity certification tailored for organisations, particularly small and medium-sized enterprises, beginning their cybersecurity endeavours. Geared towards entities with restricted IT and/or cybersecurity proficiency and resources, this mark facilitates the prioritisation of essential cybersecurity measures to shield their systems and operations.

Crowe Singapore is among only a handful of appointed and onboarded cybersecurity consultants by the Cyber Security Agency of Singapore, to provide Chief Information Security Officer as-a-Service (CISOaaS) solutions and assist enterprises in achieving their Cyber Essentials Certification.