IT Vulnerabilities in Industries | Cybersecurity | softScheck Singapore

IT-Vulnerabilities-in-Industries-1

Cybersecurity in Singapore and Which Industries Are The Most Vulnerable

Cybersecurity protects all categories of data, such as sensitive data, intellectual property, government and industry information systems, personally identifiable information (PII), and protected health information from theft and damage. This is more important now than ever in today’s world, where people store vast quantities of data on computers and other devices connected to the Internet.

Much of this data is sensitive and can be used by cyber criminals if they breach security and gain access to the data. Cyber criminals can cause massive problems by sharing sensitive information, using passwords to steal funds or even changing data for their own benefit.

Due to the emergence of threats online, companies need cybersecurity to keep their data, finances and intellectual property safe, just as individuals too should take extra caution in safeguarding their private and sensitive information.

Cybersecurity in Singapore

Singapore has unveiled an updated national cybersecurity strategy in 2021 to take a proactive approach in defending its infrastructure and boosting capabilities as new cyber threats and technological shifts emerge. The Cyber Security Agency of Singapore (CSA) will study which of Singapore’s critical information infrastructures are most at risk with IT vulnerabilities and whose disruptions could have significant repercussions.

The updated national cybersecurity strategy focuses on capability development such as technical capabilities to detect and analyse malicious cyber activities to protect critical information infrastructure in critical sectors such as healthcare and water. It also aims to raise the overall level of cybersecurity across Singapore by making cybersecurity easy and convenient for all end-users.

Industries vulnerable to cybersecurity threats

Some industries are more vulnerable to cybersecurity threats as cybercriminals can either get financial gain or capitalise on the sale of stolen data from them. For example, cybercriminals can virtually steal money from a huge number of bank clients or target sensitive data of individuals from governments to sell. For the community to continue reliance on public or financial services, government bodies and financial institutions need cybersecurity to deter attacks.

Let’s take a look at which industries can most benefit from ramping up their cybersecurity efforts:

Government

Cybersecurity challenges in government agencies are rising at a quick scale in Singapore. External cybersecurity service agencies can work with government bodies to create a resilient and trusted public service cyber environment. Government agencies can work with a cybersecurity consultancy with extensive experience in government linked projects to ensure accurate measures are carried out professionally and the design, implementation and operation of the systems are in compliance with industry standards.

Banking and finance

The cybersecurity threats to the banking and finance industry is not new. It is crucial for organisations in this industry to partner alongside a trusted cybersecurity agency that has a strong research culture to maintain technical knowledge and concrete working solutions to overcome complex issues. The industry institutions should be more vigilant and effective in technology risk management practices in line with industry-recognised guidelines such as the MAS Technology Risk Management Guidelines (MAS TRM) and ABS Penetration Test Guidelines. Offensive exercises can complement the defensive layers to assess the effectiveness of the organisations’ defences with the goal of improving preparedness to detect and respond to cyber threats.

Healthcare

The healthcare industry faces a dramatic increase of cybersecurity challenges, fuelled by global crises. Healthcare is a critical sector for Critical Information Infrastructure in Singapore. Compliance to requirements from CSA Cybersecurity Code of Practice for CII, Healthcare IT Security Policy and Standards Version 3.0 (HITSPS), and the Committee of Inquiry’s (COI) recommendation from the SingHealth attack is needed to align with the national cybersecurity strategy requirements.

Infocomm and media

The security of infocomm and media is important as these industries are critical pillars in creating a vibrant economy and connections to the global community. Cybersecurity frameworks need to evolve rapidly and there is a pressing need for organisations to keep up with trends and new strategies to stay ahead of the curve. Telecommunication operators and internet service providers can engage cybersecurity services to conduct preventive-approach assessments and put strategies in place.

Aviation, maritime and land transport

While the transport industry is benefiting from adopting digital technologies to enhance operations and improve customer service, a key challenge is to mitigate the cybersecurity risks that come along with it. With a deep understanding of IT and OT systems, organisations can comply with the governance frameworks introduced by The Land Transport Authority (LTA), Maritime and Port Authority (MPA) and Civil Aviation Authority of Singapore (CAAS).

IT vulnerability assessment and penetration testing in Singapore

An extensive Vulnerability Assessment (VA) is the best way to protect your organisation against any potential crippling of your vital network through cybersecurity attacks. The assessment is a highly technical evaluation designed to yield as many vulnerabilities as possible and utilising a systematic approach to remedy critical weaknesses.

VA is the best approach to cybersecurity. It is a sound return of investment of time and cost to get an overview and measure the company’s asset exposed risks, especially for companies that have many assets and little manpower to cover the grounds. VA is tools-driven, with a signature database that is constantly updated to follow the latest security trends.

Once the VA has been performed and the company has an overview of the assets risk, they can then narrow down the assets that require further exploitation testing or assets that the company is concerned about based on their assets’ criticality. Where more depth is required, a Penetration Test (PT) can then be used for further examination, to check for ease of and impact of exploitation. PT relies on a cybersecurity consultant’s expertise and experience in executing manual testing based on industry recognised methodologies.

When the vulnerabilities in your organization’s network security have been identified through the assessment, they are assigned a severity and remediation priority to help the organization prioritize the fixing and ensure your organization is secured against cybercriminals. It is advantageous to engage cybersecurity consultancies like softScheck to use the latest industry-specific tools and conduct Objective-based Penetration Testing (OBPT) as a complementary step to PT.

While VAPT focuses on discovering cybersecurity vulnerabilities based on assets, OBPT is geared towards achieving specific objectives. OBPT focuses on 3 dimensions — People, Process and Technology, while VAPT focuses only on the Technology dimension. In this assessment, softScheck and the company will brainstorm to determine the company’s crown jewel and set real-world scenarios and objectives that are commonly used by cybercriminals to attack this high-value asset. This kind of assessment simulates and measures whether the company is able to quickly detect and defend themselves when these real attacks happen.

softScheck is one of Singapore’s leading cybersecurity consultancy. Backed by an in-house team of highly experienced security consultants and project managers, softScheck can help organisations secure their internal networks from a range of cybersecurity risks. Get in touch to let our talented team guide your IT vulnerability assessment and prevent attacks today.