Singapore continuous to drive towards its Smart Nation goal, intent on being the world’s first. However, with such technology and the connectivity increase that naturally comes with it, data breaches and cyber crime are of increasing concern.
As Singapore becomes increasingly connected, the Smart Nation initiative will contribute a growing influence on the nation-states economy.
It is under these circumstances that Microsoft recently commissioned a study in collaboration with Frost & Sullivan, on the potential economic loss cyber security incidents, could have on Singapore.
The findings reveal that an estimated US$17.7 billion could be at risk due to cyber security incidents; representing six per cent of Singapore’s total GDP at US$297 billion.
While Singapore has done a lot in regards to its cyber security measures and has a long history of doing so, more can still be done.
In 2017, the nation topped a global cyber security index conducted by the United Nations (UN), rising to poll position from its 6th position two years earlier.
Some recent measures to combat cyber threats include the launch of the Cyber Security Agency (CSA) of Singapore in 2015, and the launch of a comprehensive strategy in 2016.
Furthermore, with the country holding the ASEAN chairmanship, Lee Hsien Loong, Singapore’s prime minister has made combating cyber crime as a top priority that requires a concerted collective effort from all member states.
The Microsoft commissioned study, titled “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World”, aims to provide business and IT decision makers with insights on the economic cost of cyber security breaches in the region and help to identify the gaps in organisations’ cyber security strategies.
Specifically, 1,300 business and IT decision makers were included in the study, which included mid-sized organisations (250 to 499 employees) to large-sized organisations (> 500 employees) across the Asia Pacific region, 100 of which from Singapore.
Some of the key findings include the knowledge that in excess of 50 per cent of organisations surveyed in Singapore have experienced a cyber security incident (20 per cent) or are not sure if they had one as they have not performed proper forensics or data breach assessment (33 per cent).
“As companies increasingly embrace the opportunities presented by the intelligent cloud and the intelligent edge, they must also embrace modern mindsets and approaches to security,” Microsoft Singapore CTO, Richard Koh, said.
"With traditional IT boundaries disappearing, cyber criminals are finding different ways to break into companies’ IT and OT assets."
Traditional security measures saw IT and OT as separate domains, but with the rise in connectivity and the Internet of Things (IoT), the IT and OT domains have been brought together. This ‘gap’ has led to a shortage of cybersecurity professionals with domain expertise in the OT space.
“With traditional IT boundaries disappearing, cybercriminals are finding different ways to break into companies’ IT and OT assets,” said Koh.
“If companies do not take active steps to modernise their platforms to secure identities, devices, apps and data estate, and infrastructure, they will be easy prey for cyber attacks, face the risk of significant financial loss, as well as sometimes long-term damage to customer satisfaction and market reputation — which some recent high-profile breaches have demonstrated."
Other findings from the study include the knowledge that large-sized organisations in Singapore can possibly incur an economic loss of US$13.8 million, more than 70 times higher than the average economic loss for a mid-sized organisation (US$177,000).
In addition, job losses from cyber attacks have resulted in six in 10 (57 per cent) organisations, across different functions, that have experienced an incident over the last 12 months.
To calculate the potential economic loss from cybercrime activity, Frost & Sullivan created an economic loss model based on macro-economic data and insights shared by the company’s who participated in the survey.
“Although the direct losses from cybersecurity breaches are most visible, they are but just the tip of the iceberg," Frost & Sullivan head of enterprise Asia Pacific, Edison Yu, added.
"There are many other hidden losses that we have to consider from both the indirect and induced perspectives, and the economic loss for organisations suffering from cyber security attacks can be often underestimated."
Digital transformation has become a hot topic in recent years, but while organisations are increasingly convinced of its benefits, they are putting off such a move due to security concerns, which are also highlighted in this study.
Namely that one in two (52 per cent) respondents have claimed they have put off digital transformation because of cyber risk fears. The report also identified several gaps in Singapore organisations’ cyber security strategies.
Such gaps include considering security as an afterthought, creating an overly complex environment, and lacking a comprehensive cyber security strategy.
“The ever-changing cyber threat environment is making it increasingly challenging for organisations to safeguard themselves, but there are ways to be more effective in their cybersecurity strategies by using the right blend of modern technology, strategy and expertise,” Koh added.
In particular, artificial intelligence (AI) is seen as an effective opponent against the rising cyber security threat as it can detect and act on threat vectors based on data insights.
The study revealed that 71 per cent of organisations in Singapore have either adopted or are looking at adopting an AI approach towards boosting cyber security.
Such an approach would empower organisations with predictive abilities that would enable them to fix or strengthen their security posture before problems emerge.
Additionally, it would also enable companies to accomplish tasks such as identifying cyber attacks, removal of persistent threats and fixing bugs, faster than any human could, making it an increasingly vital element of any organisation’s cyber security strategy.
AI is not the whole answer to combating risks posed from cyber crime, but it is an effective tool in managing and optimising data usage in order to add an additional layer of protection against a growing number of threats.