MCI response to PQ on Public Sector and Companies' Readiness to Deal With Ransomware Attacks

04 OCT 2021

Parliament Sitting on 4 October 2021

QUESTION FOR WRITTEN ANSWER

64. Mr Desmond Choo: To ask the Minister for Communications and Information (a) what is the Ministry’s guidance to public sector agencies and private companies who are victims of ransomware; (b) how many cases have been reported to the Ministry over the last three years; (c) whether the Ministry can consider setting standards for cybersecurity; and (d) what are the Ministry’s plans to upgrade Singapore’s and SMEs’ capabilities against ransomware.

Answer:

  1. Mr. Speaker, ransomware has become an issue of increasing concern for Singapore, and the world. 

  2. Ransomware incidents have increased significantly in Singapore – we saw a more than fourfold rise in ransomware incidents reported between 2018 and 2020, from 21 to 89 cases. In the first half of 2021 alone, 68 cases were reported to the SPF and the Singapore Computer Emergency Response Team (SingCERT). It is likely that there were more cases that were not reported. This trend mirrors the rise of the ransomware threat globally, with increasing use of digital devices and growing sophistication of cyber criminals.

  3. If you fall victim to a ransomware attack, the Government does not recommend the payment of ransoms. These attackers are criminals, and the payment of ransom does not guarantee that the victim will be able to restore its systems, or that the data will be decrypted as promised; or that the data that was stolen will not be published eventually. The payment of ransom also encourages these cyber criminals to continue their malicious activities and target more victims. Cyber criminals may view organisations that have paid up as a soft target, and attack them again. Instead, we encourage everyone to adopt good cyber hygiene practices to minimise the risk of falling victim to ransomware.

  4. To this end, prevention is key. SingCERT issues advisories on measures that businesses and individuals should adopt to better secure their systems. These include regularly updating software, using strong passwords, and enhancing monitoring to detect anomalous activity. 

  5. However, attackers are always looking out for weak points to exploit, and businesses need to be prepared so that they can recover from an attack and restore businesses operations with minimal delay. Businesses should identify their business-critical assets and functions, and ensure that they perform back-ups of critical data and operating systems regularly. Importantly, these back-ups should be kept offline to allow rapid restoration of systems. Businesses should also practice their incident response and business continuity plans to ensure that employees know the required responses to any form of cyberattack. This is similar to running fire drills. More details on these measures are available on SingCERT’s website.

  6. The public sector takes a tiered approach to defending our systems and data. First, Government agencies have cybersecurity measures in place to prevent malicious attacks, including ransomware. Second, agencies closely monitor their networks and systems for anomalous activities, to detect and arrest security breaches that manage to overcome these preventive measures. Finally, business continuity measures, including data backups, are in place to enable speedy recovery. These measures are exercised regularly to familiarise public officers in handling ransomware incidents.

  7. The Cyber Security Agency of Singapore (CSA) is working towards raising the cybersecurity posture of enterprises in Singapore. Under the SG Cyber Safe Programme, CSA is developing Cybersecurity Toolkits, which serve as a starting point for businesses to implement appropriate cyber measures. CSA is also developing a SG Cyber Safe Trustmark, which will help customers and partners identify enterprises with good cybersecurity measures. Details of these will be made known in due course. 

  8. Mr. Speaker, the Government takes the ransomware threat very seriously. The recent Colonial Pipeline incident in the US is an example of a ransomware attack that has spillover effects into the physical world, and can cause significant disruptions to our daily lives. It is important for enterprises to put in place measures to safeguard their systems and networks to minimise the risk of falling prey to ransomware attacks, and also be able to recover quickly should they suffer a ransomware attack. This is why the Government is developing information resources to empower businesses to better protect their systems and networks. But we cannot do this alone. Cybersecurity is a team sport and we need everyone to play their part. We encourage all enterprises to make use of these resources once they are made available.