Speech by SMS Kiat How for the SG Cyber Safe Partnership Appreciation at SICW
Industry partners
Distinguished guests
Ladies and gentlemen
Introduction
1. Good afternoon!
2. At last year’s Singapore International Cyber Week (SICW), I launched the SG Cyber Safe Partnership Programme, and thanked the pioneer batch of industry partners joining the programme.
3. I thank these partners for your continued support and would like to welcome a new batch of partners today. I am here to emphasise three messages to everyone today.
a. No business – large or small – is safe from cyber-attacks.
b. We are making it easier for everyone to stay safe online.
c. Everyone can play a part.
Cybersecurity is for all businesses
4. No business – large or small – is safe from cyberattacks. Many SMEs think that they won’t be affected because they are small and less important. While they may not be the primary targets, SMEs can become collateral damage or be targeted because they are part of a large firm’s supply chain.
5. For example, just last year, the number of ransomware cases reported in Singapore went up by 54% , and SMEs made up the bulk of the affected companies. One of the incidents affected a private clinic, and more than 70,000 patients’ personal data were compromised .
6. In a separate data breach incident, the attacker allegedly compromised a retailer’s networks, gaining unauthorised access to the personal data of more than 300,000 customers and nearly 600,000 transaction records .
7. Businesses must take the cybersecurity threat seriously. We are seeing more sophisticated threats and more brazen bad actors. For example, with Ransomware-As-a-Service, criminals no longer need technical know-how to launch ransomware attacks.
8. They just need to go online and provide the target to a service operator, who will launch the attack. All transactions are done easily and anonymously. The service operator may even provide a portal that displays the status of infections and any other information about the target.
9. The SG Cyber Safe Partnership Programme is an important national initiative to help our businesses stay safe in the cyberspace.
Cybersecurity builds trust with customers
10. As part of this Programme, CSA launched a certification scheme for companies. These certifications can allow customers to identify firms that adopted good cybersecurity practices.
11. The scheme, which comprises the Cyber Trust and Cyber Essentials marks, are designed to suit the risk profiles and needs of businesses. Companies with more extensive digitised business operations can consider the Cyber Trust mark. This mark certifies that the company has put in place comprehensive cybersecurity practices and measures that are commensurate with their higher cybersecurity risk profile. Take 8x8 for example. It is a software-as-a-service provider. The Trust mark gives 8x8’s clients confidence that they are a trusted third-party software supplier.
12. The Cyber Essentials mark, on the other hand, is designed to be accessible for most SMEs. The simplified approach makes sure that companies focus on five key cyber hygiene areas such as cybersecurity awareness training for employees and implementation of protection measures against malicious software. An example would be Lushn Health, a Traditional Chinese Medicine clinic that has attained the Cyber Essentials mark certification. It was recently featured in LianHe ZaoBao. Lushn Health recognised that the Cyber Essentials mark provides their customers with greater confidence to transact with the company.
13. I am heartened to see 47 companies have received their certifications, with 16 in the process of being certified. I encourage more firms to participate in this scheme.
14. I am also pleased to announce that the Singapore Standards Council (SSC) has approved and published the Cyber Essentials and Cyber Trust mark certification as a national standard. This is an important milestone for the Certification scheme.
15. Technical Reference (TR) 106 “Tiered cybersecurity standards for enterprises” is the joint effort of representatives from industry and trade associations, professional bodies, academia, research institutes, government agencies and individual experts .
16. I am glad to see such wide support for the Trust marks amongst the standards community. I thank all of you for your contributions to this important effort.
Making it easier for businesses to be “cyber safe”
17. Cybersecurity certifications on the processes in firms are necessary but insufficient. The right set of products and tools are also crucial. However, businesses, especially SMEs, are overwhelmed by the many options of cybersecurity solutions and don’t which ones suit their needs better. Often at times, businesses don’t know even where to start.
18. I am therefore pleased to announce that CSA will be publishing an online directory of cybersecurity solutions providers to guide the decision processes of businesses.
19. Firstly, businesses benefit from greater transparency. Businesses will be able to review and compare the service providers’ track record, reference customers and whether the providers themselves are certified under the Cyber Essentials or Cyber Trust marks, amongst other information. Business can better navigate the many cybersecurity solutions in the market and select the providers that best meet their requirements.
20. Second, SMEs can tap on service providers in the listing to implement the cyber hygiene measures outlined in Cyber Essentials mark to stay protected against common cyberattacks and get the certification.
21. Third, we are also lowering the barriers to adoption. Some of the solutions providers’ offerings are also pre-approved under the SMEs Go Digital programme, so businesses can qualify for funding support when they use these solutions.
22. I encourage all businesses, regardless of where you are at your cybersecurity journey, to leverage available resources and apply for the Cyber Essentials or Cyber Trust marks.
Supporting and recognising businesses on their journey towards being “cyber safe”
23. Investing in cybersecurity takes resources, time, and effort, especially for SMEs. However, it is an important investment for our businesses, their customers and for Singapore.
24. We must get this message to all our businesses. Therefore, raising awareness of cybersecurity will continue to be an important priority for the government and CSA. I am happy to share with everyone that CSA will ramp up its “Staying Cyber Safe” series to raise awareness amongst the business community.
25. I thank the partners who have been working with us to advocate the importance of cybersecurity and welcome new partners to work with us on this effort.
26. Besides the “Cyber Safe” series, we want to celebrate the achievements of SMEs that have done well and hope that these pathfinders and trailblazers will inspire others.
27. I am happy to announce that CSA and the Association of Trade and Commerce (ATC) will introduce a Cybersecurity Excellence Award to recognise SMEs that have implemented good cybersecurity measures. These SMEs must also have minimally attained the Cyber Essentials certification.
28. The nomination window is now open. Please nominate SMEs that you know that have done well. You can also nominate yourself!
Conclusion
29. In summary, we are making good progress in creating a safer cyberspace for all. I am heartened by our progress.
30. We are doing more to help our SMEs be “cyber safe”. I am heartened that many SMEs are taking steps to do so for themselves and for their customers.
31. We are also building up a vibrant ecosystem of cybersecurity service providers to support our businesses. SMEs can access these providers through the online directory that CSA will be publishing.
32. Like our fight against the COVID-19 virus, staying safe online requires everyone to play their part. I look forward to your continued support and participation.
33. Thank you and I hope you enjoy the rest of the afternoon here at SICW.
————————————————————————————————————————–
1 CSA Cybersecurity Landscape Report 2021
2 https://www.straitstimes.com/tech/tech-news/nearly-73500-patients-data-affected-in-ransomware-attack-on-eye-clinic-in-spore
3 https://www.straitstimes.com/singapore/consumer/police-investigating-furniture-retailer-vhives-data-breach-customer-information
4 Under the Singapore Standardisation Programme, the Technical Reference (TR) is approved by the IT Standards Committee (ITSC).