Cyber agency in Singapore urges orgs to adopt ‘essential cybersecurity measures’

Singapore’s Cyber Security Agency (CSA) is urging organizations in the country to fully adopt “essential cybersecurity measures” per its findings in a 2023 cybersecurity report. The CSA stated in a press release March 28 that it “believes that partial adoption of measures is inadequate, and unless all essential measures are adopted, organizations are still exposed to unnecessary cyber risks.”

“The findings show that while organizations have put in place some measures to protect their assets, this is not sufficient given the increasing frequency and scale of cyber threats that we are facing today,” David Koh, chief executive of the CSA, said in the release.

One of the main reasons organizations in Singapore have not adopted cybersecurity measures in full is due to a lack of knowledge or experience, with 59% of businesses and 56% of nonprofits citing this as the top challenge, per the report. In addition, the findings show that 46% of businesses and 49% of nonprofits didn’t perceive themselves as a likely target of a cyberattack.

Ramping up investments. This year alone, companies in Singapore have made moves to strengthen cybersecurity infrastructure, with the country’s central bank partnering with Mastercard in a memorandum of understanding to bilaterally share “cyber threat intelligence to raise cyber situational awareness in the financial services sector.” The CSA also signed an MOU with NTT Data, a Japanese multinational IT company, that has reaffirmed its commitment to Singapore via an “investment of USD $10 million aimed at nurturing young talent to lead the country’s innovation journey,” according to a press release from the company.

“However, with cyber threats rising in scale and sophistication, we are only as strong as the weakest link,” Veronica Tan, the director of the Safer Cyberspace Division at the CSA, told IT Brew in an email per the CSA comms department. “Cybersecurity is a team effort and it is important for the entire cybersecurity ecosystem—including government, academia, and businesses—to work together to raise the level of resilience of our digital systems.”

Tan noted that the Singapore government is working to provide organizations with support as they tackle cybersecurity challenges and seek to improve on cyber preparedness, “but this will not be enough,” she said, adding that one-third of organizations cited “low return of investment” as a key challenge in implementing cybersecurity measures.

“With the rise of digitalization and systems becoming more interconnected, the risk of cyberattacks such as supply chain attacks will also grow globally. Hence, we urge all organizations to view their investment in cybersecurity as a competitive advantage in business, not just as a technical afterthought,” she said.

Zoom out. Though the CSA report revealed a need for more rounded-out measures among businesses and nonprofits, compared to global results from the 2024 Cisco Cybersecurity Readiness Index, Singapore still appears to be on the right track—this in comparison to the Cisco stat that only 3% of organizations around the globe have a “‘mature’ level of readiness needed to be resilient against today’s cybersecurity risks,” a news release read.

“Singapore’s cyber strategies could be considered…similar to those in the US and EMEA [Europe, the Middle East, and Africa] but more mature when compared to developing countries in the APAC [Asia-Pacific] region,” Yihao Lim, a lead threat intelligence advisor for the Asia-Pacific region at Google-owned cybersecurity firm Mandiant, which is based in the US, said in an emailed statement.

“Some key drivers toward Singapore’s cyber maturity are largely related to Singapore’s push toward a Smart Nation; as a key regional financial hub and valuable lessons learned from past cyber incidents,” Lim, who is based in Singapore, said.