Singapore’s recent SingHealth cyberattack, affecting 1.5 million patients in Singapore, demonstrate why today’s enterprises must be prepared for similar attacks to occur in their organizations. They must also be aware that their current operations may well be impacted as a result of this breach.
With the growing proliferation in the number and vastly different endpoints accessing a company’s network, securing end-to-end control over the network is now more important than ever. Cyber attacks today are rapidly evolving to become more sophisticated, harder to detect, and able to bypass traditional security tools installed solely for meeting threats.
Frost & Sullivan believes that enterprises need to proactively evaluate their threat defense immediately in light of the possible impact from the attacks.
Personal identifiable information has been stolen and must be assumed that this may be readily available to criminals
As a result of the personal identity data theft, cyber criminals may already have access to this information and be using it. This is evidenced by the fake SMS messages that are circulating, phishing for more information.
According to Spike Choo, Director, ICT, Asia Pacific at Frost & Sullivan, such incidents are likely to occur more often given the widespread use of devices to connect to the Internet.
“Enterprises have to be prepared that the stolen information can potentially be used for unethical purposes such as identify theft or phishing attacks. To safeguard against such attacks, enterprises should implement additional verification and authentication checks before processing any customer requests,” Choo noted.
Once personal identifiable information has been compromised, enterprises that rely on such information for verification before processing customers’ request will have to be more stringent and implement additional safeguards or verification checks to prevent fraudulent transactions. Following the cyber attack, the Monetary Authority of Singapore has issued a circular to all financial institutions, directing them to immediately tighten their customer verification processes to include additional information for verification such as One-Time Password, PIN, biometrics, last transaction date or amount, etc.
Organizations need to be more proactive in managing their cyber risk
Even if they are not the direct targets of the attacks, they could still be vulnerable as the leaked information can be used against them. Given the sophisticated nature of possible threats, there is a need for enterprises and security vendors alike to utilize more intelligent and accurate methods in threat detection and remediation.
Frost & Sullivan believes that organizations today must adopt a holistic security strategy, comprising the right balance between security mindsets, tools and skill sets.
Assess your company’s IT systems to check for breaches
Enterprises should check for breaches in their systems. Most organizations are not aware their systems have been hacked. Based on analysis by Frost & Sullivan, most organizations have not performed regular cyber security assessments, which likely means that their systems could potentially be under threat.
In fact, many enterprises could have a breach in their systems and not even know. Kenny Yeo, Industry Principal with the Asia Pacific cyber security practice at Frost & Sullivan believes that more needs to be done.
“We have noted that most enterprises only focus on cyber security technology and solutions to keep their organizations safe from cyber attacks. However, there is a need for clear and defined processes and staff adequately trained to handle security incidents, if they do occur. As such, there is a need for holistic preparation to be done across every part of the organization to ensure it is cyber secure,” Yeo explained.
Planning ahead – it is not “if ” but “when”
Most organizations only focus on technology and cyber security solutions but when it comes to people and processes, most are unprepared. Relying on security tools are not enough; there are bound to be sophisticated attacks that require highly skilled professionals to deal with these situations.
Examples include having a detailed and comprehensive incident response plan and breach notification plan that involves all departments in an organization as well as detailing the processes and reporting lines in the event of an incident happens. For instance, how should staff react when receiving a suspicious looking email? Also, whom would be the first point of contact once a breach occurs?
Creating a cyber secure culture
As a preventive measure, there is a necessity to create a cyber secure culture permeating all levels of the organization, with a focus on essential training for internal staff. Besides learning how to address common attacks, they should also be aware of traditional attack methods such as email phishing and (business email compromise) CEO impersonation. Most importantly, general cyber security measures such as reinforcing proper computer hygiene and safe web practices training should not be neglected.
The economic costs of such a cyberattack have been massive as evident from the recent SingHealth cyberattack. Following the largest data breach incident ever to affect Singapore, all Smart Nation projects were put on hold as a thorough cyber-security review is being conducted across agencies.
There is a need for organizations to implement holistic enterprise security to prevent a similar cyberattack from happening to their organization affecting business processes. Being cyber ready should be a necessity, not just an option.
Source – PR Newswire