Singapore Health Services (Singhealth) experienced a cyber attack recently that has forced the topic of digital threats to the forefront of our media outlets.
It is an uncomfortable feeling to be the victim of a cyber attack, isn’t it? Any personal data that is accessed by unauthorized parties is unpleasant but health-related data only compounds that feeling of discomfort. The recent cyber attack on Singhealth was a gross violation of personal privacy, critical infrastructure and to make matters worse it is being reported that the breach may have been orchestrated by another country or state-sponsored attackers.
- Who is responsible and who do we blame?
- What happened to our cybersecurity strategy?
- Where are our defense funds going?
- Why didn’t the government act to prevent it?
- Does a state-sponsored cyber attack constitute a defacto act of war?
All of the above are interesting questions but not the questions we should be asking nor the issues we should be focusing on.
The fact of the matter is that this was not the first cyber attack to occur in Singapore and nor will it be the last. As a nation, Singapore has experienced a multitude of publicly reported cyber attacks ranging from those that targeted civilians all the way up to MINDEF.
OTA’s Cyber Incident & Breach Trends Report found that cybersecurity attacks doubled from 82,000 in 2016 to 159,700 in 2017. It is assumed that the majority of cyber attacks are never reported and therefore it is estimated that real figures for 2017 could amount to 350,000 attacks. This is only related to ransomware!
Granted that the Singhealth breach is enormous in terms of scale and psychological impact but the fact is that while it is easy to point at the failures we must also take a moment to celebrate the actions taken by the Singaporean government and its various security forces in preventing the onslaught of cyber attacks that this country faces.
There is no hermetic seal against cyber attacks and so the question is, what can we do to prevent the “next Singhealth”? As private civilians, all we can do is demand accountability and proactive measures from our governments. We must support our governments in their research and budget allocations towards measures that will safeguard our digital identities. We must also accept that failures will occur and that this is an ongoing struggle against malicious private and state-sponsored actors.
The battle is not exclusively on a government scale though. According to the Cyber Security Agency of Singapore (CSA) almost 40% of cyber attacks in Singapore target Small and Medium Enterprises.
Businesses are targeted all around the world on a daily basis and that is where we as business owners, employees and private civilians can take immediate action. We must first adjust our psychological approach to cybersecurity.
- We must accept that this threat is real and only once we do that can we start to take practical actions to safeguard ourselves. No one likes to think about our mortality as humans but once we accept it we can begin taking care of our health in meaningful and practical ways. There should be no difference when it comes to cybersecurity.
- We must accept that human and financial resources allocated to cybersecurity are not lost resources. Like any good offline insurance, taking steps against cybersecurity should give you the peace of mind that you are protected but you should hope that you never actually have to make use of it. Preemption and prevention matter!
- We must accept that as mentioned there is no hermetic seal against the threats we face online. Minimizing the potential victimization of our data, the data of our customers and the data from our businesses is critical. Increasing the number of layers between us and potential hackers is the best course of action we can take.
So is this all a complicated process? We are after all talking about cybersecurity, mysterious and anonymous hackers, breach of data being stored in digital clouds and so on. It can be complicated! It doesn’t have to be though.
Two Factor Authentication and cybersecurity strategies for SMEs should be made simple, cost-effective and frictionless. Through the use of easy to understand technical integration documents and fairly priced as well as free solutions, there are services like ours at Twizo that addresses this market. At Twizo, we are consumers before we are business owners and so our objective really is to see a more secure digital environment so that we can rest easy knowing that our data is safe. We have approached this problem with three things in mind.
- Integration for businesses must be simple and so we offer one-line-of-code integration options with our widgets, ready to use plugins for a variety of 3rd party platforms and an easy to navigate API
- Free and paid solutions to address the budget needs and abilities of all of our partners
- Six ways to authenticate a user with more on the way so as to have an authentication flow that suits the preferences of any consumer
The struggle to protect ourselves online is an ongoing battle that is only going to intensify in the years to come. It is the responsibility of governments to safeguard our national assets and it is the responsibility of civilians to demand that they do so.
Start by ensuring your businesses and services are safeguarded as well. There are plenty of service providers in the cybersecurity and two-factor authentication space who stand ready to help you.
This article was contributed by Twizo Chief Commercial Officer, Eric Dadoun.
About the author
Eric brings a world of knowledge, relationships and experience with him built on 15 years in the startup, tech and business world after having started his first company at 17 years old.
Eric now plays an integral role at Impiro and within some of its portfolio companies, Silverstreet and Twizo included, in terms of driving partner relationship development, strategy and new initiatives. His strong focus on providing great value, transparency and dedication to his partners has become synonymous with his approach to business and a foundational aspect of everything he does at the group.
Eric was born in Canada and is today based out of Singapore.
The views expressed by the author do not represent the views of Tech Collective. To join our growing list of contributors, drop us a note here.