Armed and ready? – Singapore’s challenges in maintaining cyber security
Cyber security crimes in Singapore are estimated to be over $1 billion annually, according to various reports. This includes theft of confidential business information. Cyber criminals hacked company networks, banks and finance ministries to acquire insider information for the purposes of financial manipulation, which cause a crippling effect on government and financial institutions. According to a 2013 Norton report, Singapore cybercrime victims had the highest average per capita losses worldwide in 2013, of US$1,158. This is four times the global average of US$287 and twice the figure set 12 months earlier in Singapore, indicating the growth of the problem.
Growth in Singapore’s data security market?
Singapore has been actively building up its local infrastructure and ecosystem to combat international data security threats, including the setting up of the the Cyber Security Agency and the establishment of the National Cyber Security Masterplan 2018. As increasing adoption of mobile, cloud, social and information technology drives demand for new security technology and services, analysts estimate that Singapore’s data security market could possibly grow to be worth billions of Singapore dollars over the next two to five years.
In fact, information and communications technology experts interviewed by M-Brain in a dipstick poll in October this year warned that data security concerns are holding back the adoption of cloud technology services in Singapore, over and above other key issues such as lack of funding, awareness, standards or suppliers. A significant two thirds of the total respondents (67%) interviewed said that data security is a “serious” or “very serious barrier” to cloud computing adoption. Furthermore, 43% of respondents said that the lack of in-house expertise represents a “serious” or “very serious” barrier to cloud computing adoption. Singapore’s focus on cyber security will be imperative for the development of cloud computing and other technology sectors.
It is hence not surprising that global information security players such as Avast, FireEye, Kaspersky Lab, Palo Alto Networks, Trustwave and Wurldtech have recently set up office in Singapore, where the biggest demand for data security services are expected to be found in the government, healthcare and banking sectors.
|Biggest buyers in Singapore
Verticals with “high” or “extremely high” demand for data technology services, such as big data analytics, security etc.
|% of respondents|
|Consumer & Retail||54%|
|Manufacturing & Industrial||35%|
Source: Dipstick poll of 31 information and communications technology sellers and buyers, M-Brain, October 2015
Cyber security credentials: issues and challenges in Singapore
While all these are very welcome developments, two main factors hold up our efforts to build our cyber security credentials.
First, the shortage of cyber security talent is a real issue. Singapore’s efforts to increase its pool of data security experts will mean that the professional education market will have to resort to bringing in experienced trainers from overseas. A faster route to talent development may be through knowledge transfer from specialist companies, as seen by FireEye’s manpower training programmes which have been accredited by the Infocomm Development Authority.
Another challenge is the different rates at which the issue of cyber security is being tackled across ASEAN. Multinationals here often operate regional technology systems across countries where the implementation of comprehensive national cyber security strategies is inconsistent. On a country-by-country basis, Singapore has a five-year national cyber security masterplan in place. Its national Cyber Security Agency brings the management of 10 critical information sectors including banking, telecommunications and transportation under one roof, to ensure that they are operationally capable of responding quickly to rapidly changing cyber threats. Although Malaysia does not have a standalone cyber security strategy, it does have a collection of policies and strategies, and its government plans to completely revise and strengthen this suite of policies by 2017. Meanwhile, Indonesia and Vietnam are in the early stages of developing national cyber security strategies.
The priorities of the ASEAN Economic Community, to be officially launched on December 31 this year, will first centre on removing barriers relating to services and non-tariff barriers such as local ownership rules, streamlining customs processes, documentation requirements as well as the ratification of the ASEAN Open Skies agreements. In this context, the alignment of different cyber security regulations may be placed on the back burner for now.
Cyber security experts and companies who are looking at entering the ASEAN region have a sizable task ahead of them; from identifying regulatory requirements to understanding customer structures in order to target the right contacts. Market entry, whether through the organic or inorganic route, should also be considered in light of the talent shortage. In entering any market, it is critical to first conduct comprehensive customer intelligence and identify the right partners who have as wide a route into supply chains in ASEAN as possible. Helping to ensure a smooth entry for such technology specialists will widen the availability of the talent we need and help companies here tread the regional minefield of cyber threats.
By Kim Khoo