According to the first Singapore Cybersecurity Health Report released last month by the Cyber Security Agency of Singapore (CSA), more than 80 percent of the 2,036 organizations surveyed in 2023 faced a cybersecurity incident that year. Of these, 99 percent said that they suffered negative effects on their operations such as business disruptions, data loss, and reputational damage. One of the most common cybersecurity attacks involves ransomware, a type of malware software that freezes and damages computer systems, which is then used to extort money.
The report noted that the biggest challenge in implementing cybersecurity is the lack of knowledge and expertise. Only one in three organizations have implemented three or more categories of measures in the Cyber Essentials recommended by the CSA. In the words of CSA, “A lot more needs to be done.”
Since 2021, Singapore has suffered serious losses from cybersecurity attacks and scams, posing substantial threats to individuals, businesses, and the nation’s security infrastructure. This commentary will also make two key recommendations and other suggestions to counter cybersecurity attacks and scams.
As the report suggests, over the past few years, Singapore has experienced a notable increase in the frequency and sophistication of scams and cyberattacks. Ransomware, phishing, investment scams, and fraudulent transactions have become alarmingly prevalent. According to the Singapore Police Force (SPF), scam victims in Singapore lost about S$632 million in 2021, S$660 million in 2022, and S$651 million in 2023. The cumulative scam losses in the city-state since 2021 will likely soon exceed $2 billion. Around the world, cybercriminals have struck businesses and critical infrastructure sectors, such as healthcare and finance, exploiting vulnerabilities in systems and networks.
One major factor in this surge of cybersecurity attacks and scams is the swift digitization of Singapore’s economy and society, in addition to the rising number of criminals. Singapore has among the highest internet penetration rates in the world (99 percent) and that also makes Singaporeans unusually exposed to online threats. Technological advancements in communications have also widened the attack surface for online malefactors. Scams can be conducted using phones and laptops. Cybersecurity attacks such as the use of ransomware can be done silently and swiftly online. Savings and assets can be stolen within an hour by these cyberattacks. The proliferation of interconnected devices, reliance on cloud services, and the adoption of emerging technologies like the Internet of Things and artificial intelligence have created new opportunities for exploitation.
To overcome these threats, effective measures are essential. First, enhancing public awareness and education programs is paramount. Citizens and companies must be equipped with the knowledge and skills to identify and report suspicious activities, as well as to protect themselves from criminal scammers and hackers. Government agencies, educational institutions, and private organizations should collaborate continuously to disseminate timely information about common scams and cybersecurity best practices.
The SPF has produced weekly scam bulletins and an Anti-Scam Resource Guide, in addition to setting up an Anti-Scam Helpline and the ScamShield app for mobile phones. The local media has also actively publicized scam cases in their online and printed reports. The InfoComm Media Development Authority has introduced a multi-layered approach to combat online scam SMS and scam calls. However, scammers continue to find new ways to counter these defenses, and develop new scam techniques.
Despite these efforts, Singapore needs to take a more proactive and effective approach to educating and equipping the population with the pertinent knowledge and skills to protect themselves successfully. The first key recommendation is to conduct regular online asynchronous or synchronous cybersecurity and anti-scam education courses bimonthly to inform, train, and update all citizens and residents, who will then be tested on their knowledge and skills. To facilitate the learning, these essential digital defense courses can be conducted in a concise, effective manner online, coupled with relevant assessment, prompt feedback, and purposeful application of knowledge and skills.
As a result, people and organizations will be informed, trained, and tested so as to better defend themselves against scams and cybersecurity attacks. As articulated by the Government Parliamentary Committee for Communications and Information in January, Singapore should seek to create stronger partnerships between the public and private sectors, and with individuals, to deepen the focus on educating people on digital literacy, scams, and other online harms.
Strengthening the country’s cybersecurity frameworks and regulations is also imperative. Singapore has made purposeful strides in this regard with initiatives such as the establishment of the CSA, which plays a leading role in cybersecurity in Singapore. Continual refinement of policies, regular cybersecurity audits, effective programs and robust incident response mechanisms are vital to staying ahead of evolving threats.
As the CSA has proposed, organizations need to conduct their cybersecurity health check and implement the Cyber Essentials so as to equip themselves with good cyber hygiene and stay protected against cyberattacks. CSA has urged full adoption of the essential cybersecurity measures so that organizations will not be exposed to unnecessary cyber risks. The CSA’s Chief Executive David Koh noted that “while organizations have put in place some measures to protect their assets, this is not sufficient given the increasing frequency and scale of cyber threats that we are facing today.”
The second key recommendation is to set a clear timeline and follow-up measures for the implementation of the CSA’s Cyber Essentials for all companies in Singapore. The proposal is to establish a deadline, for instance at the end of this year, by which point all company directors would be required to sign a declaration stating that their organizations have implemented the essential cybersecurity measures. Random checks can be conducted and if there are gaps and inadequacies, warnings and guidance should be given to them. Given the hundreds of millions that are lost each year, Singapore needs to take a stronger stance in boosting its defenses.
Successfully addressing the challenges posed by scams, cybersecurity threats, and AI-driven risks requires multifaceted cooperation. Countries need ongoing vigilance, constant efforts and partnerships among academia, government, industry, and the broader society. As Singapore navigates the complexities of the digital age, protecting its people and safeguarding its assets, while preserving trust in this digital infrastructure should remain top priorities. Individuals and companies also need to take action regularly to safeguard themselves and their assets.
In conclusion, the surges in cybersecurity attacks and scams highlight the urgent need for proactive measures to enhance cybersecurity resilience and education. By raising public awareness, strengthening collaborative and proactive efforts, harnessing technology and AI-driven solutions, as well as enhancing education and training more vigorously, Singapore can counter the risks and build a safer and trusted digital ecosystem for its citizens and businesses.