SINGAPORE – Thanks to the Covid-19 pandemic, 2020 has been a year marked by rapid digitalisation at an unprecedented pace.
But this process has also come with increased cyber-security risks in the form of QR code scams, WhatsApp hijacking and phishing e-mails, as hackers and scammers look to exploit the opportunities that have opened up to them with more companies and individuals going online.
Experts speaking in a Digitalisation and Cyber security webinar organised by The Straits Times on Wednesday (Dec 9) warned of the dangers lurking online, and how to guard against them.
Cyber Security Agency of Singapore (CSA) chief executive David Koh, who was among the four panellists, noted that the agency has seen 60 ransomware cases from January to October, almost twice the 35 cases reported last year.
Ransomware is malware that infects unprotected computers and locks them down with a note demanding ransom.
“Our dependence now on the digital infrastructure – our smartphones and computers – has gone up tremendously (because of Covid-19). It also means that the cyber attack surface, the angles at which the bad guys, the malicious actors, the crooks can attack us, have gone up as well,” said Mr Koh.
“We see many themes in phishing e-mails, many of them about Covid-19. I fully expect the crooks will now pivot and be talking about vaccines next.”
Mr Koh was joined at the webinar by Associate Professor Steven Wong from the Singapore Institute of Technology, Associate Professor Chang Ee-Chien from the National University of Singapore School of Computing, and Mr Benjamin Ang, head of the Cyber Homeland Defence programme at the Centre of Excellence for National Security.
Mr Ang recounted how, in his capacity as a member of the Internet Society Singapore chapter’s executive committee, he once received a phishing e-mail that impersonated the society’s incumbent president to ask the treasurer to transfer some money out of a bank to pay a vendor.
A phone call to the president confirmed that no such e-mail had been sent, and the transaction was aborted.
“And that comes down to the culture in organisations. Our organisations need more digital empathy,” he said.
“Organisations have to be able to say, ‘Okay, I’m going to give space for you to stop and think before we push the button.’ We don’t want to build a culture where, the moment I see an e-mail asking me to transfer money, I do so straight away.”
In October, the CSA launched its Safer Cyberspace Masterplan to raise the general level of cybersecurity across Singapore, including through free cyber-health screenings for businesses and the use of artificial intelligence to sniff out security threats in key infrastructure, including broadband and 5G networks.
Mr Koh likened what the CSA is trying to do to how national water agency PUB manages Singapore’s water supply.
“The problem today is that companies and enterprises are trying to purify their own water when it comes to cyber security, and so are individuals, who are doing the equivalent of tying a sock to the tap and hoping that filters the water to some extent,” he said.
“It will be more efficient and effective if we (the CSA) can do it upstream, similar to what PUB does for the real water supply.”