The release of the results of this year’s Symantec Internet Security Threat Report
(ISTR) coincided with the formal opening of the Singapore cyber-crime office of international police outfit Interpol on Monday and the inaugural Interpol World event
– a key focus of which was cybersecurity – in Singapore this week.
“Criminals and terrorists are taking advantage of technology, globalisation and rapid urbanisation,” Singapore’s Second Minister for Home Affairs S Iswaran said at the event
In Symantec’s report, Singapore ranked 33rd internationally and seventh-highest in the Asia Pacific region in digital extortion via social media.
But the finding most pertinent to HR professionals was the tactical shift by cyber-attackers, who were found to be increasingly hijacking the infrastructure of major corporations and using it against them.
“Attackers have stepped up their game by tricking companies into infecting themselves through Trojanised software updates and gaining full access to corporate networks without the need to even make any forced entry,” said Peter Sparkes, Symantec’s senior director of cyber security services in Asia Pacific and Japan.
Specific cyber-attacks highlighted in the report HR leaders need to be aware of include: the use of stolen email accounts from one corporate victim to spear-phish other victims higher up the food chain; attackers using management tools and procedures to move stolen IP around the corporate network before exfiltration (unauthorized transfer of data from a computer); and the building of custom attack software inside the network of their victims to further disguise their activities.
There were an estimated 6,404 ransomware attacks in Singapore in 2014 – the eighth highest in the APAC region.
So what can HR professionals and other business leaders do to help protect their company from a cyber-attack?
Symantec’s advice included:
HR professionals should also encourage staff to:
- Use advanced threat intelligence software: Find early indicators of compromise and respond faster to incidents.
- Have strong security technology in place: Implement multi-layered endpoint security, network security, encryption, strong authentication and reputation-based technologies.
- Prepare for the worst: Incident management ensures your security framework is optimised, measureable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises.
- Provide ongoing education and training to staff: Establish guidelines and company policies and procedures for protecting sensitive data on personal and corporate devices.
- Use strong passwords: Use strong and unique passwords for accounts and devices, and update them on a regular basis—ideally every three months. Never use the same password for multiple accounts.
- Be cautious on social media: Don’t click links in unsolicited email or social media messages, particularly from unknown sources.
- Know what they’re sharing: When installing a network-connected device, such as a home router or thermostat, or downloading a new app, review the permissions to see what data they’re giving up.
In Singapore, cyber-crimes are governed by the Computer Misuse and Cybersecurity Act, which governs offences including unauthorised access to computer material, unauthorised disclosure of an access code and the unauthorised use or interception of a computer service.
Cyber-crime is on the rise, with Singapore ranked seventh highest in APAC for digital extortion cases, according to a new study.