A recent breach of the Singapore Personal Access system is indicative of the growing cyber threat facing the region, writes development director of the Asian unit of Lockton’s Global Technology and Privacy Practice, Angel Kuan
Singapore’s Infocomm Development Authority announced earlier this week that a total of 1560 IDs and passwords of SingPass users were improperly accessed, with hundreds of passwords being reset without permission.
SingPass is the central online point, or login, for an individual to access government services.
The authorities were alerted on June 3 and are currently investigating the incident.
This follows recent hacks of The Straits Times and other government websites last year. However, this time it was personal data that was compromised.
If governments are having issues with cyber security, the integrity of commercial systems is also likely being tested.
The good news is that the damage appears to be contained, but this should trigger warning bells about how vulnerable systems can be. Even an access point as important as SingPass is not 100% secure.
It is encouraging to see government institutions being open about these sorts of incidents. While commercial institutions may have more to lose financially in a major cyber-attack, they are also less likely to openly disclose such incidents.
But cyber security is something that needs to be taken seriously in Asia, and a culture of silence does nothing to improve overall security standards.
There is now a growing feeling that tighter cyber-security regulations are needed. The penalties for committing cyber-crime are becoming more serious, and it is only right that those who are in possession of sensitive personal and commercial data have an obligation to put in place appropriate security systems.
All around the world, liability for breaches of cyber security is moving from IT teams to senior management and directors. Businesses that treat cyber security as an ‘incidental risk’ are exposing themselves to severe penalties.
In Singapore, the upcoming implementation of the Personal Data Protection Act (PDPA) is the first shot across the bow. Companies should now look at insurance solutions that offer them first-party coverage for forensic expenses, voluntary notification costs, legal and PR expenses and more importantly, loss of income and extra expenses incurred for data restoration.
It’s time for Asian businesses to get their houses in order.