Singapore cyberattacks mostly due to poor security practices by IT teams, says expert

Singapore Cyber Security
Singapore Cyber Security

This is the era when the entire world is exposed to the vast cosmos of the internet. People are using several applications and websites in their day-to-day life and hackers, who are hiding behind the computer screens know this.

When IBTimes Singapore talked to head of Research and Development, DigiCert, Avesta Hojjati, he mentioned that the hackers are so advanced that they can also use the artificial intelligence (AI) to conduct a cyber attack.

Avesta Hojjati
Avesta Hojjati, head of R&D at DigiCert

When he was asked about the series of cyberattacks in Singapore, the official at DigiCert said that if we look in general then all the previous attacks, targeting Singapore's private or government organizations occurred because of the poor security practices, by IT teams that include lack of or poor authentication, default passwords, and phishing and social engineering.

While referring to the Cyber Security Agency or CSA's Public Awareness Survey in 2017, Hojjati said many Singaporeans are still complacent when it comes to cybersecurity issues.

This survey also revealed that "one-third of the 2,035 respondents stored their personal passwords in their computers, wrote them down, or used the same password for personal and work accounts," said Hojjati.

He mentioned that on occasion, organizations will be a victim to more sophisticated cyberattacks, but those are rare compared to the number of data breach incidents that could have been prevented by using good security practices.

But Singapore, which is also one of the technologically developed countries in South-East Asia, faced two big cyberattacks, SingHealth and Singapore Red Cross recently. So when Hojjati was asked to describe the flaws which led to the cyberattack, he said, "both attacks happened because of small security oversights."

While continuing to explain these two major cyberattacks of the Republic, he gave some examples such as "weak administrator passwords were the cause of the Singapore Red Cross attack, while ignored warning signs of a potential breach and ill-secured servers were the causes of the SingHealth attack."

"Such oversights can cause huge security mishaps for companies and organizations throughout Singapore if cybersecurity is not taken more seriously," he added.

A few months ago Group-IB research revealed that several government agencies and educational institutions faced a huge cyber threat as hundreds of compromised credentials were put up for sale on the dark web. Even though DigiCert did not confirm any authenticity of the report, Hojjati mentioned that it sounds "credible."

He mentioned that credential and authentication-based attacks are very common and that's why it's important that "companies train their employees, enforce their security policies, and use the best authentication methods.

"Digital certificates can be an effective form of authentication that can happen behind the scenes with minimal user interaction, reducing the chance for error. When properly managed, digital certificate deployments can be highly effective. That's why many companies turn to third-party platforms from a certificate authority to help manage these certificates."

Singapore, which is celebrating its 54th National Day today, August 9, is among those global leaders with its Smart Nation initiative, which focuses on, Digital Economy, Digital Government and Digital Society. But, to make it a success, there are some basic things which should not be overlooked while connected to the internet.

Hojjati said it is important to "authenticate the connections between the devices, encrypt the data and only use software that has been cryptography signed from a reputable developer to prevent running malicious codes."

In addition, he also mentioned that "As a Smart Nation, some of the first steps should be to assess the risks of the devices being connected, decide whether they should be connected, and make a commitment to prioritize connected device security. Singapore should also implement a scalable PKI system using digital certificates to provide encryption, authentication, and integrity."