Data Breaches in Singapore Spur Increased Cybersecurity Measures
The nation consistently ranked as one of the safest in the world – Singapore – was recently rocked by a series of serious data breaches. Serious enough that the government formed a new committee to adopt and promote new measures for cybersecurity, building on the 2018 formation of the country’s Cybersecurity Act.
The Public Sector Data Security Review Committee took a hard look at 94 of Singapore’s government agencies and found that two out of three systems had at least one non-compliance issue with the previously established data management policies and standards. After an eight-month review, including looking at best practices from other countries in relation to healthcare and finance, the committee recommended:
- Improving technology and processes for data protection
- Improving detection and response to data incidents
- Raising data security competencies and instilling a culture of excellence
- Accounting for data protection at every level of the public sector, including third-party vendors
- Ensuring a continuous approach to improving data security
The committee also recommended three immediate measures to improve data security, including having a data file integrity verification system, strengthening password and encryption requirements, and introducing prompts before public officers send emails with sensitive data.
Related reading: Why You Should Incorporate Managed File Transfer into Your Cybersecurity Strategy
The timeline? According to Senior Minister and Coordinating Minister for National Security, Teo Chee Hean, all recommended measures of the committee should be deployed by year-end 2021 across 80 percent of government systems with the rest to be complete by year-end 2023.
What Spurred Singapore’s Increased Attention to Data Security?
A few very high-profile breaches caught the government’s attention. There were more of course, but these three were the headline makers and the ones causing the public to mistrust the government and its ability to safeguard its citizens’ personal information.
- In July 2018, the records of 1.5 million SingHealth patients, including that of Prime Minister Lee Hsien Loong – were accessed and copied. To-date, this was the most serious breach of personal data in Singapore’s history.
- The start of 2019 saw an online leak of more sensitive health data, when the HIV-positive status and personal information of 14,200 people was leaked from the nation’s HIV registry.
- And, shortly thereafter, the Health Sciences Authority announced that the personal information of 808,201 blood donors was exposed online for more than two months, due in part to mishandling by one of its third-party vendors.
The committee discovered the most common cause of the major breaches was due to mismanagement and poor monitoring of user accounts, user access reviews and unencrypted emails sent containing highly sensitive data.
According to an IBM Security report conducted by Ponemon Institute, “inadvertent” breaches brought about by human error and system glitches account for 49 percent of data breaches.
Related reading: Are These Users on Your Organization’s Security Watch List?
Managed File Transfer Can Boost Cybersecurity Efforts
With a committee in place, the support of government officials, and a new awareness of cybersecurity vulnerabilities, Singapore is taking a hard look at its cybersecurity options to improve the situation. One possible robust solution to add to their defense is managed file transfer (MFT).
MFT can automate and secure file transfers through a centralized enterprise-level approach. The software can improve security, save organizations both time and money, simplify server-to-server file transfers, and help meet governmental, organizational and applicable compliance requirements.
Related reading: How to Prevent Data Breaches with MFT | Checklist and Plan
Ready to find out how MFT can help you prevent a data breach at your organization? Check out our whitepaper.
Defending Against Data Breach
