Chai Chin Loon, senior director of the cybersecurity group of Singapore's Government Technology Agency (GovTech), speaking at the Computerworld Singapore Security Summit 2017.
"As threats grow in scale and sophistication, our approach in addressing them must evolve too," asserted Chai Chin Loon, senior director of the cybersecurity group of Singapore's Government Technology Agency (GovTech). He was speaking at the recent Computerworld Singapore Security Summit 2017.
One notable cyber threat is a Mirai, a malware that automatically finds Internet of Things (IoT) devices to infect and turn them into botnets that can be centrally controlled. The more than 500,000 infected IoT devices were then used for distributed denial of service (DDoS) attacks on companies including Dyn last year.
Since Dyn provides domain name systems for many online sites, the DDoS attack on it caused popular online sites, like Twitter, Amazon and AirBnB to become temporarily unavailable, said Loon.
He thus stressed the need for organisations to start "thinking about security holistically. Organisations need to be able to prepare, prevent, detect, respond and learn."
He added that businesses need to adopt the security-by-design approach. This means that security is one of the early considerations when designing and building the products, instead of treating security as an add-on to a developed solution.
To do so, Chai advised IT and cybersecurity professionals to:
- Develop risk-based security policies.
- Adopt industry best practices and established standards for security controls in the design process.
- Use static application security testing and implement secure coding practices when constructing the product.
- Separate staging and production environments, as well as automate security testing within continuous integration during deployment.
- Conduct penetration and security acceptance tests, as well as vulnerability assessment.
End users have a role in cybersecurity too. They need to practise good cyber hygiene by securing and patching their IoT devices regularly. They should also report potential breaches and suspicious events as soon as they spot any, to their IT/cybersecurity teams, said Chai.
Other stories from the Computerworld Security Summit Series 2017:
- [Singapore] GlaxoSmithKline's Winston Chew: What is Singapore doing to step up its cybersecurity game plan?
- [Singapore] UBS' Christian Karam: How has ransomware evolved over the years?
- [Singapore] Singapore Institute of Technology's Steven Wong: How Asian organisations can develop an effective incident response plan
- [Singapore] Defending against the new wave of cybersecurity threats
- [Singapore] Singapore Fintech Association's Chia Hock Lai: Why should security professionals pay attention to the rise of fintech?
- [Singapore] How Asian organisations can avoid becoming WannaCry’s next prey
- [Malaysia] Combatting cyberattacks with a strategic mindset
- [Philippines] DICT's Allan Cabanlong shares Philippines' cybersecurity game plan
- [Philippines] Jollibee's Frank Vibar: Why Digital Risk Officers are necessary for digital transformation
- [Philippines] Asian Development Bank's Alain Duminy: Taking a bi-modal approach to IT governance
- [Philippines] How IT leaders can get everyone involved in cybersecurity
Sign up for CIO Asia eNewsletters.