Cyber attacks are becoming more complex, and all businesses are at risk, whether a tiny business starting out on its digital journey or a major multinational organisation with digitalised business activities. Singapore’s Cyber Security Agency recently launched a cybersecurity certification programme for businesses, which includes the Cyber Essentials and Cyber Trust marks, to recognise businesses that have implemented solid cybersecurity policies. Visible signs allow businesses to stand out and show that they have taken the essential cybersecurity precautions to safeguard themselves and their customers.
Singapore’s Ministry of Communications and Information (MCI) has encouraged all businesses to apply for the Cyber Essentials and Cyber Trust marks, as well as use the Cyber Safe website of the country’s Cyber Security Agency and maximise its toolkits and other resources.
The ministry reiterated that the owners of computers or computer systems designated as Critical Information Infrastructure (CII) must report cybersecurity incidents linked with CII to the Singapore Cyber Security Agency under the Cybersecurity Act (CSA). The Cybersecurity Act requires CII owners to implement measures to fulfil CSA cybersecurity standards. This protects CII from cyber threats and increases its cyber resilience.
Adherence to the act allows CSA to monitor and protect CII’s cybersecurity, which is critical to the delivery of important services. Even if the impacted systems have not been categorised as CII, CSA encourages them to report cybersecurity incidents to SingCERT at www.csa.gov.sg/singcert/reporting. The more the reporting the more CSA’s understanding of the current/recent risks which allows them to inform other businesses to reduce the chance of them becoming victims of similar cyber-attacks. Businesses and other organisations reported 1,238 cybersecurity incidents to the CSA in 2021 and the agency received 972 such reports in the previous year.
In addition to SingCERT’s warnings and notifications for non-CII businesses, CSA created the SG Cyber Safe Programme in 2021 to encourage and assist businesses in strengthening their cybersecurity posture. Additionally, the CSA has created cybersecurity toolkits for different types of businesses to guide them on the latest cybersecurity best practices.
Every company is different; thus its business needs and risk tolerance will differ. CSA has created customised cybersecurity toolkits that may be downloaded to help businesses take control of their cybersecurity. Such tailored initiatives assist local businesses in improving their digital security and cybersecurity posture.
The toolkits were also provided information on cybersecurity issues and threats, allowing businesses to implement cybersecurity measures that are relevant to their job roles, such as business leaders becoming bilingual in technical and strategic languages, IT teams understanding how to best implement cybersecurity within their organisation and employees adopting tips to address the most common threats they face.
OpenGov Asia reported that Tan Kiat How, Minister of State for Communications and Information, CSA has referred to recognised international standards, including the ISO 27001, Service Organisation Control 2 and the US National Institute of Standards and Technology, during the certification development process.
It also tested the certifications with businesses from a variety of industries. The certification helped pilot users discover their cybersecurity gaps and the instructions were made simple by the government to easily follow and apply. With this, customers will be able to see whether businesses have implemented robust cybersecurity measures and what actions they’ve done to prevent cyber-attacks, such as testing various scenarios and establishing a business continuity plan.