• Home
  • About RSIS
    • Introduction
    • Building the Foundations
    • Welcome Message
    • Board of Governors
    • Staff Profiles
      • Executive Deputy Chairman’s Office
      • Dean’s Office
      • Management
      • Distinguished Fellows
      • Faculty and Research
      • Associate Research Fellows, Senior Analysts and Research Analysts
      • Visiting Fellows
      • Adjunct Fellows
      • Administrative Staff
    • Honours and Awards for RSIS Staff and Students
    • RSIS Endowment Fund
    • Endowed Professorships
    • Career Opportunities
    • Getting to RSIS
  • Research
    • Research Centres
      • Centre for Multilateralism Studies (CMS)
      • Centre for Non-Traditional Security Studies (NTS Centre)
      • Centre of Excellence for National Security (CENS)
      • Institute of Defence and Strategic Studies (IDSS)
      • International Centre for Political Violence and Terrorism Research (ICPVTR)
    • Research Programmes
      • National Security Studies Programme (NSSP)
      • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
    • Future Issues and Technology Cluster
    • [email protected] Newsletter
    • Other Research
      • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
    • Graduate Programmes Office
    • Overview
    • MSc (Asian Studies)
    • MSc (International Political Economy)
    • MSc (International Relations)
    • MSc (Strategic Studies)
    • NTU-Warwick Double Masters Programme
    • PhD Programme
    • Exchange Partners and Programmes
    • How to Apply
    • Financial Assistance
    • Meet the Admissions Team: Information Sessions and other events
    • RSIS Alumni
  • Alumni & Networks
    • Alumni
    • Asia-Pacific Programme for Senior Military Officers (APPSMO)
    • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
    • SRP Executive Programme
    • Terrorism Analyst Training Course (TATC)
  • Publications
    • RSIS Publications
      • Annual Reviews
      • Books
      • Bulletins and Newsletters
      • Commentaries
      • Counter Terrorist Trends and Analyses
      • Commemorative / Event Reports
      • IDSS Paper
      • Interreligious Relations
      • Monographs
      • NTS Insight
      • Policy Reports
      • Working Papers
      • RSIS Publications for the Year
    • Glossary of Abbreviations
    • External Publications
      • Authored Books
      • Journal Articles
      • Edited Books
      • Chapters in Edited Books
      • Policy Reports
      • Working Papers
      • Op-Eds
      • External Publications for the Year
    • Policy-relevant Articles Given RSIS Award
  • Media
    • Great Powers
    • Sustainable Security
    • Other Resource Pages
    • Media Highlights
    • News Releases
    • Speeches
    • Vidcast Channel
    • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
Facebook
Twitter
YouTube
RSISVideoCast RSISVideoCast rsis.sg
Linkedin
instagram instagram rsis.sg
RSS
  • Home
  • About RSIS
      • Introduction
      • Building the Foundations
      • Welcome Message
      • Board of Governors
      • Staff Profiles
        • Executive Deputy Chairman’s Office
        • Dean’s Office
        • Management
        • Distinguished Fellows
        • Faculty and Research
        • Associate Research Fellows, Senior Analysts and Research Analysts
        • Visiting Fellows
        • Adjunct Fellows
        • Administrative Staff
      • Honours and Awards for RSIS Staff and Students
      • RSIS Endowment Fund
      • Endowed Professorships
      • Career Opportunities
      • Getting to RSIS
  • Research
      • Research Centres
        • Centre for Multilateralism Studies (CMS)
        • Centre for Non-Traditional Security Studies (NTS Centre)
        • Centre of Excellence for National Security (CENS)
        • Institute of Defence and Strategic Studies (IDSS)
        • International Centre for Political Violence and Terrorism Research (ICPVTR)
      • Research Programmes
        • National Security Studies Programme (NSSP)
        • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
      • Future Issues and Technology Cluster
      • [email protected] Newsletter
      • Other Research
        • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
      • Graduate Programmes Office
      • Overview
      • MSc (Asian Studies)
      • MSc (International Political Economy)
      • MSc (International Relations)
      • MSc (Strategic Studies)
      • NTU-Warwick Double Masters Programme
      • PhD Programme
      • Exchange Partners and Programmes
      • How to Apply
      • Financial Assistance
      • Meet the Admissions Team: Information Sessions and other events
      • RSIS Alumni
  • Alumni & Networks
      • Alumni
      • Asia-Pacific Programme for Senior Military Officers (APPSMO)
      • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
      • SRP Executive Programme
      • Terrorism Analyst Training Course (TATC)
  • Publications
      • RSIS Publications
        • Annual Reviews
        • Books
        • Bulletins and Newsletters
        • Commentaries
        • Counter Terrorist Trends and Analyses
        • Commemorative / Event Reports
        • IDSS Paper
        • Interreligious Relations
        • Monographs
        • NTS Insight
        • Policy Reports
        • Working Papers
        • RSIS Publications for the Year
      • Glossary of Abbreviations
      • External Publications
        • Authored Books
        • Journal Articles
        • Edited Books
        • Chapters in Edited Books
        • Policy Reports
        • Working Papers
        • Op-Eds
        • External Publications for the Year
      • Policy-relevant Articles Given RSIS Award
  • Media
      • Great Powers
      • Sustainable Security
      • Other Resource Pages
      • Media Highlights
      • News Releases
      • Speeches
      • Vidcast Channel
      • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
  • instagram instagram rsis.sg
Connect

Getting to RSIS

Map

Address

Nanyang Technological University
Block S4, Level B3,
50 Nanyang Avenue,
Singapore 639798

View location on Google maps Click here for directions to RSIS

Get in Touch

    Connect with Us

      rsis.ntu
      rsis_ntu
      rsisntu
    RSISVideoCast RSISVideoCast rsisvideocast
      school/rsis-ntu
    instagram instagram rsis.sg
      RSS
    Subscribe to RSIS Publications
    Subscribe to RSIS Events

    RSIS Intranet

    S. Rajaratnam School of International Studies Think Tank and Graduate School Ponder The Improbable Since 1966
    Nanyang Technological University Nanyang Technological University

    Skip to content

     
    • RSIS
    • Publication
    • RSIS Publications
    • CO18013 | Cyber Threats: 2018 and Beyond
    • Annual Reviews
    • Books
    • Bulletins and Newsletters
    • Commentaries
    • Counter Terrorist Trends and Analyses
    • Commemorative / Event Reports
    • IDSS Paper
    • Interreligious Relations
    • Monographs
    • NTS Insight
    • Policy Reports
    • Working Papers
    • RSIS Publications for the Year

    CO18013 | Cyber Threats: 2018 and Beyond
    Shashi Jayakumar, Foo Siang-tse

    26 January 2018

    download pdf
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    Synopsis

    How are cyber threats evolving? What can be done to mitigate these threats? Are the solutions technical ones, or do they lie in human instinct and response?

    Commentary

    2017 WAS a watershed year with an unprecedented number of cyber hacks, leaks and data breaches. We believe 2018 will be worse, as attackers become increasingly creative with attack methods and increasingly destructive payloads that better target system vulnerabilities. Why is this so?

    Asymmetric Threat Landscape

    First, the threat landscape will continue to be asymmetrical. Threat actors have an edge over enterprises that are hard-pressed to staff up internal cyber security teams.

    State-sponsored actors and, increasingly, organised crime groups are well-funded, organised and resourced. They can afford to take their time to do research on their target, create the right malware and tailor their attacks to their targets. Even if they were to fail the first time, they can persist to try again and again at very little marginal cost.

    These entities are aided by the breathtaking rate of technological advancement. But attackers have also begun to acquire an increasingly deep understanding of human nature. This has manifest itself in more nuanced attacks that make use of social engineering and behavioural insights.

    What we have seen in recent years is the continued evolution of (and preference for) very complex and precise spear phishing campaigns, unlike spam or phishing e-mails which are mass attacks. A spear phishing campaign targets specific individuals, organisations or businesses, to collect sensitive information.

    It may take the form of a professional-sounding, personalised e-mail that makes use of personal data collected from public posts on social media sites and blogs to target subjects to lower their guard – to entice them to click on suspicious links or open documents that may be virus-contaminated.

    Hacking and Shadow Economy

    Hacking has created a shadow economy where data is bought and sold on the dark Web to organised cybercriminal syndicates. Data is the new oil. It is what threat actors are after, and what needs the most protection.

    This has birthed a booming shadow economy. On top of personal data, zero-day exploits (targeting vulnerabilities that the target has no awareness of) are also available for sale. Large botnets are available for rent, and so are services such as ransomware-as-a-service and DDoS-as-a-service. DDoS attacks – distributed denial of service — flood a target system with more traffic than it can handle, bringing it down.

    There is a market for exploits, which are attacks on computer systems made through a particular vulnerability of the system, and for trading these exploits. There is a growing number of actors trading such exploits which drives up supply.

    An iOS zero-day – an attack mechanism targeting previously unknown vulnerabilities in Apple mobile operating systems – can cost as much as US$1.5 million (S$2 million). It is no wonder that technically gifted programmers see the attraction of providing such services.

    Healthcare Industry Exposed

    In 2018, we will see an increasing number of extortionist attacks around the world targeting critical infrastructure. Transportation, energy and medical institutions are choice targets as a service outage can cause severe public backlash and, therefore, increases the possibility of a payout.

    In recent months, the healthcare industry has been a victim of more attacks. This is because of the value of healthcare data – such as medical histories – which can be used for a variety of cyber fraud.

    Cyber attacks will cost American hospitals more than US$305 billion over five years and one in 13 patients will have their data compromised by a hack, according to industry consultancy Accenture in a 2015 report. A 2015 study by Brookings showed that, since late 2009, the medical information of more than 155 million Americans has been exposed without their permission through about 1,500 breaches.

    Healthcare institutions are vulnerable partly because government regulations forced healthcare operators to adopt electronic health records and other advances even if they weren’t ready to adequately invest in security.

    Would-be smart nations should take note that mass adoptions of digital solutions do create a security nightmare, giving hackers an endless attack surface to target.

    Evolve to Stay Ahead

    So how should organisations respond? For swift detection and mitigation of threats, what is critical is round-the-clock monitoring of networks, applications and devices, through an in-house security operation centre or outsourced service. The next generation of security operations centres also need to incorporate big data analytics and deep machine learning capabilities to keep on top of the massive amount of data generated.

    At the operational level, the overall incident response framework must be routinely audited and strengthened. The incident response team must be drilled through specific skills training, table top scenarios, and full-fledged, realistic, red team-blue team exercises (blue team being the defenders; red team the simulated attackers). External assistance should be sought if there is a lack of internal skillsets or personnel.

    Singapore organisations especially need to take the threat of cyber attacks more seriously. A survey conducted by managed security services provider Quann and research firm IDC in June last year covered 150 senior IT professionals from medium to large companies based in Singapore, Hong Kong and Malaysia.

    The results showed that 40 per cent of the respondents do not have incident response plans for when they are being attacked and 67 per cent do not practise their incident response plans.

    Need for Comprehensive Strategy

    Cyber security requires a comprehensive approach that goes beyond the chief information security officer or head of information technology. The executive leadership must not see cyber security as a cost centre and an IT issue, but as an integral part of corporate risk management.

    Senior management and the board must understand the threat landscape and data protection strategies.

    Beyond the board and management, every employee matters. A Cyber Security Agency of Singapore 2017 survey showed that Singaporeans display risky behaviour that jeopardises their own and their company’s cyber security. It does not matter how advanced the corporate anti-virus is if employees indiscriminately download free but potentially malware-laden software from dubious sources. Every careless employee is an open door for hackers to exploit.

    With the number and complexity of attacks rising, enterprises need to stay on top of their cyber security preparedness.

    Effective cyber security is not about keeping up with the cyber security products arms race. Instead, it is about ensuring that seemingly mundane tasks, such as keeping patches up-to-date, ensuring that security hardware is maintained and managed well, and ensuring compliance with user policies and procedures, are performed well by human beings.

    Even with the best technology, the human factor plays a critical role in ensuring enterprises stay cyber secure. Firewalls must be kept up-to-date but the most important firewall is still the human one.

    About the Authors

    Foo Siang-tse is managing director of Quann, a managed security services provider. Shashi Jayakumar is Head, Centre of Excellence for National Security (CENS) and Executive Coordinator, Future Issues and Technology at the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University, Singapore.

    This commentary is written in memory of Mr Chng Ho Kiat, Director, Cyber Security and Resilience Division, Ministry of Communications and Information, who passed away on 24 January 2018.

    A version of this commentary first appeared in The Straits Times 26 Jan 2018.

    Categories: Commentaries / Country and Region Studies / Cybersecurity, Biosecurity and Nuclear Safety / Non-Traditional Security / Singapore and Homeland Security / East Asia and Asia Pacific / Global / Southeast Asia and ASEAN

    Last updated on 29/01/2018

    comments powered by Disqus
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    Synopsis

    How are cyber threats evolving? What can be done to mitigate these threats? Are the solutions technical ones, or do they lie in human instinct and response?

    Commentary

    2017 WAS a watershed year with an unprecedented number of cyber hacks, leaks and data breaches. We believe 2018 will be worse, as attackers become increasingly creative with attack methods and increasingly destructive payloads that better target system vulnerabilities. Why is this so?

    Asymmetric Threat Landscape

    First, the threat landscape will continue to be asymmetrical. Threat actors have an edge over enterprises that are hard-pressed to staff up internal cyber security teams.

    State-sponsored actors and, increasingly, organised crime groups are well-funded, organised and resourced. They can afford to take their time to do research on their target, create the right malware and tailor their attacks to their targets. Even if they were to fail the first time, they can persist to try again and again at very little marginal cost.

    These entities are aided by the breathtaking rate of technological advancement. But attackers have also begun to acquire an increasingly deep understanding of human nature. This has manifest itself in more nuanced attacks that make use of social engineering and behavioural insights.

    What we have seen in recent years is the continued evolution of (and preference for) very complex and precise spear phishing campaigns, unlike spam or phishing e-mails which are mass attacks. A spear phishing campaign targets specific individuals, organisations or businesses, to collect sensitive information.

    It may take the form of a professional-sounding, personalised e-mail that makes use of personal data collected from public posts on social media sites and blogs to target subjects to lower their guard – to entice them to click on suspicious links or open documents that may be virus-contaminated.

    Hacking and Shadow Economy

    Hacking has created a shadow economy where data is bought and sold on the dark Web to organised cybercriminal syndicates. Data is the new oil. It is what threat actors are after, and what needs the most protection.

    This has birthed a booming shadow economy. On top of personal data, zero-day exploits (targeting vulnerabilities that the target has no awareness of) are also available for sale. Large botnets are available for rent, and so are services such as ransomware-as-a-service and DDoS-as-a-service. DDoS attacks – distributed denial of service — flood a target system with more traffic than it can handle, bringing it down.

    There is a market for exploits, which are attacks on computer systems made through a particular vulnerability of the system, and for trading these exploits. There is a growing number of actors trading such exploits which drives up supply.

    An iOS zero-day – an attack mechanism targeting previously unknown vulnerabilities in Apple mobile operating systems – can cost as much as US$1.5 million (S$2 million). It is no wonder that technically gifted programmers see the attraction of providing such services.

    Healthcare Industry Exposed

    In 2018, we will see an increasing number of extortionist attacks around the world targeting critical infrastructure. Transportation, energy and medical institutions are choice targets as a service outage can cause severe public backlash and, therefore, increases the possibility of a payout.

    In recent months, the healthcare industry has been a victim of more attacks. This is because of the value of healthcare data – such as medical histories – which can be used for a variety of cyber fraud.

    Cyber attacks will cost American hospitals more than US$305 billion over five years and one in 13 patients will have their data compromised by a hack, according to industry consultancy Accenture in a 2015 report. A 2015 study by Brookings showed that, since late 2009, the medical information of more than 155 million Americans has been exposed without their permission through about 1,500 breaches.

    Healthcare institutions are vulnerable partly because government regulations forced healthcare operators to adopt electronic health records and other advances even if they weren’t ready to adequately invest in security.

    Would-be smart nations should take note that mass adoptions of digital solutions do create a security nightmare, giving hackers an endless attack surface to target.

    Evolve to Stay Ahead

    So how should organisations respond? For swift detection and mitigation of threats, what is critical is round-the-clock monitoring of networks, applications and devices, through an in-house security operation centre or outsourced service. The next generation of security operations centres also need to incorporate big data analytics and deep machine learning capabilities to keep on top of the massive amount of data generated.

    At the operational level, the overall incident response framework must be routinely audited and strengthened. The incident response team must be drilled through specific skills training, table top scenarios, and full-fledged, realistic, red team-blue team exercises (blue team being the defenders; red team the simulated attackers). External assistance should be sought if there is a lack of internal skillsets or personnel.

    Singapore organisations especially need to take the threat of cyber attacks more seriously. A survey conducted by managed security services provider Quann and research firm IDC in June last year covered 150 senior IT professionals from medium to large companies based in Singapore, Hong Kong and Malaysia.

    The results showed that 40 per cent of the respondents do not have incident response plans for when they are being attacked and 67 per cent do not practise their incident response plans.

    Need for Comprehensive Strategy

    Cyber security requires a comprehensive approach that goes beyond the chief information security officer or head of information technology. The executive leadership must not see cyber security as a cost centre and an IT issue, but as an integral part of corporate risk management.

    Senior management and the board must understand the threat landscape and data protection strategies.

    Beyond the board and management, every employee matters. A Cyber Security Agency of Singapore 2017 survey showed that Singaporeans display risky behaviour that jeopardises their own and their company’s cyber security. It does not matter how advanced the corporate anti-virus is if employees indiscriminately download free but potentially malware-laden software from dubious sources. Every careless employee is an open door for hackers to exploit.

    With the number and complexity of attacks rising, enterprises need to stay on top of their cyber security preparedness.

    Effective cyber security is not about keeping up with the cyber security products arms race. Instead, it is about ensuring that seemingly mundane tasks, such as keeping patches up-to-date, ensuring that security hardware is maintained and managed well, and ensuring compliance with user policies and procedures, are performed well by human beings.

    Even with the best technology, the human factor plays a critical role in ensuring enterprises stay cyber secure. Firewalls must be kept up-to-date but the most important firewall is still the human one.

    About the Authors

    Foo Siang-tse is managing director of Quann, a managed security services provider. Shashi Jayakumar is Head, Centre of Excellence for National Security (CENS) and Executive Coordinator, Future Issues and Technology at the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University, Singapore.

    This commentary is written in memory of Mr Chng Ho Kiat, Director, Cyber Security and Resilience Division, Ministry of Communications and Information, who passed away on 24 January 2018.

    A version of this commentary first appeared in The Straits Times 26 Jan 2018.

    Categories: Commentaries / Country and Region Studies / Cybersecurity, Biosecurity and Nuclear Safety / Non-Traditional Security / Singapore and Homeland Security

    Last updated on 29/01/2018

    Back to top

    Terms of Use | Privacy Statement
    Copyright © S. Rajaratnam School of International Studies. All rights reserved.
    This site uses cookies to offer you a better browsing experience. By continuing, you are agreeing to the use of cookies on your device as described in our privacy policy. Learn more
    OK
    Latest Book
    CO18013 | Cyber Threats: 2018 and Beyond

    Synopsis

    How are cyber threats evolving? What can be done to mitigate these threats? Are the solutions technical ones, or do they lie in human instinct and ...
    more info