Over a quarter of Aussies are now ready to use an internet-connected device, like a virtual assistant or connected fridge to make payments on their behalf, according to a new YouGov study commissioned by payment technology company Visa.
In September 2016, just 12% said they would do so, underscoring the growing adoption of digital payments in the largely tech-savvy nation.
Stephen Karpin, Visa’s group country manager in Australia, New Zealand and South Pacific, believes that internet of things (IoT) devices and biometric technology, combined with the use of artificial intelligence (AI), will also deliver more personalised experiences for consumers.
But this experience must be seamless for consumers. As futurist Anders Sorman-Nilsson notes, consumers will only use connected, AI-enabled devices to pay if the experience is easy, seamless and secure.
Many of the new payment methods are enabled by the use of biometrics as authentication – the most common example of this being the fingerprint scanner on a smartphone.
More than half of respondents surveyed by YouGov said they are comfortable using their thumbprint, voice or retina for payment.
According to the research, the appeal of biometrics is that it is more secure (45%), and that not having to remember a PIN/password (40%) is driving consumer adoption and readiness.
But while consumers are keen to embrace biometric authentication, less than half (39%) of respondents are willing to share their personal information in exchange for convenience in payments.
Karpin says this hesitance to share personal information in exchange for convenience is an important insight. “At Visa, we believe in responsible innovation – that is, ensuring that security is built in from the start and that no new technology or capability comprises the integrity of the payments ecosystem,” he says.
But it’s not just about making the entire payments ecosystem more secure. Concerns over the privacy of personal information can only be addressed if consumers know what their personal information is used for and how they are being protected.
Australia already has privacy laws that govern the collection and use of personal information and the regulations have been beefed up over the years to provide stronger enforcement powers.
Merchants will need to play their part, too, not only by playing by the rules, but to also understand that privacy protection can be a competitive advantage and a business opportunity – and not a cost centre as some might believe.
Belgium-based research institute IMEC has developed a platform that uses silicon photonics in high-speed optical links to support the growing bandwidth needs of cloud datacentres.
According to IMEC, which is holding a technology forum in Singapore in September 2017, the most advanced cloud datacentres are currently using optical links and transceivers with a capacity of 100Gbps. By 2019, this is expected to increase to 400Gbps, followed by 1.6Tbps by 2022.
This increase in demand for bandwidth requires a rethink of optical link technology. Not only do these links need to support a range of at least 500 meters, they also need to be made at a lower cost and in greater quantities.
In recent years, there has been growing interest in the use of silicon photonics to produce optical components for data links.
“The big benefit of this technology is that the optical components can be produced using the same advanced devices with which microchips are also made,” IMEC said.
“This makes silicon photonics components relatively cheap. Better still, they make a high integration density possible, while consuming less energy and guaranteeing a high yield,” it added.
According to 451 Research, the technology will also have a clear impact on large datacentre cost and enable new ‘rack-scale’ system and application architectures.
IMEC are not the only ones exploring the use of silicon photonics in optical data links. Intel, Oracle and IBM are doing so as well. In 2016, Intel unveiled its PSM4 silicon photonics optical transceiver that can deliver 100Gbps over a distance of 2km.
IMEC’s technology, however, is capable of supporting a bandwidth of 896Gbps, by integrating photodetectors and modulators on a single transceiver chip, and using space division multiplexing.
Besides data links, IMEC said silicon photonics also has strong potential for a variety of sensing applications, including Lidar sensors used by autonomous vehicles and chemical (spectroscopic) sensing.
In Singapore, a research team from the Institute of Microelectronics under the Agency for Science, Technology and Research clinched a President’s Technology Award in 2010 for their progress in developing silicon photonic devices with applications in high-speed optical interconnects and light-emitters.
As one of Southeast Asia’s “tiger cub” economies, Thailand has seen tremendous growth in the past three decades. Driven by its export-focused growth strategy, particularly in automobiles, Thailand’s GDP has expanded over 12-fold from $32.4bn in 1980 to $406.8bn in 2016.
However, like most ASEAN countries, much of this growth has been driven by foreign direct investments by global companies. While this has helped to build up local talent and expertise, there’s a need for ASEAN countries to start their own innovation engines, particularly in Thailand whose economy has suffered from political instability in recent years.
Which is why the launch of Thailand’s Strategic Talent Centre (STC) by the country’s Board of Investment (BOI) and five other government agencies this week is timely.
The STC will identify Thais and foreigners with specialised skills in science and technology in academia and government, as well as those under the Talent Mobility Project of the National Science Technology and Innovation Policy Office.
Essentially a platform for Thailand’s private sector to access skilled manpower in science and technology, the STC is part of efforts by the Thai government to build the country’s R&D capabilities under its “Thailand 4.0” policy that aims to create an innovation-driven economy.
Hirunya Suchinai, secretary general of the BOI, said: “We believe that there are many experts and specialists in Thailand but we never had a comprehensive database or information about them. The STC will take up this role and pull together extensive lists of these experts. This will not only match demand on manpower and supply of expertise, but will also promote links between the research sector and the private sector”.
In addition to matching services, the STC will also coordinate with government agencies to validate and recognise experts in science and technology. Foreign experts will also get access to an e-expert system run by a one-stop centre for visas and work permits.
While the STC may meet the short to medium-term needs of organisations looking for R&D talent, Thailand needs to beef up its education system and improve educational outcomes in the longer term as it transforms into a knowledge-based economy.
While school participation rates are high, the performance of Thailand in OECD’s Programme for International Student Assessment (PISA) falls behind that of peer countries.
In PISA 2012, for example, only 2.6% of Thai students were considered high achievers in mathematics and 1% in science. Making matters worse are the huge disparities in student performance between the well-off and socio-economically disadvantaged.
These problems cannot be resolved overnight. It takes not only political will on the part of the government, but also support and collaboration with educators and the science and technology industry to ensure that Thailand has enough local talent to realise its Thailand 4.0 vision.
With a tech-savvy population and a smartphone penetration rate of 150%, Singapore’s adoption of digital payments is abysmal. Cash is still king in the city-state, especially in the heartlands where credit cards are accepted only if you spend a certain sum.
There are a few reasons for this. For one, the transaction fee imposed by credit card companies does not make business sense for small merchants, especially if most of their transactions are micropayments.
Also, having too many choices is not always a good thing. While Singapore’s fragmented digital payments space offers consumers an array of payment options from telcos, banks, smartphone makers and the likes of EZ-Link and Nets, it also makes it hard for any payment provider to gain a critical mass of users necessary for widespread adoption by merchants and consumers alike.
Both the authorities and the payments industry realise this and are planning to make it easier for individuals and businesses to send and receive money.
Following efforts in rolling out unified point-of-sale systems that accept multiple payment options, the Monetary Authority of Singapore (MAS) will establish a forum for the payments industry and businesses to come together to discuss payment strategies as well as promote inter-operable payment solutions.
At the Association of Banks in Singapore (ABS) annual dinner this week, Singapore finance minister Heng Swee Keat revealed that the MAS has invited 18 senior leaders representing banks, payment companies, industry associations and businesses to form a Payments Council under MAS’ leadership.
Meanwhile, the ABS has rallied its members to develop PayNow, a system that enables consumers to transfer funds to each other using only their recipient’s mobile phone numbers or identity card numbers.
The system will make use of Singapore’s real-time Fast payment system for which transaction volumes have increased over the years.
The Singapore government is also looking to use PayNow to make payments directly to citizens’ bank accounts using their identity card numbers, Heng revealed. “In the future, we would no longer need to update each government agency one-by-one when we change banks,” he says.
PayNow should be welcomed by consumers, especially those who use peer-to-peer e-commerce platforms like Carousell to buy and sell products. Typically, such transactions require sellers to provide their bank account numbers to buyers, who would then have to go through multiple steps to transfer the funds online or at an ATM machine.
The next step would be to get merchants onboard, though this would have to be done with minimal friction to avoid putting off merchants that would have to deal with yet another payment option.
When one is confronted by a criminal or terrorist demanding a ransom in exchange for a loved one who has been held hostage, the general rule of thumb is not to pay up and go to the police.
That’s the sensible thing to do, lest you create more incentives for kidnappings and inadvertently finance terrorist and criminal groups. Why then, should individuals and organisations who have been hit by ransomware pay the perpetrators behind those attacks?
Yet, Nayana – a South Korean web hosting company – did just that, dishing out $1m worth of bitcoin to restore the websites and data of its customers that had been held ransom by the Erebus ransomware.
Sure, the business damage (think customer lawsuits) to Nayana of not doing would have been huge, but so would the damage caused by the negative press on the company’s poor cyber hygiene that opened the doors for hackers. Even if the customers got their data back, will they still continue hosting their websites with the company?
Nayana’s website was believed to be powered by older versions of Apache and the Linux kernel with known vulnerabilities that were possibly exploited by Erebus.
Why weren’t the vulnerabilities patched? Was Nayana using a community version of a Linux distro or an enterprise version supported by a vendor? These are questions that every organisation like Nayana needs to ask itself, not just in the aftermath of a cyber-attack but also in making technology decisions.
Cases like Nayana serve as a timely reminder – and a wake-up call for that matter – on the importance of maintaining a good security posture, like how you would exercise some common sense when you’re in a seedy neighbourhood.
In the digital world, things will only get worse with the proliferation of internet of things (IoT) devices.
Many IoT devices are susceptible to ransomware and it is likely that attacks targeting these devices will happen more frequently, says Mark Hearn, director of IoT security at Irdeto.
“When you throw in the potential target of connected cars, where high-profile hacks of a number of vehicles have been reported (impacting manufacturers like Tesla, Mitsubishi and others), it’s clear that action is imperative.
“Payment of these ransoms will only serve to encourage the attackers. Not only should companies avoid paying, they must take cyber security more seriously. Many of these attacks, including the WannaCry ransomware attacks that wreaked so much havoc last month, could have easily been avoided if organisations implemented a defence in-depth approach to cyber security.
“This approach involves many layers of security being implemented throughout the infrastructure, rather than simply protecting systems from the outside-in, in addition to a security in-depth strategy for endpoint devices, incorporating run-time integrity verification of the device,” he says.
More countries are rushing to make their cities smarter, by driving the use of technology – though that may not always be fully appreciated by citizens.
Take Singapore, one of the poster boys for smart city developments in Asia, for example. In a project involving the use of sensors to monitor the activities of seniors at home, it was found that the elderly had covered the sensors with towels out of privacy concerns.
In Yinchuan, China, completed residential and commercial buildings remain empty, even as the smart city promises to offer a better quality of life by automating many aspects of urban life, coupled with some good planning.
These are classic examples of what not to do in any smart city development – that is, not engaging citizens well enough to get their buy-in before rolling out a project. This often leads to white elephant projects, wasting resources that could have been put to better use.
Smart city planners could take a leaf from what some European countries have done.
Instead of a top-down approach to implementing smart city projects, Copenhagen in Denmark has residents installing sensors on their bikes to gather data on traffic. Why do they do this? To help fellow bikers avoid crowded areas, as well as the government in optimising road infrastructure.
This was only possible because the residents themselves see the benefits of those sensors, actively contributing to the project, and not because some city planner tells them that something is great.
Ultimately, smart cities, for their technology prowess, are all about improving the lives of people. That should not be forgotten as countries like Malaysia start to test technologies like mobile bus ticketing and cashless payments. Do citizens and businesses see the benefits of those initiatives? Will they be willing to participate in the projects?
Or, will the cost of embracing those technologies surpass any benefits they bring? These are important questions that can only be answered with a more citizen-centric, participatory approach to developing smart cities, and for any smart city project to have a whiff of success.
When StarHub’s residential fibre network went down in October 2016, the Singapore telco initially pinned the blame on distributed denial of service (DDoS) attacks brought on by internet of things (IoT) devices of customers that were compromised by malware.
Subsequent investigations by the authorities, however, revealed that the outage was caused by a surge in legitimate Domain Name System (DNS) traffic and did not point towards a DDoS attack. The flood in traffic eventually overloaded part of StarHub’s home broadband infrastructure.
Notwithstanding, this high-profile incident has underscored the clear and present danger posed by the use of IoT devices to launch DDoS attacks.
According to the findings of the recent Neustar Worldwide DDoS Attacks and Cyber Insights Research Report, more than 80% of surveyed organisations globally have been hit by DDoS attacks in the previous 12 months – an increase of 15% since 2016.
Furthermore, 85% of those attacked were hit more than once. “Worryingly, despite knowing the threats, companies still struggle to detect and respond to DDoS attacks effectively and efficiently,” says Robin Schmitt, Neustar’s general manager in the Asia Pacific (APAC) region.
In APAC, only 17% of organisations were able to detect an attack in less than an hour, compared to 25% in the US and Europe. The results are similar for response times, with APAC lagging behind. Ideally, Schmitt says companies should be identify and mitigate an attack in less than three minutes.
According to Schmitt, the dependence on internal skills and next generation firewalls, as opposed to specialised DDoS services and appliances, is a contributing factor to APAC’s less than stellar record of detecting and mitigating DDoS attacks.
When it comes to mitigating DDoS attacks, the first thing that comes to mind is clean pipe services that “scrub” malicious traffic off an organisation’s internet traffic, while allowing legitimate traffic to pass through.
However, Schmitt contends that clean pipe services delivered by network providers typically have limited scrubbing capacity and are mostly confined to attacks in layers 4 and 5 (in the OSI model), adding that it is common for larger attacks to be black-holed.
A better solution is to implement a specialised DDoS mitigation solution that gives organisations the choice of working with an on-site DDoS defence appliance, a cloud service or a hybrid solution.
“Appliances analyse incoming network traffic, allowing only clean, legitimate traffic to pass. Cloud-based solutions reroute traffic to scrubbing centres that are able to handle a high volume of traffic at both the network and application layers,” Schmitt says.
With DDoS attacks growing in scale and size, Schmitt advises organisations to examine the capacity of their providers’ scrubbing centres and whether they’re capable of handling modern DDoS attacks. Neustar, for one, has expanded its network capacity in APAC with a new 200Gbps node in Singapore, doubling its in-region capacity with additional large nodes soon to follow.
Having large nodes and a wide network of scrubbing centres are necessary for DDoS mitigation service providers to minimise network latency and as what Schmitt says, “redirect traffic to local scrubbing centres at the edge of the network, closer to the source”.
“By scrubbing a customer’s web traffic and redelivering it locally rather than having to be backhauled to a scrubbing centre that may be halfway around the world, we offset latency and restore network performance more quickly and effectively resulting in faster, more efficient in-region mitigation,” he says.
While Neustar’s service may address the limitations of clean pipe offerings, it is not enough. Besides having some common sense and practising basic cyber hygiene, organisations need to develop deeper understanding of cyber threats to defend themselves better.
As the StarHub episode shows, there’s still a lot more work to be done.
Conceived in 2014, Singapore’s National Health IT Masterplan is coming to fruition, with key projects such as the National Electronic Health Record (NEHR) system already in place.
This was revealed by Singapore’s health minister Gan Kim Yong earlier this week at the opening of the National Health IT Summit, a gathering of top medical and IT practitioners in the city-state.
The progress of the masterplan is laudable, given that it normally takes a more than a few years to rally an entire industry together on a single mission to harness IT to improve patient care and medical outcomes.
It also helps that Singapore’s healthcare sector is dominated by public healthcare clusters operated by a handful of government-linked service providers, making it easier to tackle challenges such ensuring the portability of healthcare records across otherwise disparate IT systems.
Indeed, the NEHR – and more importantly, the healthcare data it holds – is key to Singapore’s efforts to take its affordable, world-class healthcare system to the next level.
Besides giving physicians a “single version of truth” on each patient’s health condition (thus enabling better care), the NEHR’s repository of medical information is a gold mine for uncovering treatments for medical conditions that affect Singaporeans.
The Singapore National Eye Centre, for one, has started looking into the dropout rates for the use of glaucoma medications among Singapore patients, which could in turn lead to further investigations on the efficacy of those medications.
The National University Hospital System has also successfully made use of data to improve clinical practices, leading to a significant reduction in the number of patients requiring blood transfusions after a knee replacement surgery.
Another notable development in Singapore’s healthcare IT landscape is the use of robots to care for patients.
Prototypes of are currently being developed and could ease the manpower crunch that has been plaguing Singapore’s healthcare industry for years. While most people don’t expect robots to replace nurses, they could help with tasks like administering medications (thus eliminating human errors) and lifting heavy patients.
The Singapore government’s pragmatic approach in harnessing technology has always stood out for its laser focus on execution and outcomes, even if it means losing political brownie points from those displaced by technology disruptions.
As Gan said in his address: “Disruptions are often painful, but if the disruptions have the potential to bring about meaningful benefits to patients and their families, and to our healthcare system, we must not be afraid to allow them to take place. Better still, we should disrupt ourselves proactively before we are forced to do so”.
The lack of a major cyber security event is seen as one of the reasons for the indifference towards cyber security in many organisations. That event took place recently, with the WannaCry ransomware affecting organisations in over 150 countries. While basic cyber hygiene could prevent similar attacks, many individuals and organisations are still making the same old security mistakes.
Here’s a look at some of these mistakes highlighted by researchers from ESET, a cyber security firm, and what you can do to void them.
Too trusting of emails
Social engineering tactics are as old as the day is long, yet people keep falling for them. Today, phishing via email has become commonplace. Although criminals are improving the ‘quality’ of these emails, with some targeted emails looking incredibly authentic, most do not.
Keep yourself safe by carefully checking the recipient, the request and use some common sense. Also, be cautious of attachments, as they may be malware-infected. It’s important to check file extensions and to only open files deemed safe and from legitimate sources.
It won’t happen to me
Culture is arguably the biggest issue with security right now, and this has been the case for 20 years. CEOs think they won’t be targeted and citizens think much the same.
This complacency is misguided, and often results in poor security habits, with individuals and organisations treating, for example, password and Wi-Fi security not as seriously as they should.
This is despite the fact that good cyber security can be achieved easily, through good password hygiene, regular software updates, anti-virus and even password managers, VPNs and secure encrypted messaging apps.
Generic, guessable passwords can be easily cracked, opening a can of worms if the same password is used across several accounts. Brute-forcing passwords is increasingly fast and easy for criminals today equipped with either huge computing power, or access to buy such expertise on the dark web.
Weak passwords, such as 123456; password; 12345678; and qwerty remain commonplace, with many people failing to see how these ‘low-hanging fruit’ are an entry point for cyber criminals. According to Forrester, 80% of all attacks involve a weak or stolen password .
Dismissing software updates
Whether on desktop, laptop or mobile, there’s always another software update for our apps, operating systems or cyber security software. Interestingly, the constant pop-ups irritate us, with many people failing to understand just how important they are.
If we fail to update, we’re effectively leaving our software and devices vulnerable to attack, as cyber criminals look to exploit out-of-date flaws. Had the organisations affected by WannaCry properly configured automatic operating system updates, they might not have been featured on the victim list.
The cyber attack on the computer networks of the National University of Singapore (NUS) and Nanyang Technological University (NTU) last week has once again cast the state of Singapore’s cyber security into the spotlight.
According to the Cyber Security Agency, the attack appeared to be the work of advanced persistent threat actors who were looking to steal information related to government or research. The two universities have close research links with Singapore government agencies through projects such as self-driving buses.
The attack should come as no surprise. With the removal of Internet access from the work computers of civil servants, it was only a matter of time before hackers find creative ways to access government-related information through so-called supply chain vulnerabilities.
What this means is that instead of targeting victim networks directly, cyber attackers simply exploit any software or network loophole of a victim’s suppliers or partners to get to the victim itself.
This has long been a concern in cyber security circles, since it can be difficult for organisations to enforce or prescribe specific cyber security measures for suppliers and partners – beyond broad service level agreements. Prior to the NTU and NUS incident, groups such as APT10 have already launched campaigns to steal data from organisations via their managed service providers (MSPs).
Besides MSPs, SMEs (small and medium sized enterprises) that provide services to large enterprises are also prone to supply chain attacks. Many SMEs do not have dedicated IT departments, let alone security teams to fend off potential attacks.
So what can organisations do? For now, there are few standards that address cyber security issues related to the supply chain. The Payment Card Industry Data Security Standard (PCI DSS) is one of them. It not only offers vendor management guidelines, but also specifies safeguards such as the use of encryption.
More importantly, organisations should put in place a vendor management programme that includes identifying the most important vendors and requiring strict documentation of controls and processes. The programme should also be integrated with an organisation’s compliance practices. You can find out more in this guide by SANS Institute.
As for SMEs, the Singapore government has been working with industry bodies to promote awareness of cyber security among smaller firms in recent years. But it is uncertain if these awareness programmes have the intended effect, going by the data breaches that continue to make headlines.
Beyond awareness programmes, more tangible support is needed to improve the cyber hygiene of SMEs. This could take the form of a shared service where experts conduct annual cyber security audits for SMEs to determine areas that can be improved. This will also address the shortage of cyber security expertise that many SMEs are facing today.