The Singapore government’s Committee of Inquiry (COI) that looked into the unprecedented cyber attack on SingHealth’s IT systems released a public report this week, detailing security lapses leading to the incident as well as recommendations to improve the public healthcare group’s cyber defences.
Although made in the aftermath of the attack and tailored to the operational environment of SingHealth, the recommendations included in the 425-page report equally apply to any organisation looking to shore up its cyber hygiene.
These include viewing cyber security as a risk management issue and not just a technical one, plugging security gaps in the network and end-point devices, enhancing employee awareness of cyber security, securing privileged accounts and boosting incident response processes.
Now, anyone in cyber security would appreciate the COI’s recommendations, but it is widely known that many organisations do not always adhere to them for various reasons, whether it is complacency on the part of management and cyber security teams, or the lack of resources.
In SingHealth’s case, it was a combination of factors – including the startling fact that a non-IT staff was tasked with managing the compromised server – that gave the perpetrators leeway to execute the typical cyber kill chain: infecting a PC with malware via spear phishing, establishing connections with C2 servers, and making lateral movements across a network before exfiltrating data.
While what happened to SingHealth was unfortunate, the incident – and the COI report – serves as stark reminder for organisations to take cyber security more seriously, and to avoid the fallacy that it could never happen to them. Remember, it takes just one loophole or an oversight for an attacker to breach a system.
The plummeting prices of bitcoin may have dampened the mood of cryptocurrency investors, but that has not stopped proponents of the underlying blockchain technology from deploying real-world blockchain applications.
In 2018, more businesses across the Asia-Pacific region such as SunMoon started rolling out blockchain-based platforms to track their produce and other goods, and more importantly, to capture real-time information on order fulfilments and product quality.
Earlier in the year, Singapore-based Global eTrade Services (Gets) had also launched an open trade blockchain (OTB) network to boost cross-border trade between China and the rest of Asia.
These developments are expected to continue in the new year. However, in the IT realm, there are other areas that will be affected as blockchain becomes more prominent in 2019.
Convergence will occur between compliance, protection and security as businesses continue to address risks and exploit opportunity with the data they have access to. In the coming year, organisations that can effectively leverage blockchain will be the clear winners as technologies continue to converge.
“This makes blockchain ripe for the backup and recovery market because it can touch all pieces of data, stored in any location, Rajendran said.
“As long as data exists, the need to tap into that data will also exist – but who has access to this data will be the real determinant of blockchain’s power,” he added.
To that, Rajendran said individuals will need to be able to delete their data and access it when they like. Organisations will also want to use insights from the data to explore new opportunities. At the same time, both parties should be concerned with any threats from third parties, he said.
“Blockchain can provide a solution that enables all of the above. But before it can be widely adopted, factors such as people, legality, business, culture and more will need to be well aligned.
“In 2019, we will see more innovators experimenting with blockchain use cases that demonstrate many of the blockchain data protection benefits.”
Will 2019 be the year of the blockchain? Tell us your thoughts in the comments section below!
Being the world’s largest mobile market, China has unsurprisingly topped the charts when it comes to the growth in mobile data traffic.
According to the latest figures from Ericsson, mobile data traffic in China during the third quarter of 2018 grew close to 79% year-on-year – the highest rate since 2013.
In fact, the increased data-traffic-per-smartphone in Northeast Asia – mainly in China – has pushed the global figure notably higher.
And with traffic growth per smartphone of around 140% between end 2017 and end 2018, Northeast Asia has the second highest data traffic per smartphone at 7.3GB per month. This is comparable to streaming HD video for around 10 hours per month.
The appetite for mobile data is likely to increase once the first 5G networks are ready.
In Northeast Asia, 5G subscriptions are forecast to account for over 43% percent of mobile subscriptions by the end of 2024.
Of the 4.1 billion cellular IoT connections forecast for 2024, Northeast Asia is expected to account for 2.7 billion – a figure reflecting both the ambition and size of the cellular IoT market in this region.
Industry players have certainly taken note of the huge potential of 5G in China.
Ericsson, for example, had teamed up with Intel, China Mobile Research Institute and China Mobile Jiangsu Company to make the first multi-vendor standalone (SA) 5G New Radio (NR) call in June 2018, accelerating the commercial deployment of standard-based 5G networks.
More recently, rival Nokia announced that it has signed three separate agreements worth more than €2bn with China Mobile, China Telecom and China Unicom.
Under the agreements, Nokia will deploy technologies and services to improve performance in fixed and mobile broadband networks across China.
Mike Wang, president of Nokia Shanghai Bell, said: “We are excited to continue our close collaboration with these important customers in China, to drive new levels of network performance as they transition toward 5G.
“Leveraging the breadth of our end-to-end network and services capabilities, we will work closely with China Mobile, China Telecom and China Unicom to deploy technologies that meet their specific business needs.”
At IDC’s annual FutureScapes event this week, the APAC group vice-president of the technology analyst firm, Sandra Ng, took a shot at predicting the technology trends that will shape the things to come in 2019.
Among her predictions were the growing data management and monetisation capabilities, efforts to a harness APIs to build a developer and partner ecosystem, and the use of key performance indicators to measure the success of digital transformation efforts, among others.
Each of these trends underscores what many of us already know is the crux of digital transformation – to drive change across an organisation’s people and processes, undergirded by technologies such as cloud and mobile computing, artificial intelligence (AI), robotics and data analytics.
While these trends should not surprise anyone in the technology industry, what made Sandra’s presentation different this year was the ‘digitally determined’ APAC companies that she had highlighted.
These companies include Taiwanese bank O-Bank, which has 20% lower customer acquisition costs than its peers, a Hong Kong nightspot operator that uses facial recognition to gather insights about patrons, as well as Indonesian conglomerate Lippo which formed a separate digital unit that created the OVO mobile payment app.
But what captivated the audience most was the slate of Chinese companies highlighted during the presentation. From the WeChat super app that even street beggars use to solicit digital donations to insurance giant Ping An that is morphing into a tech supplier, China’s companies are clearly at the bleeding edge of innovation.
Led by China, which is now on more-or-less equal footing with the US in developing frontier technologies like AI, Asian companies are no longer playing second fiddle to their Western counterparts.
In fact, the depth and diversity of talent and ideas has drawn more venture capitalists to Asia, which according to KPMG, accounted for the majority of global venture capital investments in the third-quarter this year.
The Asian tech century is now upon us, and things will get even more interesting over the next decade.
Earlier this week, all members of Computer Weekly’s APAC CIO advisory panel gathered for the first time to share their thoughts on digital transformation and what the overused term means to them.
Kicking off the lively discussion, which was held at SAP’s office in Singapore, was MyRepublic CIO Eugene Yeo who remarked that digital transformation isn’t just about adopting new technology.
Just as important is the need for employees to embrace a mindset of change and this is already being demonstrated in how MyRepublic develops new applications with a DevOps mentality where changes are expected and not frowned upon.
Manik Narayan Saha, the CIO of SAP Asia-Pacific, and Kwong Yuk Wah, CIO of NTUC, were of the same view that digital transformation isn’t a new undertaking. In fact, digital transformation started at the dawn of computerisation in the 1960s when enterprises started using computers to run some parts of their operations.
The CIOs then went on to share more about how they managed an inter-generational workforce amid their digital transformation efforts, how they have been measuring the success of digital initiatives, and perhaps more importantly, their change management strategy.
In particular, Nigel Lim, a Singapore-based senior IT manager at a Japanese company, called for the need for corporate functions such as HR and finance to be better aligned with digital transformation efforts, which isn’t always the case.
Amid the rapid pace of change, these functions would need to relook the way they assess the financial returns of digital projects, fund new digital initiatives and hire talent who are increasingly drawn to more attractive job prospects in high-growth, emerging markets such as China.
We will be filing some stories on some of these discussions – including what the CIOs thought about bi-modal IT – but one thing is clear in the meantime: digital transformation, which may seem like a buzzword at times to some of us, is real and will only accelerate in the years ahead.
This is a guest post by Bhupendra Warathe, chief information officer for corporate and institutional Banking, information technology and operations at Standard Chartered Bank
As the world adopts real-time payments, creating massive volumes of instantaneous transfers in seconds, the challenge for banks has evolved from managing liquidity to managing velocity.
Digitisation is driving the growth and future of real-time payments. In Singapore, funds transfers between two local accounts can be done almost instantly. Hong Kong, which launched its near-instant payment scheme this month, may see bank-to-bank transfers completed just as quickly.
Such payments have not only created the need for 24×7 funds flows but also at higher frequencies. As a result, payments and treasury departments can no longer adhere to batch and daily processes, and the need to move to real-time systems is urgent.
While most of the development in fast payments has focused on domestic transfers between individuals with a capped sum, in some jurisdictions participants have included non-bank businesses such as remittance providers and e-commerce players. With the current pace of implementation, it is a matter of time that cross-border instant payments is fast becoming a reality.
Just earlier this year, Swift held exploratory talks with banks from the Asia-Pacific region about the development of a regional cross-border real-time payments system based on the Swift global payment system.
How do banks respond to the challenge?
The demand for instant liquidity, dynamic FX exposure management as well as the ability to process real-time cash flow and transaction data mean that banks have begun to deploy the combined strength of distributed ledgers, artificial intelligence (AI) and application programming interfaces (APIs) to transform into a highly effective, high-performing and value-added banking for clients.
The speed of real-time payments also makes it vital for banks to perform instant fraud and identity checks before the payment is sent. At Standard Chartered, these systems are supported by as many as 12,000 coders and technologists, and they now account for about 15% of the workforce. The numbers also underline the extent to which banking has become a digital business.
As we move forward, speed and agility are two critical factors driving success. In the past, software upgrades took place once in a few months, but with the rapid changes in today’s environment, the development of software, upgrades and deployment need to happen at a much faster pace.
DevOps is one way to deploy software into the production environment quicker. With this approach, testing and deployment processes are fully automated. New code is dropped into production while the system with the previous codes will still function, allowing the end-user to continue using the services.
A rapidly changing environment has also caused banks turned to partnerships to help them adapt quickly. In recent years, the concept of open APIs has become increasingly prominent in our industry. In the next three to five years, we project a massive integration of service providers’ platforms with banks leading the charge.
Open API-led transformations will enable banks to accelerate collaborations with outside organisations and third-party developers. Increased co-created systems will allow a bank to redraw the boundaries of the products and services it offers.
Banks need to change the way they operate
With ever-changing consumer needs, Agile ways of working can help banks embrace changing requirements. Agile software development, an approach based on iterative development that brings together small, cross-functional teams to develop solutions within weeks rather than months, allows a product to go live sooner. At the same time, a project that is not on track could “fail fast,” allowing the team to recalibrate and take a different course quickly.
The prevalence of technology in every aspect of our lives also means that IT cannot be a department that sits on its own in a corporation. As banking becomes a seamless digital process, IT professionals are now integrated with every banking department.
At Standard Chartered, besides having IT professionals across our 60 markets, four Centres of Excellence – two in India, one in Malaysia and one in China – support and provide expertise for our global operations. IT teams are now closely integrated with respective product/client solution teams for agile delivery.
Talent and resources are critical for any strategy. Besides having the best talent, there is also a need to be faster and more scalable. There is a progressive shift to cloud-based infrastructures which can connect with multiple platforms such as those of industry-specific clearing houses, e-commerce platforms, large commercial and government institutions.
Without a doubt, real-time payments are redefining the banking landscape. In the next few years, there will be a multi-fold increase in volumes, with clients expecting 24×7 availability and scalability to handle peaks and troughs.
We foresee intense competition for talent and resources, not just in the banking industry, but also with tech firms and telcos. A survival of the fastest, the organisations which can react to the change the fastest will be the true winners.
A Singapore startup that has developed a blockchain-based platform to connect farmers with global markets has turned to SAP’s S/4 Hana Public Cloud for its digital core.
Called CrowdFarmX, the startup will use smart contracts to connect farmers directly with wholesale distributors and retailers, helping them to gain a greater cut of the selling price.
Like many other food supply chain related blockchain platforms, CrowdFarm X’s platform will provide visibility of the agricultural supply chain to ensure food safety.
The startup will also equip farmers with technology knowhow, including the use of data analytics and internet-of-things (IoT) irrigation monitoring systems, to deliver higher-quantity and quality yields, potentially increasing net yield by up to 10 times and contributing towards global food sufficiency.
On the role of S/4 Hana Public Cloud, CrowdFarm X founder and CEO David Tan said the cloud-based suite will deliver “an intelligent and intuitive digital backbone that supports us to have more complete visibility of the supply chain and supports rapid scalability”.
Further, the startup will make use of the software’s enterprises resource planning (ERP) capabilities, from production planning and management of sales and distribution, to procurement and financial control.
The implementation is expected to go live in December 2018.
CrowdFarm X aims to attract 10 million Southeast Asian farmers to its platform in the next 22 years, starting with an initial goal to sign up 1,000 farmers in a pilot phase by 2020.
Its targets are bold, given that many supply-chain related blockchain applications are not yet proven in the market, along with the low technology adoption rates in the agriculture industry in Southeast Asia.
That said, the startup seems to have made some headway, having roped in partners to set up CrowdFarmX Food Cradle farming facilities in Indonesia, Thailand and Cambodia, with Myanmar and Vietnam in the pipeline.
Among the findings of the Committee of Inquiry (COI) that looked into the massive SingHealth data breach was the startling fact that a non-IT staff was tasked with managing the server which was exploited by the perpetrators to steal the personal data of 1.5 million people.
Taking the witness stand yesterday was Tan Aik Chin, a senior manager responsible for the cancer service registry at the National Cancer Centre, who admitted that he had limited understanding of IT security and had inherited the server from someone else.
And because the server was not directly managed by SingHealth’s designated IT supplier, Integrated Health Information Systems (IHiS), there was no visibility into its security posture, and whether or not it was patched regularly in accordance with existing security policies.
The server had in fact remained unpatched for 14 months, exposing software vulnerabilities that perpetrators latched on to install malware and facilitate their data exfiltration efforts.
This is an example of how shadow IT can pose a serious threat to IT security – not by way of having employees use their own software and computers to perform their jobs in the classic definition, but rather the lack of visibility and control over all IT assets operating in the shadows.
Perhaps it is time to rethink the current definition of shadow IT, which limits organisational thinking to unsanctioned systems and software used by employees for work. After all, the security risk posed by a corporate-owned system that operates in the shadows is just as high as that of personal devices.
Instead, the focus should be on improving the visibility over every system, device and application that touches a network, whether they are employee-owned or corporate-sanctioned ones.
Singapore’s National Environmental Agency (NEA) is roping in Alphabet life sciences research outfit Verily’s technology to separate male mosquitoes from female ones in an ongoing project to tackle dengue fever.
Dubbed Project Wolbachia, the multi-year project aims to curb the female mosquito population by infecting the dengue virus-carrying Aedes aegypti mosquitoes with Wolbachia bacteria that have been injected into male mosquitoes. The bacteria, transmitted during mating, would prevent hatching of mosquito eggs.
To control the precise distribution of male mosquitoes in targeted areas including the corridors of Singapore’s public housing blocks, the NEA will use Verily’s new automated release system, contained within a 1.3m x 1m cart, and lightweight enough to be pushed by an individual.
Verily’s release system should help to alleviate the challenges faced by the NEA in releasing male mosquitoes in high-rise and densely built urban environment – the mosquitoes moved easily from surrounding areas into the release sites, reducing the suppression effect of Wolbachia at release sites.
Additionally, Project Wolbachia will use Verily’s mosquito sex-sorting technology, which has been successfully used to separate male and female mosquitoes using a computer vision algorithm and artificial intelligence.
This will ensure that only Wolbachia-infected male mosquitoes are released into the wild, and prevent the build-up of female Wolbachia-Aedes mosquitoes that would have resulted from the release of fertile female Wolbachia Aedes mosquitoes over time.
Not doing so would could eventually result in Wolbachia-Aedes taking over as the dominant mosquito strain, and hamper the continued use of Wolbachia-Aedes mosquitoes to suppress the Aedes population in those areas, according to the NEA.
A study commissioned by Stripe has revealed that the Singapore economy has the potential to grow by S$1.6bn each year, if companies harness developer resources more effectively.
Conducted by Nielsen, it found that 90% of businesses in Singapore rely on software to launch products, demonstrating that most companies today are increasingly technology companies.
Presumably, this software refers to in-house applications built by internal development teams, given that over two-fifths of senior executives in Singapore said the lack of qualified software engineers and developers was one of their greatest challenges, more so than a lack of capital (34%).
At the same time, Stripe noted that businesses in Singapore are counting the cost of not using existing developer talent effectively enough, noting that “bad code” is costing local companies S$232m annually.
“Crucially, about a third of developers (32%) say that they’re spending at least half of their time reactively tackling “bad code” rather than working on strategic issues,” it said.
Out of all the countries surveyed, Singapore also had the highest number of developers (70%) reporting that the amount of time they spend on bad code was excessive.
In a statement on the release of the study, Stripe advocated the use APIs to automate peripheral business functions, speed up development time and improve developer productivity.
However, some companies like financial services firms may still need to fix the bad code on legacy systems, especially if these are systems of record, before they can implement an API strategy.
Unless a company is ready to rip everything apart and start building new applications from scratch, tackling “bad code” isn’t always counterproductive.