Eyes on APAC

Jan 11 2019   8:27AM GMT

COI report offers stark reminder on cyber hygiene

Aaron Tan Aaron Tan Profile: Aaron Tan

Tags:

The Singapore government’s Committee of Inquiry (COI) that looked into the unprecedented cyber attack on SingHealth’s IT systems released a public report this week, detailing security lapses leading to the incident as well as recommendations to improve the public healthcare group’s cyber defences.

Although made in the aftermath of the attack and tailored to the operational environment of SingHealth, the recommendations included in the 425-page report equally apply to any organisation looking to shore up its cyber hygiene.

These include viewing cyber security as a risk management issue and not just a technical one, plugging security gaps in the network and end-point devices, enhancing employee awareness of cyber security, securing privileged accounts and boosting incident response processes.

Now, anyone in cyber security would appreciate the COI’s recommendations, but it is widely known that many organisations do not always adhere to them for various reasons, whether it is complacency on the part of management and cyber security teams, or the lack of resources.

In SingHealth’s case, it was a combination of factors – including the startling fact that a non-IT staff was tasked with managing the compromised server – that gave the perpetrators leeway to execute the typical cyber kill chain: infecting a PC with malware via spear phishing, establishing connections with C2 servers, and making lateral movements across a network before exfiltrating data.

While what happened to SingHealth was unfortunate, the incident – and the COI report – serves as stark reminder for organisations to take cyber security more seriously, and to avoid the fallacy that it could never happen to them. Remember, it takes just one loophole or an oversight for an attacker to breach a system.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: