apidays Singapore 2023 - Securing and protecting our digital way of life, Veronica Tan, Cyber Security Agency of Singapore

Transcript

1. SECURING AND PROTECTING OUR DIGITAL WAY OF LIFE

2. None

3. 2 Image Source – businessillustrator.com CEO CIO COVID-19

4. COVID-19 a major test of organisations’ resilience and adaptability Digital

   transformation as a sustainable growth engine 3 Source – World Economic Forum COVID-19 is pushing companies

5. Interconnectedness and increased digitalization has put businesses onto a new

   trajectory of cyber threats 4 Source – “Verizon Data Breach Investigations Report 2022”, Verizon RANSOMWARE HAS CONTINUED ITS UPWARD TREND 13% SYSTEM INTRUSION INCIDENTS SUPPLY CHAIN RESPONSIBLE FOR 62% HUMAN FACTOR CONTINUES TO DRIVE BREACHES 82% OF BREACHES INVOLVED HUMAN ELEMENT

6. Cybersecurity is one of the top risks that businesses pay

   attention to 5 Source – “The Global Risks Report 2023”, World Economic Forum Business Severity by stakeholder over the short term (2 years)

7. Risk-based approach to cybersecurity helps organisations that are at different

   stages of cybersecurity journey 6 Source – Enterprise Singapore ~200,000 enterprises 160,000 micro enterprises 30,000 small enterprises 8,000 medium enterprises 2,000 large enterprises 99% RESOURCES FOR CYBERSECURITY High Low THREAT LANDSCAPE Volume Sophistication 1%

8. CSA initiatives help organisations at different stages of cybersecurity journey

   to raise cyber resilience progressively 7 AWARENESS ACTION ADOPTION Cybersecurity Toolkit for • Enterprise Leaders • SME Owners Cybersecurity Toolkit for • Employees • Personnel managing IT Commercial Products/Services Cybersecurity Certification For organisations embarking in your cybersecurity journey For organisations ready for cybersecurity to be a competitive advantage

9. AWARENESS Cybersecurity as part of your business risk management, not

   just a technical issue 8 Gap btw Business and Security Leaders Large Organisations SMEs SME OWNERS SECURITY-FOCUSED EXECUTIVES E.g. CIO, CISO, Chief Security Officer BUSINESS-FOCUSED EXECUTIVES E.g. CEO, Board Director, Chief Risk Officer CSA Cybersecurity Toolkits for Business Leaders

10. ACTION Your employees as your first line of defense 9

    Cybersecurity Culture CSA Cybersecurity Toolkits for Employees Large Organisations SMEs Cybersecurity Awareness • Starts with awareness and includes everyone • Grows with employees’ understanding of cyber risks and their personal role and responsibility 1. Protect yourself from phishing 2. Set strong passphrases and protect them 3. Protect your corporate and personal devices 4. Report cyber incidents 5. Handle and disclose business- critical data carefully 6. Work on-site and telecommute in a secure manner

11. ACTION Create cyber resilience across your supply chain 10 Cybersecurity

    Certification Concentration of Risks When a shared service or commonly used technology is disrupted by attackers Increasing Interdependence Technologies that support businesses, infrastructure and societies are increasingly interdependent and vulnerable Hardware Software Service Provider Your Organisation

12. ADOPTION Cybersecurity as your competitive advantage 11 Customer questions to

    Provider – Are you Cyber Safe? Source – “Global Cybersecurity Outlook 2023”, World Economic Forum, Jan 2023 90% of respondents are concerned about cyber resilience of third-party organisations Large Organisations SMEs Typically have SMEs in their supply chain Consider them as critical partners When critical partners are taken out of action arising from a cyber incident, the entire ecosystem, including the larger organisation, is impacted

13. ADOPTION Cybersecurity as your competitive advantage 12 CSA Cybersecurity Certification

    for Organisations VISIBLE INDICATOR of the cybersecurity practices implemented BUILDS TRUST with your customers, provides assurance by being “cyber safe” COMPETITIVE EDGE for your business, enables differentiation from competitors BENEFITS FOR ORGANISATIONS

14. Cyber Essentials mark 13 ASSETS SECURE/ PROTECT UPDATE BACKUP RESPOND

    Certification Validity 2years Assessment Mode By independent assessor Desktop assessment FOR ORGANISATIONS THAT ARE EMBARKING ON THEIR CYBERSECURITY JOURNEY • Recognition of good cyber hygiene for protection from common cyber attacks • Simplifies cybersecurity by prioritising the measures to focus on first

15. Cyber Essentials mark helps you to stay protected from the

    majority of common cyber attacks 14

16. Cyber Trust mark 15 MARK OF DISTINCTION FOR ORGANISATIONS WITH

    MORE EXTENSIVE DIGITALISATION • Recognise organisations as trusted partners with robust cybersecurity • Takes on risk-based approach to meet your organisation needs without over-investing 10 domains 13 domains 16 domains 19 domains 22 domains Supporter Practitioner Promoter Performer Advocate Certification Validity 3years Assessment Mode By independent assessor 1.Documentation 2.Implementation and effectiveness

17. Cyber Essentials Self-Assessment Assess your cyber hygiene 16

18. Cyber Trust Risk Assessment Assess your risk profile and cybersecurity

    preparedness 17

19. Where are you in your cybersecurity journey? 18 Make cybersecurity

    your competitive advantage Implement cybersecurity measures that are commensurate with your risk profile Make cybersecurity your competitive advantage Protect yourself from common cyber attacks Develop your cybersecurity health plan Assess your cyber health Recognise cybersecurity as part of your business risk management www.csa.gov.sg/ sgcybersafe

20. Cybersecurity is part of organisational resilience and a collective responsibility

    19 BE A TRUSTED PARTNER With Cyber Trust and Cyber Essentials Individual Cybersecurity as our personal role and responsibility Organisation Develop cyber resilience Be a trusted partner in the supply chain Global International collaboration and cooperation

21. THANK YOU