How is preparing for cyberattacks like cooking chilli crabs?

How is preparing for cyber-attacks like cooking chilli crabs? Just ask Mr Khoong Hock Yun, chief digital evangelist at Singapore’s Infocomm Media Development Agency (IMDA).

“Some people have never cooked chilli crabs, but they have started shopping for ingredients. Some have bought the ingredients but are not sure what steps to take to cook it. Some have cooked the crabs but they didn’t turn out tasty. Some have read books on cooking, gone to cooking class and tried their hand at it several times before getting it right.

“Others went to the shop and simply bought their chilli crabs—the concept of outsourcing,” he explained, to much laughter from the audience at the CyberSecurity Forum 2017, held at the Mandarin Oriental Hotel on 13 October 2017.

The Forum, supported by IMDA and the Cyber Security Agency of Singapore (CSA), focused on cybersecurity for businesses. Indeed, cybersecurity preparations are as important to companies as chilli crabs are to Singaporeans, Mr Khoong noted.

Microsoft’s Security Intelligence Report 2017 showed that between 5.3 to 7.5 percent of Singapore firms encountered malware in some form. But these figures only reflect the detected cases--many more lie beneath the surface.

“One thing that we need to be aware of is that cyber-attacks do happen, and these threats should be seen as a new normal,” said Mr Khoong.

It’s not when, but how

“Some of us may say ‘Heng ah, we have never been attacked before.’ But it’s a little bit like crossing the road. We know that accidents can and do happen, yet we sometimes get absorbed in our WhatsApp chats as we cross the road,” said Mr Khoong.

“In the same way, when we are distracted, there is a higher chance that we might be attacked. Therefore, our attitude should be one of preparedness. The question is not when, but how.”

In 2010, while in charge of the IT systems for the Youth Olympics Games held in Singapore, it dawned on him that large events like this might make Singapore a major target for cyber-mischief—or worse, cyber-war.

“If some of the participating nations happened to be in conflict with each other, we may have be the ones to get affected, because we were hosting them. As some say, ‘when the elephants fight, the grass gets trampled,’” said Mr Khoong. “Singapore has to ensure the safety of the participating nations, many of which we are close to, as well as our reputation as a trusted hub.”

To address the issue, he met with several major content distribution network (CDN) providers to explore the possibility of them setting up a cyber-shield to defend Singapore against a possible distributed denial of service (DDoS) attack.

“The CDN providers were intrigued by the idea, as they had never thought of their structures being used in this way. So they did just what we suggested, and the rest is history. The Games went on smoothly despite the fact that we were cyber-targeted during the event. Moreover, the providers loved the idea so much that they created new product solutions that they have been happily selling since then,” Mr Khoong shared.

The moral of the story is that organisations must be aware of what the possible threats are and take proactive actions to defend themselves, he added.

The art of cybersecurity

In a subsequent keynote, Mr Yum Shoen Yih, deputy director of the Critical Information Infrastructure Division at CSA, spoke about Singapore’s defence strategy. He offered six cybersecurity must-dos inspired by the ancient Chinese military treatise The Art of War by Sun Tzu.

The first principle is that organisations must know their assets—be they software or hardware. “If you know yourself, at least you are able to plan and fight against the enemy,” said Mr Yum.

Second, only authourised software should be allowed to work, said Mr Yum. “It is not enough to just do application whitelisting; you need application control. For example, a product like Microsoft Word should only be allowed to do word processing, not any other functions like scanning and so on.”

The third tip is to reduce vulnerabilities via patching. The WannaCry attack, for example, exploited a vulnerability in Windows that Microsoft had already released a patch for.

In addition, accounts given to users in an IT system should always have restricted administrative privileges, stressed Mr Yum. This makes the attacker work harder.

The fifth must-do is monitoring. “The issue you are dealing with is not whether you will be attacked. You will—the question is when? Therefore you want to make sure that when you are breached, you know it immediately. This is why monitoring is important,” said Mr Yum.

Last but not least, multi-factor authentication is another way to make sure that only the good guys have access to the applications and resources within your organisation.

In cybersecurity, as in The Art of War, the enemy is human. “You are always going up against another human being, not a robot. A human will always be able to adapt, change and find ways to go around your security protections,” said Mr Yum. “When there is a breach, you must detect it quickly and have the ability to respond and recover after that.”