In this increasingly digitalised world, Cybersecurity has become a critical concern for individuals, businesses, and organisations. The continuous evolution of technology can bring risks, so it is important to understand the importance of cybersecurity.
With the rapid development of the Internet, cloud computing, and Internet devices, cyber threats are becoming increasingly sophisticated and widespread.
Protecting sensitive data with cybersecurity measures is necessary to protect personal information, financial data, and intellectual property from unauthorised access, theft, or misuse.
Strong cybersecurity practices are critical for organisations to maintain operational efficiency, protect customer trust, and prevent costly data breaches.
Here are some of the most common cybersecurity threats:
What is Malware?
Malware, short for malicious software, is software specifically designed to disrupt, damage, or gain unauthorised access to a computer system. Malware covers a wide range of software, including viruses, worms, trojan horses, ransomware, spyware, and more, each designed with a unique purpose but with the common intent of damaging your system.
Viruses: Similar to biological viruses, computer viruses attach themselves to clean files and infect other clean files. These viruses can spread uncontrollably, impairing core system functions and deleting or corrupting files.
Ransomware: This type of malware is increasingly popular among cybercriminals. Ransomware locks users' files and data, and hackers demand a ransom to free them.
Spyware: This type of malware hides on your device, monitors your activity, and steals sensitive information such as bank details and passwords.
Here is an example of a malware attack that occurred in Singapore:
AXA Data Breach (2017): Singapore insurance company AXA was hit by a data breach caused by a malware attack, which exposed the personal data of 5,400 Singaporean customers.
Consequences of Malware
The consequences of a malware attack can be devastating and far-reaching. These can include system or file corruption, data loss or theft, financial loss due to ransom or fraud, decreased productivity, and potential damage to a company's reputation.
What is a Phishing Attack?
A phishing attack is a method of cybercrime where the perpetrator attempts to lure individuals into providing sensitive data such as personally identifiable information (PII), banking and credit card details, and passwords. This is done by posing as a trustworthy entity in digital communications, usually via email or instant messaging.
Examples of Phishing Attacks
Email Phishing: The most common form of phishing is where cybercriminals send fake emails that appear to come from a reputable source to steal sensitive data.
Spear Phishing: This is a more targeted version of phishing, where the email is designed to look like it comes from someone the recipient knows and trusts.
Smishing and Vishing: Phishing that is done via SMS (smishing) or voice calls (vishing).
Here is an example of a phishing attack that occurred in Singapore:
Lazarus Group Attack (2019): The notorious North Korean hacking group Lazarus Group targeted several organisations in Singapore with a powerful malware known as 'Hermes', which was delivered via spear-phishing emails. As of late 2019, the Lazarus Group has crippled hundreds of thousands, if not millions, of computers and stolen up to US$2 billion.
Consequences of Phishing Attacks
Phishing attacks can lead to identity theft, unauthorised purchases, theft of funds, or unauthorised access to sensitive business information. On a larger scale, phishing attacks can cause significant reputational damage to a company.
What is Social Engineering?
Social engineering is a strategy used by cybercriminals who use human interaction (social skills) to gain or break into information about their organisation or computer systems. An attacker may appear simple and respectable, perhaps claiming to be a new employee, technician, or researcher.
Examples of Social Engineering
Pretexting: This is when the attacker creates a false narrative or pretext to steal the victim's personal information.
Baiting: Baiting is similar to phishing and involves offering false promises to provoke the victim's greed or curiosity, encouraging them to divulge sensitive information.
Tailgating or Piggybacking: This attack involves someone who lacks the proper authentication following an employee into a restricted area
Here is an example of a Social engineering attack that occurred in Singapore:
Phone Scams Impersonating Government Officials (2019): A common scam tactic is for fraudsters to impersonate government officials over the phone. In 2019, the Singapore Police reported many cases of such scams, where the attackers claimed to be police officers or staff from the Ministry of Manpower. The scammers would then ask for sensitive personal information or money from the victims. At least S$5.3 million scammed by impersonation scams so far in 2019.
What is a Data Breach?
A data breach is an incident where information is accessed, retrieved, copied, or shared without authorisation. This can involve financial information such as credit card or bank details, personal information such as National Registration Identity Card (NRCI) or proprietary information.
Data Breach Example
SingHealth Data Breach (2018): The largest data breach in Singapore's history affected SingHealth, the country's largest healthcare group. Occurring between 27 June and 4 July 2018, this cyberattack led to unauthorised access to the personal information of 1.5 million patients. The stolen information included names, addresses, gender, race, and date of birth. Even Singapore's Prime Minister, Lee Hsien Loong, was specifically targeted in this attack.
Sephora Data Breach (2019): Cosmetics retailer Sephora suffered a data breach that affected its customers in Singapore, as well as other countries in the Southeast Asian region. Personal information such as names, dates of birth, gender, email addresses, and encrypted passwords were exposed. Sephora took immediate steps to mitigate the impact by canceling existing passwords for customer accounts and thoroughly reviewing their security systems.
RedDoorz Data Breach (2020): Singapore-based hotel management and booking platform. RedDoorz suffered a data breach affecting around 5.8 million users. Details such as full names, email addresses, phone numbers, hashed passwords, and booking details were leaked. The company immediately acknowledged the incident and urged customers to change their passwords.
Consequences of Data Breaches
Data breaches can have significant consequences, including financial losses, regulatory fines, potential litigation, and damage to an organisation's reputation. For individuals, data breaches can lead to identity theft or financial fraud.
To mitigate these cybersecurity threats, you should follow some of the following cybersecurity practices:
Use Very Strong Passwords and Authentication
Create unique and complex passwords and enable multi-factor authentication to increase account security. When creating a strong password, including a mix of characters is important to make it difficult to crack. A strong password should ideally include the following:
Minimum length of 12 to 15 characters, if permitted
A mix of uppercase and lowercase letters
Mix of numbers
Non-alphanumeric characters (symbols)
These steps are not strict rules but guidelines to help secure your online presence. Remember, the more complex and longer the password, the harder it is for cybercriminals to crack.
Here's an example of a strong password that follows these guidelines: ‘Tr0ub4dor&3Parad!se’
In this password:
It’s 18 characters long.
It uses both upper and lower case letters.
It includes numbers (0, 4, 3).
It includes symbols (&, !).
Note: this is just an example. Do not use this password, as it has been publicly disclosed and is not secure.
Perform Regular Software Updates
Keep your operating system, applications, and antivirus software up-to-date to patch vulnerabilities and protect against known threats.
Use A Secure Network Connection
Use an encrypted connection (HTTPS) when browsing websites, and be careful when connecting to public Wi-Fi networks.
Perform Data Backup and Recovery
Regularly back up critical data to offline or cloud-based storage solutions to reduce the impact of ransomware or hardware failure.
With the ever-growing threat of cyber-attacks and data breaches, the need for skilled cybersecurity professionals has never been greater. A career in cybersecurity offers exciting opportunities to protect individuals, organisations, and even countries from digital threats.
Cybersecurity has evolved into a staple component of any modern business structure. As threat after threat makes its way into the news, it is evident that companies need cybersecurity expertise.
A career in cybersecurity involves protecting computer systems, networks, and data from unauthorised access, breaches, and cyber threats. Cybersecurity professionals play an important role in protecting sensitive, identifying vulnerabilities, and implementing security measures. Here are some of the skills and benefits of a cybersecurity professional.
Cybersecurity Career Advantages
Demand for skilled cybersecurity professionals exceeds supply, thus providing a high level of job security and many career advancement opportunities. With cyber threats increasing exponentially, businesses, organisations, and even governments are constantly looking to protect their data. As a result, there is an increasing demand for cybersecurity professionals, a field that offers job security and significant career advancement opportunities.
Growing Demand in the Field of Cybersecurity
As digital transformation accelerates across the globe, the importance of cybersecurity is also rising in parallel. Industries ranging from healthcare to finance, retail to public services require cybersecurity measures to protect sensitive data. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million, further confirming the high demand for these professionals.
Career Advancement Opportunities in Cybersecurity
The field of cybersecurity is very diverse, with many specialisations and paths to progress. Here are some examples of potential career progression within the field:
Chief Information Security Officer (CISO)
You can get each of these explanations of careers in cybersecurity in this article “Cyber Security Salary Guide: 9 Highest-Paid Cyber Security Jobs”
Enhancing Job Security in Cybersecurity
The persistent shortage of cybersecurity professionals guarantees high job security. As an example for a career as a Security Analyst, according to the US Bureau of Labour Statistics, the job outlook for information security analysts, a role within the cybersecurity field, is projected to grow 35% from 2021 to 2031, much faster than the average for all occupations. This level of demand ensures that those with the skills and qualifications will get plenty of opportunities.
The field of cybersecurity not only promises a vibrant and dynamic career but also offers the satisfaction of being able to make a real difference in the world of data protection. As businesses digitalise and cyber threats continue to evolve, the demand for skilled cybersecurity professionals will continue to rise, making it a solid career choice for the future.
Cybersecurity careers are known for offering attractive salaries due to the specialised skills and critical nature of the work.
Protecting sensitive information, critical infrastructure, and individual privacy from cyber threats provides a sense of purpose and satisfaction.
The cybersecurity field offers a constant learning environment, with certifications, conferences, and professional development opportunities.
A career in cybersecurity offers a unique opportunity to contribute to the safety and security of the digital world. With an increasing demand for skilled professionals, a wide range of career paths, and competitive salaries, pursuing a career in cybersecurity can be a rewarding option.
By acquiring the necessary skills and keeping up with industry trends, you can position yourself by learning the skills for a successful and impactful career that continues to grow.
Secure Your Future
Do you want to know more about cybersecurity and what skills you should learn in-depth?
Register now and attend our Information Session for free to find out more about the industry and how CFC can help you kickstart your cybersecurity journey.