Heck, I'm hacked?
Security experts say Singapore companies are vulnerable to cyber attacks
Your company has been losing out to competitors for contracts, and you don't know why.
Then, you find out a rival has been undercutting your bids.
It is as if they knew your every move.
Then, you realise your poorly fortified computer systems have been hacked, but by then it is too late and you have lost another deal.
There have been a spate of cybercrimes committed here recently.
About 2,000 delegates attended GovernmentWare 2014, a three-day cyber security conference, a security conference organised by the Ministry of Home Affairs.
It ends today at the Suntec Singapore International Convention and Exhibition Centre.
The annual event, which is in its 23rd year, hopes to bring the public and private sectors together to tackle cybercrime.
TOUGH TO DETECT
Mr Ngair Teow-Hin, chief executive officer of data protection firm SecureAge, said scenarios like the above could happen and are difficult to detect.
He said: "For example, if they get their hands on your SingPass and NRIC, they can see confidential information about your company. Professional hackers have the means to do so.
"These type of hacking attempts are hardly detected because you won't even know they have hit you."
Ms Lam Sze Wei, business director of secure cellular networking company IT-DNS, said because of their ability to exploit vulnerabilities to steal sensitive data, hackers could potentially doom small and medium-sized enterprises (SME) which do not see the need for strong protection.
Said Ms Lam: "Thanks to the Internet, hackers are getting better because hacking tools are traded easily and methods are discussed openly.
"But to many SME, as long as their servers restrict access by user names and passwords, they think it's enough. They might not know of or have the budget for anything better."
Referring to some recent cybercrimes here, Mr Ngair said those were amateurish attempts.
Said Mr Ngair: "If professional hackers were to do a targeted attack on Singapore companies, I would say most of our companies here would fail.
"But the beauty of being in Singapore is that it is a small country, so we're not really on the radar of hackers."
He said that will change when hackers realise they cannot attack elsewhere.
And that is when Singapore must be prepared.
But are we late in the game?
Yes, said senior manager of technology John Qian of Tendyron Corporation, a company which makes two-factor authentication tokens in China.
The Chinese national said: "Compared to China, Singapore is much slower in adopting more secure solutions.
"The two-factor authentication tokens recently introduced in Singapore are not new, and China had already moved away from using them almost a decade ago to third generation solutions.
"Several Chinese or Russian hackers will be able to hack your company's website or servers in no time. What is important is for companies to realise that cyber security is not just a cost issue. It is a necessity that must be addressed."
"If professional hackers were to do a targeted attack on Singapore companies, I would say most of our companies here would fail."
- Mr Ngair Teow-Hin, chief executive officer of data protection firm SecureAge
"Several Chinese or Russian hackers will be able to hack your company's website or servers in no time."
- Senior manager of technology John Qian of Tendyron Corporation
SINGAPORE BUSINESSES ‘NOT SECURE’
Security experts at GovernmentWare 2014 told The New Paper:
- Singapore’s businesses are not secure enough, and the country is far behind in ensuring organisations know how to protect their IT systems well. One expert even said the state of Singapore’s cyber security is 10 years behind other countries, like China.
- Hacking attempts will become more frequent as the country becomes a more attractive target for these cyber criminals.
RECENT CYBER BREACHES
SEPT 18, 2014
The personal data of 12 M1 customers were accessed by one of its customers, who alerted the telecommunications company upon discovering it. The customer had found a vulnerability on M1's website that took pre-orders for the new Apple iPhone 6 and 6 Plus.
SEPT 16, 2014
Details of more than 317,000 customers of karaoke chain K Box Singapore were posted online by a group of hackers calling themselves "The Knowns". Personal data such as NRIC numbers, home addresses, mobile numbers and birthdates were leaked.
NOV 7, 2013
Pages on two websites of the Istana and the Prime Minister's Office were compromised by IT consultant Delson Moo Hiang Kng and ITE student Melvin Teo Boon Wei. They exploited a vulnerability in the Google Search bar embedded on the websites' subpage. Moo was fined $8,000 and Teo was given a year's probation.
OCT 28, 2013
The websites of the Ang Mo Kio Town Council, The Straits Times Blog, Seletar Airport and singer Sun Ho, among others, were hacked and their contents modified by a person who called himself "The Messiah". James Raj Arokiasamy was arrested in Malaysia last November and faces 158 charges of computer misuse.