‘Would you expect to be able to prevent all crime in all cases?’: Why experts say cyberattacks are inevitable

‘Would you expect to be able to prevent all crime in all cases?’: Why experts say cyberattacks are inevitable

cybersecurity
(File Photo: AFP/Thomas Samson)

SINGAPORE: Cyberattacks have hit the headlines in the past week in Singapore, with a number of high profile incidents collectively affecting millions of people.

From the major cyberattack on SingHealth, to fraudulent transactions on customers’ iTunes accounts, to revelations that the Securities Investors Association (Singapore) was actually hacked some years ago, the issue has been the source of much discussion.

The attack on SingHealth has been called the biggest data breach in Singapore.

CSA press conference
Press conference on cyberattack on SingHealth's IT system.

The personal information of 1.5 million patients was stolen, along with the outpatient prescription records of 160,000 people.

Prime Minister Lee Hsien Loong was among those affected, and his personal particulars and outpatient prescription records were "specifically and repeatedly" targeted. 

What is so valuable about medical records?

Sid Deshpande, Research Director at Gartner who specialises in security infrastructure and services, gave this explanation in this week’s Asia Business First podcast: “The data contained in the entire healthcare record is more valuable than that of a credit card breach. You can always cancel or change a credit card once the breach is disclosed. 

"But in a health record, you have your national identity number, you have your bank account details, you have other types of e-governance details to spoof your identity and to conduct identity fraud, medical fraud and tax fraud.”

However, it is believed that the SingHealth data breach was the work of state-sponsored hackers.

Steve Ledzian, Technical Director for Asia with cybersecurity company FireEye, shared his thoughts on the matter.

“It does not look like this was the work of casual cybercriminals. It looks like it was likely to be the work of a sophisticated threat actor. In that case, the value of the data may not be for commercial or fraudulent financial purposes. But more for intelligence collection or espionage purposes.”  

Cyber criminals targeting victims in China have increasingly exploited technological advances to
Cyber criminals targeting victims in China have increasingly exploited technological advances to operate from countries such as Fiji in a bid to evade authorities AFP/GREG BAKER

Nevertheless, these incidents raise questions about how well-protected people's personal information really is.

According to Mr Deshpande, total prevention of cyberattacks is not possible.

“The problem is while you are in your bed sleeping at 4am in the morning, the attackers are up, trying their best to get into your environment. So, unless you are spending all your time on security, 24/7 – which is what organisations should be doing – you are not putting in an adequate effort commensurate with what the attackers are doing.”

Mr Ledzian had this analogy: “Would you expect to be able to prevent all crime in all cases? Of course not. From a cybersecurity perspective, you can prevent a lot of these breaches, but you cannot prevent all of them.

“The way that attackers attack – it is actually quite easy for them to break into a network. But the impact of that attack does not align to the moment they gain entry into the network. So while breaches are inevitable, the consequences and the impact of the breach do not have to be. 

"It is impossible to say, ‘Someone will never break into my house.’ But we can say, ‘If they do break into my house, I can react very quickly and I can stop them before they do any damage.’ ”

Mr Deshpande elaborated on how that might be achieved.

“While prevention is an important thing to focus on, detection and response is something that organisations and governments need to invest in. To make sure that once a breach happens, they are able to limit the impact and damage of it.”

FILE PHOTO: A screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symant
FILE PHOTO: A screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symantec, in Mountain View, California, U.S. May 15, 2017. Courtesy of Symantec/Handout via REUTERS/Files

He emphasized that the solution did not lie in buying more “shiny new technology”, but rather, focussing on the basics of security and risk management.

“There is no one-stop shop for this problem. If you look back to last year when we experienced a lot of security incidents around the world – particularly the Wannacry incident – the primary reason those organisations were breached is that they had not patched a vulnerability that the industry knew about for three months. 

"An attacker is not always looking for some newly-researched vulnerability. They are looking for the low-hanging fruit. They will first try methods that have worked in other areas and then they will move higher up the chain. So focus on the basics and you will make the attacker’s job more difficult.”

To listen to the full Asia Business First podcast, click here.

Source: CNA/wl(db)

Bookmark