Cyber crimes are on the rise and especially prevalent during the global pandemic where hackers leverage the vulnerabilities of organisations for new opportunities through technology.
Hospitals, for instance, are more likely to pay ransoms to restore access to their servers. Similarly, criminals may believe that corporations grappling with economic turmoil or logistical crises will be similarly easy to manipulate.
3. Cybersecurity &
Cyber threats1
Growth of
Cybersecurity2
Cybersecurity
Process3
COVID-19
Impact4
Global &
Regional Scene5
Local Scene6
Links to Other
Technologies7
Masterlist & Poll
Analyses8
4. Cybersecurity
The Practice Of Defending Computers, Servers, Mobile Devices, Electronic
Systems, Networks, And Data From Malicious Attacks
Network security
Protecting computer networks from threats
such as malware or attackers1
Application security
Protecting software and devices from intrusion.
Compromised software and devices may allow
access to sensitive data and malicious control
of devices
2
Information Security
Protecting the integrity and privacy of data,
both in storage and in transit3
Operational Security
Processes for handling and protecting data
assets and permissions users have when
accessing a network
4
Disaster recovery and business
continuity
Disaster recovery: Restoration of operations
and information to return to normal operating
capacity.
Business continuity: Plans organisations fall
back on while trying to operate without certain
resources.
5
End-user education
Education of cybersecurity best practices to
the most vulnerable point in the cybersecurity
chain
6
5. Malware
Malware, or malicious software, is software
created by attackers to damage user’s
devices or disrupt computer systems and
networks.
Usually distributed through unsolicited
emails or online downloads.
Types of Malware:
• Virus: A self-replicating program that
attaches itself to clean files and spreads
throughout a computer system, infecting
files with malicious code.
• Trojans: Disguises itself as legitimate
software, tricking users into uploading
Trojans onto their computer where they
cause damage or collect data.
• Spyware: Secretly records user activity,
such as passwords and credit card
information
• Ransomware: Locks down a user’s files
and data, denying access and threatening
erasure unless ransom is paid
• Adware: Advertising software which can
be used to spread malware.
• Botnets: Multiple infected computers
gathered into a network for use by
cybercriminals
SQL
Injection
Exploits vulnerabilities in databases to
insert malicious SQL queries to obtain
sensitive data
Phishing
Uses legitimate-looking emails to ask
users for sensitive information such as
passwords and credit card information
3
Man-In-The-
Middle Attack
Intercepts communications between
endpoints and servers, usually on
unsecured networks, to obtain sensitive
data
Denial-Of-
Service Attack
Prevents computer systems from
fulfilling legitimate requests by
overwhelming networks and servers
with traffic
4
1
2
5
Cyber Threats
6. Growth of Cybersecurity
Cybersecurity Through The Years
First discovery of
a computer virus
– Creeper virus
First U.S. patent
for cybersecurity
- a cryptosystem
Birth of SSL that
allows for
purchase of
items online to
be done securely
Personal attacks
on credit cards
and identity,
major companies
began to arm
themselves with
more
sophisticated
security systems
Raising the bar
for compliance
with more
stringent
regulations.
Constantly
innovating and
using advanced
machine learning
and AI-driven
approaches
1970s 1980s 1990s 2000s Present
8. Cybersecurity Process
Protect
• Recover and restore
systems to operational
capacity
• Implement
improvements to
cybersecurity
framework
• Communicate with
stakeholders on
lessons learned
• Detect anomalies and
events
• Implement monitoring
capabilities
• Maintain continuous
monitoring processes
• Identity management
and Access Control
• End-user training and
education
• Implement
cybersecurity policies
• Employ cybersecurity
software
• Implement response
planning policies
• Analyse anomalies
and events
• Mitigate impact
• Review and improve
cybersecurity
framework
Detect Respond Recover
• Identify physical and
software assets
• Identify business
environment
• Identify cybersecurity
policies
• Identify asset
vulnerabilities
• Identify risk
management policies
Identify
9. Increased security
risk from remote
working/learning
There is a possibility
that an organization’s
unpreparedness will
lead to security
misconfiguration in
VPNs, thereby
exposing sensitive
information on the
internet
Exposed physical
security
Some employees
may work from public
spaces to utilize
power and free
internet facilities,
inadvertently
exposing confidential
information
May not effectively
detect cyber
attacks
Security teams may
be short-staffed or
repurposed to support
other activities,
leaving security alerts
uninvestigated
COVID-19 Impact
10. • Over 300,000 suspicious COVID-19 websites have
been created in March, which can potentially infect
endpoint devices with malware
• Could be detrimental for businesses when such
devices connect to enterprise networks, especially
with employees working remotely from their homes
Network security to
secure major wallet
share of the
cybersecurity market
• Endpoint security solutions secure remote devices
used in organizations from viruses and persistent
threats
• Enable continuous detection and response to
advanced cybersecurity threats and considerably
improve threat detection
Endpoint security
segment to show the
highest growth rate in
the cybersecurity
market
COVID-19 Impact
11. 70% of organizations will
increase investments in
cybersecurity solutions
Large-scale remote work
will continue to be the
norm, maintaining best
practices for securing a
remote workforce is vital
Leverage cloud
technology to secure
corporate, personal, and
mobile devices that
contain corporate data
COVID-19 Impact
12. Links to Other Technologies
Artificial Intelligence
• Feed data
into AI for
retrospective
investigation
• Flag suspicious
anomalies and
events
• Flag suspicious user
behaviour
• Sift through
programme code to
identify malicious
code
• Automate
handling of low-
level threats
• Automate
deployment of
cyber protection
processes
Detect Respond Recover
Benefits of AI:
• 99.7% Effectiveness
• 0.001% False Positives
• Reduces Helpdesk Call by 98%
• Extends Hardware Lifespan
• Reduces Network Bandwidth
2+ Trillion Activities Per Week
23 Million Hunting Leads
10,000 Suspicious
200 Alerts
Follow-
ups
7
AI
Humans
13. Outdated
hardware and
software
IoT devices don’t
get enough
updates, which can
become vulnerable
to attacks when
hackers find bugs
or security issues
Use of weak and
default
credentials
Many IoT
companies are
selling devices and
providing
consumers default
credentials with
them
Potential for
physical harm
Unlike traditional IT
devices, IoT
devices are
integrated with the
physical world and
IoT cyber attacks
could potentially
cause physical
harm
Links to Other Technologies
IoT Security - Challenges
14. Global & Regional Scene
Global Cybersecurity Market
151.67B
248.26B
2018 2023
CAGR 10.2%
Cloud is projected to be the most
lucrative segment and is expected
to grow at CAGR of 13.9% during
2018-2025.
Growth is mainly attributed to low
maintenance cost, which is highly
preferred by SMEs
15. Global & Regional Scene
Notable Cyber Attacks In The Millennium
• Personal identity information of ~ 110 million customers had been
compromised
• Cost of the breach was estimated at $162 million
Target
• 3 billion user accounts had been compromised
• Attack knocked off an estimated $350 million from its valuationYahoo
• 145 million user details were compromised
• Received criticism for lack of communication to users and sloppy
password renewal process thereafter
Ebay
• Records for 40 million employees had been stolen
• Sent shockwaves across the industry since RSA was considered as
one of the biggest security vendors
RSA Security
16. Global Cybersecurity Scene
Cybersecurity Market Growth
China
Increasing high
requirements for
network security due
to development of AI,
industrial internet and
5G
Japan
Growth is attributed to
the managed security
segment, where
enterprises are
showing inclination
towards Security-as-
a-Service model
Europe
Market growth driven by
increasing cyber
projects, rising demand
from manufacturing and
retail industries
Canada
Is the world’s 4th
largest Cybersecurity
innovator as
measured by VC
deals
India
increasing number of
malware attacks is a
significant factor
driving the adoption of
cybersecurity
solutions
South Korea
Use of cybersecurity driven
by increasing number of
connected devices,
advanced use of mobile
devices, and significant
intellectual property
17. Cybersecurity Trends
Cloud Security
• As organisations become increasingly dependent on the cloud, services
which are essential to operations are also deployed on the cloud. Threat
actors may target these cloud services to maximise their profit
5G
• 5G telecommunication network can be subjected to cyber-attacks in
traditional IT networks. Greater focus on security of mobile and IoT
devices are keys to enhancing the cybersecurity posture of the 5G
ecosystem
Rising importance of AI and machine learning
• AI and machine learning in cybersecurity will also determine if an account is
currently compromised or under threat of compromise.
Near-Term
Medium-
Term
Long-Term
18. Global Cyber Threats
POS Attacks
• Refer to the
compromise of
touchpoints such as
online shopping
websites.
• Separation of front-
and back-end servers
opens more
vulnerabilities for
exploitation.
Supply Chain
Attacks
• Grew by almost 80%
in 2018
• Third-party service
providers with access
to organization’s data
are often the weak
links targeted by
threat actors
Data
Breaches
• Exponential increase
in data breaches in
2019, compared to
2018
• Large amounts of
personal and
financial information
serve as attractive
targets for threat
actors
Mobile
Attacks
• Number of attacks
using banking
malware against
mobile devices
increased by 50% in
2019
• Due to increased
usage of mobile
banking applications,
providing lucrative
avenues for threat
actors to gain access
to such information
19. Local Case Study
Case Study On Supply Chain Attacks
What happened?
• In 2019, data stolen from an ICT firm was put up for sale on the
Dark Web. Investigations revealed threat actor accessed the
company’s corporate network through a vendor, then
compromised two systems related to customer care.
Follow-up Action
• Recovery measures included cleaning up affected network and
systems, disconnecting non-essential links of the network to the
vendor. Also re-evaluated its cybersecurity practices
Prevention of such attacks
• Organizations should ensure their systems are regularly patched to
address known vulnerabilities in their networks and systems
20. R&D funding for rapid
innovation
Attract world-class cyber
security companies
Support for local cybersecurity
companies
Estimated to be
US$889m in 2022
Local Cybersecurity Scene
Market Size
21. Most exposed
• Singapore faces the highest cybersecurity
risk in Asia-Pacific due to its high internet
adoption rate
Most Developed
• Co-Innovation and Development Proof of Concept program to
provide seed funding and support developments in the sector.
• MAS also introduced a $30 million grant to encourage financial
services companies to enhance their security measures.
Local Cybersecurity Scene
22. • Collaborated with VCs
to secure financing and
scale startups focusing
on cybersecurity
technologies
• Committed S$190
million to support the
National-
Cybersecurity R&D
Program
• Selected companies
will work with the
Cybersecurity Agency
to develop and deliver
cybersecurity
services
• Government intends
to work with the
firms to create jobs,
protect important
sectors and enhance
the city’s cyber-
security expertise
Attracting
leading
cyber
security
firms
Partnering
with local
security
firms
Offering
support to
start-ups
Financing
R&D
Local Cybersecurity Scene
Strategies to enhance cybersecurity sector
23. 6% are
Cybersecurity
related
companies
94% are non-
Cybersecurity
related
companies
58%3…
6%
MNC Non MNC Insufficient info
n = 19886 n = 1131
SafeChats
• A platform solution which
ensures a military-grade
security for business and
private communications
PhishnOw
• Phishing Simulation
Company, to ensure running
phishing exercises is simple
and affordable, with a
comprehensive package to
conclude an effective phishing
drill
Cybersecurity companies in SG
Masterlist Analysis
24. Masterlist Analysis
Industry Segments & Tech Areas
95%
79%
28%
13%
2%
IT Services
Software
Hardware
Telecom
Digital Content
% of Cybersecurity related
companies in specific industry
segments
1%
2%
4%
6%
18%
25%
Immersive
Media
MedTech
Blockchain
Deep Tech
A.I.
IoT
Frontier
A.I.
% of Cybersecurity related
companies in specific tech areas
n = 1131
25. Masterlist Analysis
HQ Location
n = 1058
IN
5%
CN
3%
SG
18%
UK
3%
US
16%
of Cybersecurity companies
have their headquarters in
Singapore
56%
26. Insights From Polled Companies
Distribution Of Local Manpower In Companies Doing
Cybersecurity Related Businesses
Singaporeans/
PRs
Foreigners
n=212
75%
Small Medium LargeMicro
70% 60% 80%
n=125 n=72 n=6 n=9
27. n = 189
≤5 6-10 11-100 101-200 >200
≤$1mil 34% 12% 6% 0% 0%
$1mil-<$5mil 5% 6% 15% 0% 1%
$5mil-<$10mil 4% 1% 5% 1% 0%
$10mil-<$50mil 0% 1% 7% 1% 0%
$50mil-<$100mil 0% 0% 1% 2% 0%
>100mil 0% 1%% 2% 1%
1%
generated a revenue of
less than $1 million in
their last financial year.
IndSights
52
percent
Following the general trend,
majority of the cybersecurity
companies fall into the profile of
≤$1mil and ≤5 employees.
Revenue and firm size profile of cybersecurity
companies polled
Insights From Polled Companies