Given the rising number and increasing sophistication of cyber attacks, businesses here need to ensure that every member in their organisation is aware of the company’s cyber security protocols and adheres strictly to these rules, said Ms Jacqueline Poh, Managing Director of the Infocomm Development Authority of Singapore.

Speaking to some 200 delegates at the opening of the Governance Technology Audit Control Security Conference on 21 April, Ms Poh said, “Cyber security is no longer solely the problem of the IT department in any organisation. CEOs who ignore these risks often find themselves confronted with them after an attack.”

“Infocomm security measures and controls must evolve in HR policies, staff training and awareness. We cannot be complacent but our measures need to be realistic and practical, developing in tandem with our business needs and tech advances. Only then can we better mitigate cyber threats and provide a trusted and secure online environment.”

Depending on the nature of their businesses, organisations must first identify their most critical cyber threats and operational vulnerabilities so that they can direct attention and budget to mitigate these risks. Those in the manufacturing and creative industries who place significant value on their intellectual property, may view the possibility of industrial espionage as the biggest risk. For others in the logistics industry for example, this could be operational disruptions and sabotage.

She said the recent disclosure of the Heartbleed bug should be a wake-up call for the entire industry to remain vigilant. “Since the bug was virtually untraceable, users were left uncertain whether their information had been compromised and wondering if and when they were supposed to change their passwords. More damaging was the notion that the open source community could not be relied upon for the last two years to find and fix the bug.”

The Singapore government is also working to remain on top of these increasingly sophisticated challenges to maintain cyber security at the national level. Its Infocomm Security Masterplans from 2005 to 2013 were aimed at levelling up the public sector’s capability to deal with cyber threats and protecting the nation’s critical infocomm interests.

The government has also sought to transform infocomm security into a distinct profession and to build a critical pool of highly skilled professionals in this area. “Demand for cyber security expertise is expected to grow exponentially. As of 2012 there were only 1,200 IT security specialists in Singapore – just 1 per cent of our total infocomm industry manpower. IDA has been and will continue to work with Singapore’s institutions of higher learning to incorporate infocomm security courses and degree programmes into their curriculum to achieve this goal.”

Another IDA speaker at the conference was Mr Amos Tan, who was speaking as a member of the Personal Data Protection Commission. He outlined the steps his team has taken to strike a balance between protecting personal data and supporting the needs of businesses.

He said the Commission has been examining how data protection can be maintained given the growing reliance of businesses on cloud computing which involved moving data across national boundaries to be stored and analysed in countries which may have different protection regulations.

“The Personal Data Protection Act is aware of the need to transfer data out of Singapore for cloud computing and other business needs. Hence the Act has provisions for these corresponding data transfers. Organisations will be able to transfer data and still meet the requirements under the Singapore regime. However data protection in other countries is subject to different protection rules and organisations storing data on clouds need to be aware of these differences in each of the regimes.”

Similarly the growing use of Big Data by a number of organisations has also raised pubic concerns over privacy, said Mr Tan.

“On one hand Big Data thrives on the collection of data from different sources and for different purposes. On the other hand, data protection principles are set to limit the use of data to the purposes for which consent has been obtained. Often the lack of openness of the organisation’s data capabilities gives rise to misconceptions of the organisation’s data practices and does not foster trust or support for the organisation’s Big Data activities. This may have a repercussion on Big Data in the longer term as the lack of trust could increase the reluctance of individuals to consent and participate in many of these data activities.”

He urged companies to win over customer trust by putting in place strict data protection protocols and look beyond the mere compliance with the Personal Data Protection Act.  “In the short term organisations would inevitably need to put in resources to make those changes to comply with the Act. But they should look beyond compliance and costs for long-term benefits and to gain a competitive advantage. They should see personal data protection as a key business strategy. Organisations who can gain consumer trust will often reap commercial benefits.”