Singapore’s ability to fight a rising threat from hackers is hindered by a skills shortage and lack of awareness among companies, according to the computer security firm that runs a state-supported training center.
“We do see a lack of capability and capacity in skilled professionals, and that’s partly due to massive demand across the world that stretches an already small, existing pool of people,” Bryce Boland, Asia Pacific chief technology officer at Milpitas, California-based FireEye Inc. (FEYE), a cybersecurity firm, said in an interview in Singapore last week.
Singapore, a global financial center which relies on its image as a safe and stable location to lure business, has suffered high-profile online attacks on government websites and security breaches involving companies’ client data in recent months. Cybersecurity risks pose a challenge as the government steps up efforts to link public facilities and infrastructure for real-time data in Southeast Asia’s only developed nation.
“Organizations increasingly recognize that the approach toward cyber security must be organization-wide,” said Lyon Poh, head of IT Assurance and Security at KPMG LLP in Singapore. “However, they lack people with the experience to set up a comprehensive cyber security defense system to promptly detect and respond to cyber threats.”
FireEye’s center of excellence, a collaboration with Singapore’s Infocomm Development Authority, began in January. It trains cybersecurity professionals and develops malware detection and prevention. The number of cybersecurity professionals in Singapore fell to 1,200 last year from 1,500 in 2012, Boland said. That represents 0.8 percent of the city’s total information technology workforce, according to Bloomberg calculation using data provided by the authority.
Delays in adopting cybersecurity capabilities could result in a loss of $3 trillion in economic value by 2020 globally, The World Economic Forum said in a report in January 2014.
Target Corp., the Minneapolis-based retailer, was the victim of a massive data breach in December in which credit-card data for 40 million customers was stolen. In November, the website of Singapore Prime Minister Lee Hsien Loong was hacked. Earlier this month, the Singapore government said 1,560 online identification accounts used by residents to access services including personal income tax filings and pension savings statements had probably been tampered with.
Some companies remain resistant to the idea of improving cybersecurity measures amid a landscape of increasing attacks.
“Many times we try to explain to customers in terms of what is happening in the real world,” said Stephanie Boo, FireEye’s regional director for Southeast Asia. Customers sometimes say “this sounds really very much like a Hollywood movie plot,” she said.
While online threats have become more sophisticated in recent years, many organizations lack awareness and urgency to deal with them, said Boo.
Meanwhile, the business model of hackers has evolved, with the ability to buy and sell malware packages in black markets, which enables anyone to perform cyber espionage, she said. Malware is short for malicious software.
A “good zero-day attack” that exploits previously unknown vulnerabilities in a computer application can be bought for $750,000 on the black market, Boo said. Typical buyers range from governments to companies that “use it for cyber espionage or basically to get information about their competitors,” Boo said.
While hackers sent e-mails containing malicious attachments in the past, they now research their targets and their networks and interests before launching a targeted attack, a method that is common in Southeast Asia, FireEye’s Boland said.
“They are able to obfuscate and dynamically modify attacks so that each attack instance looks unique so it can’t be detected with signature-based technologies anymore,” he said.
With an increased awareness of the risks of attacks, the industry expects greater demand for cybersecurity in Singapore. FireEye forecasts global revenue will grow as much as 157 percent in 2014, Boland said.