Breach Notification
,
Governance & Risk Management
,
IT Risk Management
Government Goes 3 Straight Years Without Experiencing a High-Severity Incident
The number of data security incidents affecting Singapore’s government sector remained stable in the 12-month period ending March 2023, and the number of medium-severity incidents marginally declined. Government officials said investments in security technology and culture are starting to pay off.
See Also: OnDemand | Start Secure and Stay Secure with Google Cloud
The Singapore government’s Smart Nation and Digital Government Office today published data security incident statistics for the financial year 2022, reporting a slight rise in the number of incidents affecting government departments, from 178 in 2022 to 182 over the same period in 2023.
SNDGO said the government has not suffered a single high-severity data security incident since 2020, and the number of medium-severity incidents declined from 52 in 2022 to 46 this fiscal year. The agency said “the acceleration of data-sharing amongst government agencies” is among the reasons for the overall increase in incidents.
The Singaporean government is in the process of fully implementing 24 cybersecurity-enhancing actions recommended by the Public Sector Data Security Review Committee three years ago.
As of March 31, the government has implemented 22 of the security recommendations, including enhancing a third-party management framework to ensure outside partners handle government data appropriately, establishing a central contact point in the Government Data Office to enable the public to report government data incidents, instituting organizational key performance indicators for data security and appointing the Digital Government Executive Committee to oversee public sector data security.
In 2022, the government completed the deployment of a data loss prevention tool across all government laptops and enhanced data logging and monitoring capabilities to prevent the accidental loss or unauthorized disclosure of government data to third parties.
“Enhancing public officers’ instincts and instilling a culture of excellence in using data securely is an ongoing effort,” SNDGO said, adding that the government continues to conduct engagement campaigns and workshops on data protection for public officers and recently refreshed the annual mandatory data security e-learning module “to emphasize the importance of personal data and data loss protection and classification of Whole-of-Government data.”
The government also rolled out a Central Privacy Toolkit in March, helping officials in 80 government agencies apply privacy-enhancing techniques to data sets and share them securely without running the risk of data exposure.
Lauro Burkart, vice president for cybersecurity services, APJ, at Sygnia, said the Singaporean government effectively maintained stable incident counts in key sectors over the past year and demonstrated commendable resilience in the financial and public sectors, but it is still too early to celebrate.
“We see a rapidly evolving threat landscape where both nation-states, as well as organized crime groups, are targeting organizations and critical infrastructure in the region as well as Singapore,” he warned.
According to Burkart, the government should now prioritize the security of operational technology environments and promote risk assessments and threat intelligence-sharing across industries. “The industrial, manufacturing and transportation sectors face an escalating threat landscape. Prioritizing OT system resilience and collaborative initiatives, in particular public-private sector collaboration, will safeguard critical infrastructure,” he said.
Burkart added that the government should collaborate with industry stakeholders to evolve and update cybersecurity regulations, such as the CCOP v2. This would protect against emerging threats and foster proactive compliance, he said.