Story image

Gartner analyses the SingHealth cyber attack: 'Now What?'

24 Jul 2018

With many Singaporeans reeling from the country's worst ever data breach that hit SingHealth and IHiS last week, Gartner research director Sid Deshpande has put together a commentary to address the impact of this serious breach of personal data and what Singapore needs to do to move forward.

1.          What happened?

Initial statements from authorities in the aftermath of SingHealth security incident indicate that a front end workstation was compromised, followed by privileged access credentials being used to access a database. Attackers are usually after administrator credentials because these often enable direct access to sensitive data.

Who are these cyber attackers and what do they want?

Medical records contain sensitive data that can be used for identity fraud, insurance fraud or tax fraud. So it is plausible that there was a financial incentive to it. Generally, information contained in medical records is more ‘permanent’ than financial information like credit card numbers – so this type of information likely fetches higher payouts on the dark web.

It could also be sponsored by nation states that have interests inimical to Singapore’s. Ultimately, the identity of the attackers isn’t that important in the bigger picture. Attribution is really difficult as far as security incidents are concerned and resources are better utilized in preventing such incidents from happening in the future rather than trying to accurately pinpoint which group did it.

3.          What needs to be done

Incidents like these highlight the importance of having defense in depth, or security controls at various layers of the technology infrastructure. An equal emphasis needs to be applied on application security, endpoint security, data security, web/email security and identity/access management to prevent or reduce the number of security incidents.

Preventative approaches need to be supplemented with good detection and response capabilities. Attackers usually intend to stay dormant in systems to avoid detection and cause further damage, so the fact that the breach was detected this early actually shows that the security teams in this case were actively monitoring systems to detect incidents.

4.          What does this major breach signal for a country like Singapore, where the government has already put a strong focus on security?

This breach reinforces the need for a continued focus on operational security best practices. Improving security maturity of a nation and its critical systems is not a one-time activity. Other nations have been affected by bigger breaches so Singapore is not alone in that respect.

One key takeaway is that placing the onus of responsibility on the end users or non-technical staff for poor security is not enough. Security teams need to put in place processes that can mitigate risks associated with intentional and unintentional violation of security best practices by technology users.

5.          Balancing Singapore’s need to become a Smart Nation and fighting the bands of cyber attackers

Security preparedness needs to be baked into every single digital project initiated by the government and critical industries. There has to be a realization that despite our best efforts, security incidents will happen and 100% prevention is impossible. Therefore, investments need to be made in improving detection and response capabilities, in addition to strengthening prevention.

Limiting the damage after a security incident occurs is critical – this is both in terms of quickly denying attackers access to sensitive resources once the breach has been detected and also in terms of protecting citizens from scams.

In the aftermath of a major breach involving citizen data it is very likely that malicious actors will try to capitalize on the general panic to try to get citizens to reveal even more personal information by way of impersonating authorities over the phone, SMS or email. Therefore, clear communication from authorities are extremely critical.

6.          What Singaporeans need to watch out for

The most immediate threats people will face is that of identity fraud, financial fraud and tax fraud. Data contained in healthcare records is more permanent than credit card information for example so citizens need to be alert to scams resulting from social engineering efforts.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.