SINGAPORE – Health sensors, smart home appliances, even toys that connect to the Internet – the sheer boom of such Internet of Thing (IoT) devices are expected to exceed the number of smartphones in 2018, providing hackers with even more ways to spread their infection.
The influx of IoT devices could potentially be used as a “zombie army” to spread malware, without users realising their gadgets have been compromised.
How to keep such devices secure, and how far to regulate them, was one of the topics discussed at The Straits Times Global Outlook Forum on Tuesday (Dec 5).
The panel discussion, which highlighted the cyber challenges of today’s digital world, was moderated by ST’s senior technology correspondent Irene Tham.
It discussed the growing challenges in securing IoT devices, the global nature of cybercrime and the emergent threat of cyber warfare.
The panelists include Singapore’s defence cyber chief and chief executive of the Cyber Security Agency (CSA) David Koh; Mr John Lee, president of the ISACA Singapore Chapter; and Mr Richard Skinner, partner for strategy at PwC Singapore.
The ubiquity of IoT devices have prompted other countries such as Germany to impose bans on children’s smartwatches and Internet-connected dolls over spying concerns, as security in such devices are quite lax.
“Most IoT devices are consumer-driven and so security is not built into such devices,” said ISACA’s Mr Lee.
But government intervention and regulation is not always the answer.
“Regulations are only a stop-gap measure until device manufacturers make them safer by design,” said Mr Lee.
That these devices can be exploited so easily also points to the global nature of cybercrime, where attacks can be launched from anywhere in the world.
“Cyber doesn’t respect borders. In fact, cybercriminals deliberately target the seams, the differences between borders, to get away with what they do,” said CSA’s Mr Koh.
“The need for cooperation both within a country and across borders is essential,” he added.
Information-sharing is vital in instances where systems are compromised, said Mr Lee, as there are lessons to be learnt for everyone.
Government-to-government communication is important between global allies as well as regional cooperation, added Mr Koh. He highlighted Singapore’s role in the past two Asean Ministerial Conference on Cybersecurity, which brought together cyber defence ministers from across the region.
Businesses too cannot avoid cyber security as an essential C-suite necessity that top management have to be familiar with, stressed Mr Koh.
“Cyber is not a backroom issue. It’s a boardroom issue,” said Mr Koh.
“You can’t imagine a chief executive saying: ‘I don’t understand my company’s finances, please talk to my chief financial officer.’ But you will find CEOs saying: ‘I don’t understand cyber, I don’t understand IT, please speak to my chief information officer.'”
PwC’s Mr Skinner said the enemies that Singapore faces in the global cyber arena are widespread, said and spread amongst three groups.
There are those who do it for monetary gain, and those who are state-sponsored agents. But there are also those who perform cyber attacks “out of curiousity”.
“What’s interesting about those types are: can we harness them and bring them back to our work force?” he said.
But there are silver linings to be had despite all the challenges of cyber security.
Cyber security is not just a threat, but also an opportunity, said Mr Koh.
“We can follow the slipstream of Israel and build a vibrant and exciting cyber security industry.”
“There are two aspects: one, it’s a source of good jobs; in Singapore we are short of 1,500 cyber security professionals. Secondly, it is a source for the economy – I see no reason why we can’t create a vibrant cyber security industry in Singapore that services not just the local market, but for Asean and the Asia-Pacific.”
Titled ‘Facing the challenges of a new world order’, this year’s ST Global Outlook Forum was attended by more than 320 participants.