apidays Singapore 2023 - Resilience to adaptability through digitisation
April 12 & 13, 2023
Securing and protecting our digital way of life
Veronica Tan, Director at Cyber Security Agency of Singapore
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
3. COVID-19 a major test of organisations’ resilience and adaptability
Digital transformation as a sustainable growth engine
3
Source – World Economic Forum
COVID-19 is pushing companies
4. Interconnectedness and increased digitalization has
put businesses onto a new trajectory of cyber threats
4
Source – “Verizon Data Breach Investigations Report 2022”, Verizon
RANSOMWARE HAS CONTINUED ITS UPWARD TREND
13%
SYSTEM INTRUSION INCIDENTS
SUPPLY CHAIN
RESPONSIBLE FOR
62%
HUMAN FACTOR CONTINUES TO
DRIVE BREACHES
82%
OF BREACHES INVOLVED HUMAN ELEMENT
5. Cybersecurity is one of the top risks that businesses
pay attention to
5
Source – “The Global Risks Report 2023”, World Economic Forum
Business
Severity by stakeholder over the short term (2 years)
6. Risk-based approach to cybersecurity helps organisations
that are at different stages of cybersecurity journey
6
Source – Enterprise Singapore
~200,000 enterprises
160,000
micro enterprises
30,000
small enterprises
8,000
medium enterprises
2,000
large enterprises
99%
RESOURCES FOR
CYBERSECURITY
High
Low
THREAT
LANDSCAPE
Volume
Sophistication
1%
7. CSA initiatives help organisations at different stages of
cybersecurity journey to raise cyber resilience progressively
7
AWARENESS
ACTION
ADOPTION
Cybersecurity Toolkit for
• Enterprise Leaders
• SME Owners
Cybersecurity Toolkit for
• Employees
• Personnel managing IT
Commercial Products/Services
Cybersecurity Certification
For organisations embarking in your cybersecurity journey
For organisations ready for
cybersecurity to be a
competitive advantage
8. AWARENESS
Cybersecurity as part of your business risk
management, not just a technical issue
8
Gap btw Business and Security Leaders
Large
Organisations
SMEs
SME OWNERS
SECURITY-FOCUSED
EXECUTIVES
E.g. CIO, CISO,
Chief Security Officer
BUSINESS-FOCUSED
EXECUTIVES
E.g. CEO, Board Director,
Chief Risk Officer
CSA Cybersecurity Toolkits
for Business Leaders
9. ACTION
Your employees as your first line of defense
9
Cybersecurity Culture
CSA
Cybersecurity Toolkits
for Employees
Large
Organisations
SMEs Cybersecurity Awareness
• Starts with awareness and includes everyone
• Grows with employees’ understanding of cyber
risks and their personal role and responsibility
1.
Protect
yourself from
phishing
2.
Set strong
passphrases
and protect
them
3.
Protect your
corporate
and personal
devices
4.
Report
cyber
incidents
5.
Handle and
disclose
business-
critical data
carefully
6.
Work on-site
and
telecommute
in a secure
manner
10. ACTION
Create cyber resilience across your supply chain
10
Cybersecurity
Certification
Concentration of Risks
When a shared service or
commonly used technology is
disrupted by attackers
Increasing Interdependence
Technologies that support businesses,
infrastructure and societies are increasingly
interdependent and vulnerable
Hardware
Software
Service
Provider
Your Organisation
11. ADOPTION
Cybersecurity as your competitive advantage
11
Customer questions
to Provider –
Are you Cyber Safe?
Source – “Global Cybersecurity Outlook 2023”, World Economic Forum, Jan 2023
90%
of respondents are concerned
about cyber resilience of
third-party organisations
Large
Organisations
SMEs
Typically have SMEs in their supply chain
Consider them as critical partners
When critical partners are taken out of action arising
from a cyber incident, the entire ecosystem,
including the larger organisation, is impacted
12. ADOPTION
Cybersecurity as your competitive advantage
12
CSA Cybersecurity
Certification for
Organisations
VISIBLE INDICATOR
of the
cybersecurity practices
implemented
BUILDS TRUST
with your customers,
provides assurance by being
“cyber safe”
COMPETITIVE
EDGE
for your business,
enables differentiation from
competitors
BENEFITS FOR ORGANISATIONS
13. Cyber Essentials mark
13
ASSETS SECURE/
PROTECT
UPDATE BACKUP RESPOND
Certification
Validity 2years
Assessment Mode
By independent
assessor
Desktop
assessment
FOR ORGANISATIONS THAT ARE EMBARKING ON THEIR CYBERSECURITY JOURNEY
• Recognition of good cyber hygiene for protection from common cyber attacks
• Simplifies cybersecurity by prioritising the measures to focus on first
14. Cyber Essentials mark helps you to stay protected
from the majority of common cyber attacks
14
15. Cyber Trust mark
15
MARK OF DISTINCTION FOR ORGANISATIONS WITH MORE EXTENSIVE DIGITALISATION
• Recognise organisations as trusted partners with robust cybersecurity
• Takes on risk-based approach to meet your organisation needs without over-investing
10 domains
13 domains
16 domains
19 domains
22 domains
Supporter Practitioner Promoter Performer Advocate
Certification
Validity
3years
Assessment Mode
By independent assessor
1.Documentation
2.Implementation and
effectiveness
17. Cyber Trust Risk Assessment
Assess your risk profile and cybersecurity
preparedness
17
18. Where are you in your cybersecurity journey?
18
Make cybersecurity your
competitive advantage
Implement cybersecurity
measures that are
commensurate with your
risk profile
Make cybersecurity
your competitive
advantage
Protect yourself from
common cyber attacks
Develop your
cybersecurity
health plan
Assess your cyber health
Recognise
cybersecurity as part
of your business
risk management
www.csa.gov.sg/
sgcybersafe
19. Cybersecurity is part of organisational resilience
and a collective responsibility
19
BE A TRUSTED PARTNER
With Cyber Trust and Cyber Essentials
Individual
Cybersecurity as our personal role and responsibility
Organisation
Develop cyber resilience
Be a trusted partner in the supply chain
Global
International collaboration and cooperation