MCI response to PQ on Work of Cyber Security Agency of Singapore in Raising Cybersecurity Posture of Enterprises on Preventive Initiatives

Parliament Sitting on 2 August 2022

43. Mr Yip Hon Weng: asked the Minister for Communications and Information in light of the recent report that Singapore organisations are among the most targeted in the world by ransomware attacks, whether an update can be provided on the work by Cyber Security Agency of Singapore (CSA) in raising the cybersecurity posture of enterprises in Singapore, including focusing more efforts on preventive cybersecurity initiatives rather than to prioritise recovery.

1. The honorable MP may be referring to a recent article in the Straits Times (ST) entitled "S'pore organisations among the most targeted in the world by ransomware attacks, study finds". The headline is inaccurate. The report does not claim that Singapore enterprises are amongst the most targeted by ransomware actors in the world, nor was evidence presented to back up such a claim.

2. Singapore's cyber landscape mirrors that of the global cyber landscape. In recent years, there has been an increase in cyber threats, such as ransomware, across the world and in Singapore. Recently more digitalised and connected enterprises, such as MNCs, are based in Singapore. Local small and medium enterprises (SMEs) have also embraced digital technology to improve their productivity. These have led to a larger attack surface for cyber-attacks.

3. A strong cybersecurity posture is essential. CSA seeks to improve the cybersecurity posture of enterprises in Singapore through raising awareness, enabling adoption of cybersecurity solutions, recognising enterprises with good cybersecurity practices and developing cybersecurity professionals.

4. As SMEs tend to have limited IT and/ or cybersecurity expertise and resources, CSA and the Infocomm Media Development Authority (IMDA) offer SMEs pre-approved solutions under the SME Go Digital Programme. More than 6000 SMEs have benefitted from these cybersecurity solutions that provide endpoint protection, managed detection and response and unified threat management.

5. In March this year, CSA rolled out the Cyber Essentials Mark, to recognise SMEs that have implemented cyber hygiene measures, and the Cyber Trust Mark to recognise enterprises with comprehensive cybersecurity measures and practices.

6. Lastly, our cybersecurity rests heavily on the talent we have in Singapore. CSA works with schools, Institutes of Higher Learning and industry to attract, train and develop cybersecurity talents. Over the five years from 2016 to 2020, the number of cybersecurity professionals in Singapore has increased threefold to more than 10,700