When it comes to cybersecurity, Singapore is the safest country on Earth.
Or, at least, it used to be.
But in July, Singapore, which was ranked by the United Nations’ International Telecommunications Union (ITU) as home to the world’s best cybersecurity infrastructure just one month earlier, got hacked.
According to Singapore’s own Auditor-General’s Office (AGO), a string of numerous lapses were discovered throughout the city-state’s ministry and agency IT systems, including unapproved administrative changes and unauthorized third-party access.
The AGO assessment of the government’s interlinked cyber network revealed illicit inputs in a range of computerized processes, from procurement and payment to financial controls and contract management.
The findings showed that all 16 of Singapore’s government ministries, 12 statutory boards and five government-owned companies had, essentially, been hacked.
As a result of those findings, Singapore’s legislators are now scrambling to pass a new cybersecurity bill that would require all persons with access to government or major corporation computers to have a special license and be subject to legal liability for any leaks that occur under their watch.
Considering just how much Singapore depends on the internet for everything from banking to academic training, that would include a significant segment of the country’s white-collar workforce.
Singapore IT techs are also busily trying to develop new hack-proof firewalls to protect the country’s vital cyber data and sensitive information about its citizens.
The government is also tasking its ministries and agencies to monitor their information databases more closely to avoid further incidences of hacking or unauthorized access.
But the process is not going to be easy.
In its assessment, the AGO reported that, over a three-month period, the country’s Central Provident Fund Board (CPFB), which is a compulsory national savings retirement program, a staggering 88.7 percent of database changes made by CPFB administrators were not pre-approved by appropriate authorities.
In that same office, it was revealed that at least 14 user accounts of former employees were still being used after the workers’ had ceased to be employed.
Similar examples of unauthorized database access were found across every aspect of Singapore’s government cyber activities reviewed.
“These types of violations of IT controls could compromise the confidentiality and integrity of the data in the systems, resulting in leakage of information or corruption of data used for computation of bonuses or subsidies under the schemes,” the AGO warned.
For now, the government has opted to cast its entire information operating systems back into the dark ages of the pre-internet era, ordering all national employee workstations to revert to non-cyber recording methods such as pen and paper and old-fashioned typewriters.
That is a stopgap solution, at best.
One of the world’s most technically developed nations is not going to be able to depend on manila folders and file cabinets for very long and still keep its status as a global economic and political player.
The international race to combat hacking and ensure cybersecurity is a nonstop battle.
The simple reality is that as soon as a new firewall or cybersecurity system is developed, someone, somewhere, is going to hack it.
It’s a lesson that Singapore has learned the hard way, and one that we all should heed, because, like it or not, whether you are a government entity, private business or individual, sooner or later, you will be hacked.
Thérèse Margolis can be reached at [email protected].