Singapore’s ability to fight a rising threat from hackers is hindered by a skills shortage and lack of awareness among companies, according to the computer security firm that runs a state-supported training center.
“We do see a lack of capability and capacity in skilled professionals, and that’s partly due to massive demand across the world that stretches an already small, existing pool of people,” Bryce Boland, Asia Pacific chief technology officer at Milpitas, California-based FireEye Inc., a cybersecurity firm, said in an interview in Singapore last week.
Singapore, a global financial center which relies on its image as a safe and stable location to lure business, has suffered high-profile online attacks on government websites and security breaches involving companies’ client data in recent months. Cybersecurity risks pose a challenge as the government steps up efforts to link public facilities and infrastructure for real-time data in Southeast Asia’s only developed nation.
“Organizations increasingly recognize that the approach toward cyber security must be organization-wide,” said Lyon Poh, head of IT Assurance and Security at KPMG LLP in Singapore. “However, they lack people with the experience to set up a comprehensive cyber security defense system to promptly detect and respond to cyber threats.”
FireEye’s center of excellence, a collaboration with Singapore’s Infocomm Development Authority, began in January. It trains cybersecurity professionals and develops malware detection and prevention. The number of cybersecurity professionals in Singapore fell to 1,200 last year from 1,500 in 2012, Boland said. That represents 0.8 percent of the city’s total information technology workforce, according to Bloomberg calculation using data provided by the authority.
Delays in adopting cybersecurity capabilities could result in a loss of $3 trillion in economic value by 2020 globally, The World Economic Forum said in a report in January 2014.
Target Corp., the Minneapolis-based retailer, was the victim of a massive data breach in December in which credit-card data for 40 million customers was stolen. In November, the website of Singapore Prime Minister Lee Hsien Loong was hacked. Earlier this month, the Singapore government said 1,560 online identification accounts used by residents to access services including personal income tax filings and pension savings statements had probably been tampered with.
Some companies remain resistant to the idea of improving cybersecurity measures amid a landscape of increasing attacks.
“Many times we try to explain to customers in terms of what is happening in the real world,” said Stephanie Boo, FireEye’s regional director for Southeast Asia. Customers sometimes say “this sounds really very much like a Hollywood movie plot,” she said.
While online threats have become more sophisticated in recent years, many organizations lack awareness and urgency to deal with them, said Boo.
Meanwhile, the business model of hackers has evolved, with the ability to buy and sell malware packages in black markets, which enables anyone to perform cyber espionage, she said. Malware is short for malicious software.
A “good zero-day attack” that exploits previously unknown vulnerabilities in a computer application can be bought for $750,000 on the black market, Boo said. Typical buyers range from governments to companies that “use it for cyber espionage or basically to get information about their competitors,” Boo said.
While hackers sent e-mails containing malicious attachments in the past, they now research their targets and their networks and interests before launching a targeted attack, a method that is common in Southeast Asia, FireEye’s Boland said.
“They are able to obfuscate and dynamically modify attacks so that each attack instance looks unique so it can’t be detected with signature-based technologies anymore,” he said.
With an increased awareness of the risks of attacks, the industry expects greater demand for cybersecurity in Singapore. FireEye forecasts global revenue will grow as much as 157 percent in 2014, Boland said.
Enterprises in Asia are expected to spend about $230 billion in 2014 to deal with issues caused by malware deliberately loaded onto pirated software, according to a study conducted by research firm IDC and the National University of Singapore. Of that, $59 billion will be to deal with security issues and $170 billion for data breaches.
FireEye was funded in part by the U.S. intelligence community. In-Q-Tel, a venture-capital firm started by the Central Intelligence Agency to back companies with emerging national-security technology, invested in FireEye in 2009.
A survey by human resources firm Robert Half International Inc. this month showed that 60 percent of financial services firms in Singapore are anticipating increased spending on cybersecurity, compared with 44 percent in Hong Kong.
Forty-two percent of financial services firms in Singapore that employ more than 1,000 employees plan to hire permanent employees to manage cyber security, the survey of 150 financial leaders showed. Salaries of IT security experts are expected to rise 10 percent this year compared with 2013, it said.
“Every information professional should be an information security professional as well,” Boland said. “They should be thinking about ’how do I ensure that what I’m building doesn’t create a hazard for the customers and business I built it for.’”