Singapore Reacts To SolarWinds Hack Through Revised Cybersecurity Measures
The Monetary Authority Of Singapore recently rolled out revised plans for countering cybersecurity threats in light of the recently discovered SolarWinds hack in the U.S. The new measures will allow financial institutions in the city state to shield themselves more effectively against hacking. The MAS guidelines require financial institutions in the country to take a more proactive approach to evaluating their third party providers and vendors. Banks, insurance companies, trading firms and companies that offer remittance services will be required to adhere to the new guidelines.
What is the SolarWinds hack?
SolarWinds is a Texax-based tech company that provides software solutions. However, it is not just any software company. The network management company provides its services to a multitude of companies including Microsoft. SolarWinds has more than 300,000 clients including government agencies such as the U.S Cyber Command, the FBI, Homeland Security and many others.
Hackers believed to be Russian managed to hack into the network management company and injected a malware into SolarWinds’ program called Orion which was downloaded by more than 18,000 clients as part of updates. The hackers were thus able to expand their infiltration stealthily and with ease. It is believed that the hackers went about their business undetected for more than 9 months, which is enough time to steal a lot of data which can later be used to carry out cyber warfare and other malicious activities.
The SolarWinds hack is believed to perhaps be the largest cybercrime activity of the century. Analysts believe that it went on for so long before it was noticed because of the presidential elections. The concern now is that it is still unclear what kind of sensitive data the cyber attackers managed to steal. Another major concern is that it was such a deep hack that experts are unsure of how to eliminate the extensive threat.
SolarWinds hack sparks growing cybersecurity concerns?
If the governments of Singapore and other countries are not afraid of the hack, then they definitely should be. If the hackers can infiltrate systems in the U.S, then they can also infiltrate other governments and cause unknown damage. For example, a malicious hacker may disrupt essential systems, causing a systemwide crash.
Singapore’s government is taking precautionary measures through MAS by implementing the necessary measures to ramp up protection measures against cybersecurity threats. Its approach particularly focuses on financial services because they are an essential part of the economy and disruption to such services may bring an economy to its knees.
“The recent spate of cyberattacks on supply chains, which targeted multiple IT service providers through the exploitation of widely-used network management software, is a clear indication of a worsening cyber threat environment,” the Monetary Authority of Singapore recently noted in a press statement.
The emphasis on thorough oversight
The recently released guidelines aim to protect the financial sector which is the most sensitive to malicious cyber-attacks, especially with the increasing use of social media. The Central Bank of Singapore stressed the need for extensive oversight on third-party providers to avoid loopholes that may pave way for hacks.
Closing the loopholes through that may arise through third-parties should be a strong line of defense that will minimize exposure. As per the recent guidelines, financial institutions are expected to vet third parties and scrutinize their offerings before signing contracts or entering into agreements. This includes thoroughly evaluating and reviewing software code before it is approved for use.
Taking a hands-on approach to cybersecurity
The guidelines also require financial institutions to conduct stress tests to determine if their cyber defenses are sufficient. The guidelines also highlight the need for organizational structures to have people equipped with the right skills even in the board of directors. For example, the chief information security officer and chief information officer should have the necessary skill and experience. They should also take on the work of managing cybersecurity risks.
The right measures are increasingly necessary with the increased reliance on services provided by third-parties. They may provide hackers with access points through which to push their malware like I the case of SolarWinds.
Singapore is acting fast in response to the SolarWinds hack
Singapore is one of the countries that are using the SolarWinds extensive cyberattack as a learning opportunity that might help overcome potential threats in the future. It will allow organizations to be better prepared for such attacks rather than waiting for the attacks to happen so they can react.
Aside from the financial sector, other key areas could be targeted, leading to devastating effects. Government organizations in particular, should be keen on implementing the right precautionary measures against cyber threats. Such large attacks could give access to military secrets and who knows how dangerous that could be.
The cloud of uncertainty
If the SolarWinds hack has highlighted just how the slightest of loopholes or vulnerabilities can be tapped. It also demonstrates the prowess of the hackers especially considering that they managed to infiltrate government agencies and pitched camp for roughly 9 months before they were eventually discovered. That is a lot of time for hackers to spread their mischief and collect critical information. What they will do with that data is anyone’s guess.
The hack also raises the question of whether the current and suggested security measures will be sufficient to ward off future cyberattack attempts. Russian hackers have become notoriously good at their jobs, and the Trump administration has been criticized for being laid back in handling security measures. President Joe Biden promised to take execute stern measures through his administration. Nevertheless, the Russian government will likely distance itself from the recent actors, in which case nothing further can be done politically.
The only thing that can be done is to take the necessary steps and precautions to prevent such security breaches in the future. Singapore already seems to be on the right path courtesy of the recent announcement by the MAS. The government will hopefully maintain the currently high level of cyber alertness moving forward.