Why organisations must fight a “cyber war”, according to Andeed Ma, president of the Risk and Insurance Management Association of Singapore
While the COVID-19 pandemic has gripped the world economy, cyber risk remains a constant threat for companies across the Asia-Pacific region. Organisations must fight a “cyber war”, argues Andeed Ma, president of the Risk and Insurance Management Association of Singapore.
Since becoming the president of RIMAS in February, Andeed Ma has outlined cyber risk as one of the biggest challenges facing organisations in the city-state. Following several high profile data breaches, Singapore is on high alert.
StrategicRISK spoke to Ma, a former captain in the Singapore armed forces, about the work RIMAS is conducting to educate and inform organisations about cyber risk. The association wants companies to safeguard key data assets as cyber-attacks become more common.
Ma, who works in the healthcare sector, says Singapore is undergoing a rapid digital transformation. Risk managers need to “transform ourselves” accordingly, he believes.
“We have launched an application that allows all of our members to collaborate. We meet, we discuss, we hold meetings around cyber risks. It is challenging, and communication takes a while, but we want people to understand that technology will be part of their life.”
He adds: “Here in Singapore we are undergoing rapid digital transformation. With that, there are a lot more incentives for perpetrators to take advantage. RIMAS took part in a national initiative to launch a security ‘cookbook’, to articulate these risks.”
Ma says the biggest risk facing companies was protecting and safeguarding data. The telecoms, healthcare, and critical infrastructure sectors have all been hit with significant attacks in recent years.
“There have been a few cases with attacks on data centres, especially on telecoms companies. Those are obvious targets, and anything deemed critical infrastructure. We have to think about how we prevent perpetrators from coming in. This is a cyber war. It is invisible. It is like a chronic disease. It doesn’t kill you, but it affects you over time and becomes more dangerous.”
He said cyber attackers would be particularly active in 2020, as Singapore heads towards a July election.
“Our healthcare system has been attacked several times with the intention of retrieving ministers’ health data,” he says. “Cyber attackers are doing their homework, and there is always a motivation behind their actions.”
Ma calls on risk managers to “think deeper” about where they source and upload information, and how they access data and risk in their organisations.
“A lot of organisations view cyber risk as the job of the IT person,” Ma says. “It is not, because the key risk is on the inside. Everyone at your organisation could be a potential risk. A single act of putting data in the wrong place, or retrieving data can lead to a compromise.”
While cyber attacks are often launched against multinational companies and state-owned critical infrastructure, small companies can also become a victim. RIMAS is working with Singapore-based entrepreneurs to inform startups about cyber risk and the damaging effects of attacks.
“Small companies often have a large outreach, and that requires serious attention,” Ma says. “They need a similar consideration. The question is, how can they reach out for help? We are trying to work with entrepreneurs to drive the message and share our learnings with small companies.”
In 2020, data and information is a crucial asset for every company. Ma calls data “the new gold”, and says organisations need to guard it as carefully as possible.
“Companies can literally sell a set of data at a specific price, and there is always a demand for it. Therefore it has a monetary value. The fact that it has value warrants risk management around it.”