Live & Learn
Cybersecurity Awareness in Singapore

Contributed by Cindy Tan

A high-tech, advanced nation such as Singapore is no stranger to Internet usage. With 81.3% of the country’s population being Internet users you’ll hardly see anyone who isn’t glued to their smartphones or laptops on public transport or in cafes.

Since the dial-up days to the current age of fibre optic network, Internet usage in the country has spanned almost two decades. But Singapore has only just begun to create cyber security awareness via roadshows and campaigns.  On 11 February 2017, the Cyber Security Agency of Singapore (CSA) launched its first national cyber security awareness campaign – the “Live Savvy with Cybersecurity” campaign.


Think of your computer like your house. All of your assets, personal items and private data are stored in there. To keep it safe, you’d need a sturdy lock. In the cyber world, your lock is your password.

But having a password is not enough; it has to be strong enough that hackers – the burglars of the cyber world – can’t access your personal information.

You must be thinking that it’s just common sense, but you’ll be surprised how many of Singapore’s Internet users do not practice good cyber security hygiene.

The key findings of CSA’s first Cybersecurity Public Awareness Survey revealed that “one in three does not manage their passwords securely, for instance by storing their passwords on their computer or writing them down (33%), or using the same passwords for work and personal accounts.”

41% of respondents who use cloud storage services and USB devices “admitted to not conducting virus scans” before opening the files, while six in 10 respondents connected to non-password-protected public Wi-Fi networks without knowing if they posed any security risks.

Essential services such as banking, healthcare, transport and more are powered by Infocomm technology, especially in an open economy like Singapore. As we rely heavily on trade with major economies of the world, an attack on our Critical Information Infrastructures (CII) could have serious repercussions.

“Since many Singaporeans have their personal information stored within Government’s various portals (E.g. CPF, HDB, IRAS), naturally these agencies must ensure their systems are robust and secured. Needless to say, security is a top priority for banks as people transact millions of dollars online daily,” says Kelvin Lew, operations manager of

Not only do major businesses, banks or government portals require a high level of cybersecurity, SME’s do too.

“An online business selling cakes would also require some form of protection to prevent hackers from stealing customers’ information,” Kelvin adds.

According to a statement by CSA, the size and location of your business are becoming increasingly unimportant, as all companies compete on a level playing field in an Internet-connected global village, where consumers can choose to buy anything from anywhere and at any time.

On a personal level, as we rely increasingly heavily on data transmission via tech devices such as USB as well as file transfer and web storage services such as WeTransfer, Dropbox, and emails, it’s now easier than ever for viruses to spread on our computers.

While scanning your downloaded files or USB drives for viruses can be time consuming, it may just be an extra step that we have to develop a habit for.


What is the nation doing to defend its CII against cyber attacks? The Cybersecurity Agency of Singapore will work with CII operators and the cybersecurity community to implement a CII Protection Programme. It includes building more National Cyber Incident Response Teams (NCIRT), enhancing Disaster Recovery Plans and Business Continuity Plans of critical sectors. A new Cybersecurity Act will require CII operators to be responsible for securing their networks.

An essential part of the programme is to instill a culture of cyber risk awareness across all levels of an organisation. Cybersecurity is no longer the sole responsibility of the IT department. From CEO to employee, each person in the company has a part to play.

Apart from preventing hackers from obtaining your personal data, one also needs to be able to know how to avoid Internet scams, which have become increasingly common in recent years. While the relevant authorities have been trying to raise awareness of this issue, the only solution so far is for victims to lodge a police report, which shows that Singapore is not yet well equipped to fight cybercrimes of such a complex nature.

How can we prevent ourselves from falling victim to Internet scams? Don’t give out personal information to strangers. Don’t lend money to people you barely know and whom you’ve only corresponded with online. Again, that may be common sense to many of you, but the rise of scamming incidents have proved that education and awareness is lacking in a handful of Singapore’s Internet users.


As an emerging sector, Singapore has yet to develop a vibrant cybersecurity ecosystem. However, the government has plans to establish a professional workforce through scholarship and sponsorship programmes for students as well as promoting internationally recognized certifications for existing professionals.

While these are baby steps forward, the cost of obtaining certifications is still a cause for concern for current cybersecurity professionals. “Most of the cyber security training courses are quite expensive and though some of it have CITREP funding and can utilise SkillsFuture credit, more can be done to lower the cost for professionals. Having one security certification is not enough as there are several trainings required to sharpen professionals’ skills and knowledge,” Kelvin explains.

There is also a market shortage of professionals not only locally, but also on a global scale as companies are bringing their business online. Kelvin goes on to tell me that several application systems are required for these companies to run their day-to-day operations. To ensure these systems are safe from vulnerabilities, professionals are to perform vulnerability assessment and penetration testing. These skill sets are not easy to acquire and definitely requires time to hone.

The responsibility of developing a vibrant cybersecurity ecosystem does not simply fall only on professionals. “Everyone plays a part in cyber security and every individual needs to know the consequences of their actions on the digital world we are living in,” says Kelvin.

For more information on cybersecurity, visit