Sustaining and securing the digital economy

At apidays Singapore 2022, the Director of Singapore's Cyber Security Agency, Veronica Tan, presented a keynote on their efforts to cement Singapore's position as a safe place to do business. Here is an abridged version of Veronica’s keynote, including a description of the Cyber Essentials and Cyber Trust initiatives. There is also a link to the recording of Veronica’s presentation.

We’ve seen a remarkable shift to the digital economy in the last two years, as individuals and companies have sought to moderate the effects of the pandemic by digitising activities and information flows. But the shift has also exposed more people and systems to cyber attack. APIs, as a key building block of the digital economy, have increasingly been targeted.

Singapore is already a hub for trade and finance. In order to protect our digital activities, Singapore’s Cyber Security Agency is working to make Singapore a trusted digital hub. At apidays Singapore 2022, the Director of the Cyber Security Agency, Veronica Tan, presented a keynote on their efforts to cement its position as a safe place to do business.

Here is an abridged version of Veronica’s keynote.

Key points

  • Covid has accelerated the shift to digital
  • Transactions increasingly facilitated by APIs
  • Supply chain attacks on the rise
  • Singapore's Cyber Essentials and Cyber Trust marks
  • Cyber Essentials assessment
  • Cyber Trust assessment
  • Singapore Standards
  • How to become certified

The shift to digital led by APIs

The past two years of the COVID pandemic has accelerated the pace of digitalization. Consumers, companies and governments have embraced digital transactions. And APIs are key to the connectivity needed to make digital transactions possible. So we have seen a marked increase in API usage. As API traffic grows, unfortunately, we also see an increase in malicious API traffic.

Third party transactions increasingly facilitated by APIs

We have seen a major increase in supply chain attacks. And the statistics I'm showing here are taken off a report done by ESA, a cybersecurity agency are overseeing Europe. And they looked at some of the key drivers and the key motivations of supply chain attacks. In the past two years, 66% of the attacks actually focus on the supplier’s code, and 62% of the attacks exploit the trust of customers in their supplier.

Supply chain attacks on the rise

This is why it is timely and important to start thinking about cybersecurity, and how if you're a provider of API's, how to generate that brand of trust.

Singapore recently launched cybersecurity certification for enterprises called Cyber Safe and Cyber Essentials.

Cyber Essentials and Cyber Trust marks

These certifications are a visible indicator to demonstrate that your organisation has implemented specific cybersecurity practices. This helps you to build trust, by providing assurance to your customers that you are cyber safe. And this in turn translates into a form of competitive edge for your business.

Now, these are not product specific. For example, it is not specific to software development, or APIs. But it looks at the whole organization in totality, and the total posture of the organization from three perspectives, the people, the process, as well as the technology used.

Three dimensions

Cyber Essentials and Cyber Trust - three dimensions

I would like to offer three dimensions to think about. Number one, the extent of digitalization. If we look at the red bar moving from the left all the way to the right, this will be reflective of organizations that are a lot more digital, which translates to a larger attack footprint for attackers. It also means that you need to put in place more cybersecurity measures in order to say cyber safe.

The second perspective is from the nature of the industry that you're operating in or, if you're a provider, your customer is operating in. If you move from the left all the way to the right, typically in the more regulated industries, there will be a stronger level of scrutiny. And that's where it’s correspondingly important to also have more cybersecurity put in place.

However, we’re also mindful that this has to balance against the organization’s resources, which brings me to the third dimension, the organizational profile. Organizations come in all shapes and sizes, and we have a few of the larger enterprises and many of the smaller enterprises. For smaller enterprises that may not have the resources upfront to invest in cybersecurity, the cyber essentials map could be relevant to these situations. So the cyber essentials map is really essentially a map of cyber hygiene.

Certification enhances customer trust

We have found that digital leaders outperform their competitors in customer trust, because they have embedded risk and security into the forefront of their IT project cycles.

Cyber Essentials and Cyber Trust are Singapore Standards

Cyber Essentials and Cyber Trust under Singapore Standards

Where to learn more

Learn more about Cyber Essentials and Cyber Trust at: https://www.csa.gov.sg/Programmes/sgcybersafe/cybersecurity-certification-for-enterprises/cybersecurity-certification-scheme-for-enterprises

... or watch Veronica's full presentation: