Info Image

Why Identity Protection is a Critical Component to Securing Singaporean Businesses

Why Identity Protection is a Critical Component to Securing Singaporean Businesses Image Credit: LuckyStep48/BigStockPhoto.com

In October 2021, the Cyber Security Agency of Singapore (CSA) refreshed the country’s cybersecurity posture when it published the Singapore Cybersecurity Strategy 2021.

Strategy 2021, as it’s often referred to, is an important step forward. It updated the country's first strategy, which was launched in 2016, and is built on three strategic pillars: building resilient infrastructure, enabling safer cyberspace, and enhancing cyber cooperation.

It is built on two key foundation enablers. Singapore must develop a vibrant cybersecurity ecosystem and train homegrown talent that understands Singapore’s unique position and the threats it faces.

The approach is well thought out, and addresses issues facing many countries, including supporting women to pursue careers in cybersecurity. Strategy 2021 dives into key security issues, including securing devices and digital infrastructure. However, one area which is overlooked is securing individuals’ identities.

Identity-based attacks, where hackers use phishing and other techniques to steal login credentials, represent a large threat to government agencies and businesses. Once threat actors have secured credentials, they can simply log into the system and cause multiple types of mayhem. 

Singapore needs to take a serious look at Identity Threat Detection and Response (ITDR) as a way to push back attackers and protect data, digital assets, and funds from being stolen.

Identity-based attacks are on the rise

Identity-based cyber threats are on the rise. A Verizon 2021 report found that credential data factored into 61% of all data breaches. Research firm Gartner estimated that by next year, 75% of all security failures will result from “inadequate management of identities, access, and privileges.”

It’s becoming increasingly clear to security professionals that robust identity security is of paramount importance. Without securing credentials more effectively, businesses and governments have little chance of preventing data breaches and other cyberattacks.

All of which brings us back to  Identity Threat Detection and Response (ITDR). As its name suggests, ITDR is about protecting credentials, privileges, entitlements, and the systems that manage them. It fills an essential gap in the identity security landscape. While  Identity and Access Management (IAM), Privileged Access Management (PAM), and Identity Governance and Administration (IGA) solutions focus on authentication, ITDR looks for credential misuse, entitlement exposures, and unwarranted privilege escalation activities. ITDR looks for attacks that target identities and then provides fake data that sends the attacker to a decoy.

ITDR is especially effective as it helps to manage the attack surface by providing Singaporean organizations with visibility of exposures that could leave the company open to an attack. These exposures include credentials that are stored on endpoints or misconfigurations that allow attackers to extract data.

ITDR is a natural extension to any Endpoint Detection and Response (EDR) solution, as it tightens security and increases the level of difficulty for attackers to break into a network and steal funds or data. It expands attack surface management, making the entire network more secure.

Hardening security In Singapore

As Singapore looks at its digital future, it must consider new tools for establishing identity. The technologies of trust are vital for online authentication, as they are used to confirm user identity and validate access that those users have.

Integrating ITDR into Singapore’s cybersecurity strategy enables the country’s businesses and government agencies to defend against serious cyberattacks. 

Author

Jeremy Ho brings forth 20 years of experience in Cyber Security, ranging across Sales and Technical functions - taking new offerings into the market, with proven track records of building businesses and overachieving. Jeremy is also an experienced manager who oversees a multi-national team across the APJ region – covering both direct and indirect selling through channel partners.

PREVIOUS POST

Push to Eliminate 'Digital Poverty' to Drive Demand for Satellite-Powered Broadband Connectivity Post Pandemic