A Deep Dive into Data Breaches and Cyber Threats - Webinar Summary

On 19 January 2022, DPEX Network presented a webinar on the first of five regional data protection trends for 2022 that had been identified earlier by DPEX Centre, the education and research arm of Straits Interactive. The webinar comes as part of a series that explores each of the five data protection trends predictions in detail.

View the 5 Data Protection Trends 2022 article and the infographic to learn more about the data protection landscape in the region for the year ahead.

Continuing on from the first webinar of the Five Regional Data Protection Trends for 2022 with a new panel of experts, topics discussed included the types of data breaches and cyber threats that are expected in 2022, as well as ways to minimise the associated risks.

The panel of speakers included:

• Mr Philip Ng, BitCyber
• Mr Andrew Lai, Associated Insurance Brokers
• Mr Alvin Toh, Straits Interactive

Become an effective data protection officer (DPO) by enrolling in our Practitioner Certificate in Personal Data Protection course here.

To watch the webinar in full, please sign up to be a DPEX Network community member, log in and visit the Resources > Videos section on www.dpexnetwork.org, the evergreen recording will be made available within two weeks after the webinar.

Healthcare industry will continue to be targeted

Other than breaches arising in contact tracing apps, breaches in the healthcare sector are expected to continue to rise. Not only are the big pharmaceutical companies being targeted, but there are also instances of personal data being exposed. According to Alvin Toh, Chief Marketing Officer (CMO) of Straits Interactive, staff training is essential to handle the influx of personal data for organisations.

“Medical data is actually the most precious in the dark web. To give you an indication, credit card (details) are worth 30 to 40 cents, but medical data is worth 10 times of that,” said Alvin Toh.

Third-party vendors and service providers in the healthcare industry should also be aware of the breaches in the industry and how they can draw lessons from it to improve the way that the organisation handles data, he added.

In addition, regional breaches due to work-from-home (WFH) arrangements, phishing and scamming are also rising. Government agencies are also increasingly being targeted by hackers as well, leading to more breaches.

Cyber attacks are on the rise

Cyber crimes are rising and account for almost half (43%) of the total crime rates in Singapore in 2020 according to the statistics from the Cybersecurity Agency of Singapore (CSA). The common types of cyber attacks include phishing, ransomware, and spoofing.

“In fact, phishing remains the primary attack method that any hacker would use to begin an attack on companies, groups or individuals,” said Philip Ng, Co-founder & CEO of BitCyber, a cybersecurity firm in Singapore.

He shared that it was easy for scammers to fake the Sender ID in SMS text messages. He recommended that consumers be wary of shortened URL links and not click on them. Additionally, he shared “six cyber defence essentials” that organisations should do to improve their cybersecurity posture.

Key trends in cyber insurance

With the rise of cyber threats, cyber insurance can be seen as a good investment for organisations as it is no longer a matter of if a breach will happen to an organisation but when.

“The first key trend is, honestly, that cyber insurance is value-for-money for my clients and we know this because the insurers in Singapore are paying claims. Since 2012 until now, the claims have basically increased effectively by seven times over every year,” said Andrew Lai from Associated Insurance Brokers.

He added that the largest cost of a cyber attack is not the fine issued but the extra expense incurred to resolve the situation, such as crisis communications, forensics investigation and external legal resources. It is important for organisations to note that cyber attacks have multiple costly components that can be insured other than fines.

To get the most suitable insurance for organisations, consulting specialist brokers would be preferable to obtain the best price, as insurers are adjusting insurance rates due to rising breaches and require more information.

Several questions were asked during the question-and-answer session that followed:

• Is the Credence Data Trust Rating System (DTRS) equivalent to Data Protection Trustmark (DPTM)?
• Is an insurance broker considered a data intermediary or organisation? What is the relationship between broker and client under the Personal Data Protection Act (PDPA)?
• Would an offline stand-alone system still require patching?
• QR codes are widely used but how do we know the authenticity of the QR code? As a consumer, what should we look out for and how do know that the QR code has not been tampered with?

To watch the webinar in full, please sign up to be a DPEX Network community member, log in and visit the Resources > Videos section on www.dpexnetwork.org, the evergreen recording will be made available within two weeks after the webinar.