It is tough enough to keep a sprawling IT network safe from external threats, but it is increasingly difficult to protect it from within as well, according to VMware, Inc., a global leader in cloud infrastructure and business mobility. The new “VMware Digital Workspace Study” revealed that more than one in three Singaporeans (38 percent) are using unapproved personal devices for work – the highest in ASEAN – creating huge vulnerabilities for Singapore companies. The exposure to data breaches and the business risk could be significant as half of Singaporeans do not always comply with their company’s IT policies or do not know them at all.
VMware’s Digital Workspace Study highlights that 66 percent of Singaporeans use their mobile devices to check work emails. Considering the significant number of Singaporeans who use unapproved personal devices for work, this can significantly increase an organization’s susceptibility to hacking and cyber-attacks.
“The real question here is: As we move into this new reality where young employees have grown up with the Internet and want to be always on and always connected, how do companies embrace these technologies without compromising security?” said Ron Goh, President, Southeast Asia and Korea, VMware.
“End-users that bring their own devices to work simply want the applications they need to be readily accessible on the devices they that choose to carry. When a consumer technology works, they will use it instead of a corporate-deployed alternative. They expect self-service access and a unified experience that enhances their productivity and supports their work styles. From the survey it is clear that users will find their own way around corporate IT if businesses are unable to deliver,” Goh added.
The BYOD threat goes beyond hardware devices as the study finds that 81 percent of Singaporeans face difficulties when using work apps. Almost half of Singaporeans (45 percent) identified having too many passwords to remember as the top challenge when using work applications. To overcome these challenges, employees prefer using the same password across devices and applications (31 percent) or saving them as notes on mobile devices (28 percent).
“Employees who use the same security password are making themselves and their organisations prone to heightened security risks. Once a criminal has obtained a password for one account, they can easily access multiple accounts and build a detailed profile of someone,” Goh explained.
Together with Malaysia, Singapore tops the region in terms of a mobile workforce, with 2.5 devices per person on average. However, majority of Singaporeans have negative views about their IT department – the highest among SEAK countries. Thirty percent of Singaporeans agree that IT restricts their flexibility at work and 25 percent think that IT creates complexities in processes.
“There is an urgent need to break down technology silos and tackle shadow IT by standardizing on a digital workspace platform. The mobile workforce needs a simple, single log-in environment to access all of their apps and services – across devices – while keeping personal and professional data separate,” said Goh.
“Ultimately, users want simplicity while IT wants security; users want choice while IT wants control. Enterprise companies tend to focus on the security part but often have issues with consumer simplicity. Yet, both are crucial steps in driving the digital workplace and enabling unified apps and delivery with unified endpoint management. Businesses that are able to provide secure access to increasingly mobile workforces while managing the growing diversity of applications, data and devices will thrive in the digital era,” he added.
Computer Misuse and Cybersecurity Act (CMCA) amended to deal with cyber crimes
Just this week, the bill to introduce changes to the existing Computer Misuse and Cybersecurity Act (CMCA) was passed in Parliament. The new amended Bill aims to increase risk awareness and digital capability amongst businesses, especially SME’s. SME’s can now get in-person advice on areas such as cybersecurity from the new SME Technology Hub, which will be set up by Media Development Authority of Singapore.
The new amended Act criminalises the act of obtaining, and dealing with accessing a computer illegally, or using hacking tools that includes malware and port scanners, which can be readily obtained online. It is also an offence for someone to commit a criminal act while overseas against a computer located overseas, if the act causes or creates a significant risk of serious harm in Singapore. The Ministry of Home Affairs define serious harm as injury or death or disruptions to essential services.
On top of that, the new Act allows the authorities to combine multiple illegal acts against a computer under a single charge, giving way for the application of enhanced penalties when the combined acts result in high aggregate damage. The Act also criminalise the act of dealing in personal information obtained in contravention of the CMCA.
During the Budget Speech this year, Finance Minister Heng Swee Keat also said that with increased digitalisation, “data will become an important asset for firms, and strong cybersecurity is needed for our networks to function smoothly.” He said that the Cyber Security Agency of Singapore (CSA) will work with professional bodies to train cybersecurity professionals and more than $800 million will be made available to kickstart these programmes. Minister for Communications and Information Yaacob Ibrahim will elaborate these initiatives at the Committee of Supply (COS) debates, he added.