Mr Khoong Hock Yun, Assistant Chief Executive, Industry Infocomm Development Authority of Singapore Opening Speech - Infocomm Security Seminar, Raffles City Convention Centre
Mr Khoong Hock Yun, Assistant Chief Executive, Industry
Infocomm Development Authority of Singapore
Opening Speech - Infocomm Security Seminar, Raffles City Convention Centre
Singapore, 5 February 2004
Ladies and Gentlemen,
Introduction1. In today's increasingly connected world, organisations and businesses are becoming exposed to security threats at any time, and at any place. This is the real situation that we will have to face as we embrace technology, and leverage on them for our businesses.
2. Currently, there are two main security-related business concerns arising from the thriving Internet economy. Firstly, it is the pervasiveness of Internet as a medium. As businesses turn to the Internet and other wireless devices for example mobile phones as new distribution channels to supplement their traditional brick-and-mortar businesses, it requires them to "open" their networks to allow communication between internal systems with extranets and with the Internet. This "opening" of the networks and the use of wireless devices, in turn, creates a strong impetus for secured systems that support interoperability and portability. Hence any compromises to these systems will result in erosion of brand equity and loss of consumer confidence, leading to the inevitable weaker profit levels for businesses.
3. Secondly, it is the cyber attacks on businesses with online presence. According to a report by Internet security firm Riptech Inc., cyber attacks globally against public and private organisations leapt by 28% within 6 months from 160,000 in January last year to 180,000 by July the same year. Specifically, the 2002 Asia Info-Security Practices Survey reported that 50% of Singapore organisations surveyed reported at least one security breach in that year1.
Infocomm Security and Business Excellence4. The above concerns will become increasingly heightened as incidences of compromises to the computer systems will continue to grow as technology becomes a necessary component in daily business operations. However, security compromises are costly to businesses.
5. Many of us would have read about the malicious computer virus - MyDoom - that has attacked corporate emails like wildfire just last week. Besides causing major damage through the sheer volume of emails that it is generating, it also leaves a backdoor wide open for hackers to take control of the machines and misappropriate passwords, credit card details, or for other illegal purposes. MyDoom is now estimated to have caused US$38.5 billion of economic damage worldwide so far in terms of overtime payments, contingency outsourcing, loss of business, bandwidth clogging, productivity erosion, management time reallocation, cost of recovery and software upgrades. Private and publicly listed corporations; universities and schools; large and small organisations; as well as home users, are continuing to report some online delays, congestion and email service disruption worldwide2. The Sobig Virus last year cost US$37 billion in total arising from productivity loss and expenses related to testing, cleaning, and deploying patches to computer systems worldwide.
6. Hence early detection and warning is one of the ways to help business cut down on unnecessary losses. In 1997, IDA, in collaboration with the Centre for Internet Research in NUS, set up a one stop centre for security incident response in Singapore. This centre is the Singapore Computer Emergency Response Team, or SingCERT in short. Besides helping to facilitate the detection, resolution and prevention of security related incidents on the Internet, SingCERT also broadcasts alerts, advisories and security patches. Businesses who wish to receive these alerts and advisories should subscribe to its mailing list via its website (www.singcert.org.sg). Finally, as a national CERT, it also collaborates with security vendors and other national CERTs to find solutions to security incidents, as well as promote security awareness through courses, seminars and workshops.
7. We also have the TrustSg Programme, a nationwide trust mark initiative that aims to promote good e-business practices and heighten awareness of trust marks among businesses and consumers. Implemented by the National Trust Council (NTC) - an industry-led body with government support - the programme aims to build confidence in e-transactions among businesses and consumers so as to facilitate e-commerce growth in Singapore.
8. By adopting good e-business practices, businesses will be able to set up a minimum line of defence against cyber attacks. This in turn will give their customers the confidence in making online transactions with them. Our savvy customers need to have the assurance that the company understands and values the importance of data privacy and online security, and adheres to the approved code of conduct for doing business over the Internet. IDA is currently helping to defray part of the certification fees that businesses will have to pay for when applying for the TrustSg seal. We strongly encourage businesses that have yet to obtain the seal to apply to the Authorised Code Owners (ACOs). Currently, the two ACOs in Singapore are CommerceTrust Ltd and the Consumers Association of Singapore (CASE).
Infocomm Security - A Window of Business Opportunity9. Business opportunities abound within the Infocomm security sector. According to IDC, global corporate spending for IT security and business continuity solutions is expected to more than double from US$66 billion in 2001 to US$155 billion in 2006, twice as fast as the overall total IT spending3.
10. It is also reported in a recent BT article that the Singapore's market for infocomm-based security solutions is estimated to reach US$430million by 2007, growing at a 27.2 per cent annual rate between now and then4.
11. In fact, this high demand for new and effective security solutions is not only for Singapore but for the Asia-Pacific market as well. For the Asia Pacific region outside of Japan, government and companies are expected to spend US$4.1billion on ramping up their security systems by 2007 - from under US$1.7billion in 2003. Countries such as Australia, South Korea and China will constitute the largest share of this market.
12. Infocomm security will remain a topic of great interest. On our part, IDA has launched the SAFE (Securing Assets for End Users) programme last September with the aim to catalyse the growth of Singapore's infocomm security. Specifically, we want to continue with our efforts to build a secure and trusted business environment of a higher quality so that business owners like yourself can continue your operations as usual.
Conclusion13. Today's seminar is part of the SAFE programme where we hope to increase our awareness of the prevalent Infocomm security threats and challenges. It is thus our privilege to have with us three international and local experts in the Infocomm security field. They bring with them many years of invaluable experiences and expertise in this area. I will leave it to them to share with you in greater details on the current Infocomm security trends and challenges, and more importantly how your businesses can respond to these challenges with the relevant strategies.
14. In parting, I urge of that all of you will continue be vigilant as it is always better to be safe than sorry! On this note, let me wish all of you present a good afternoon ahead. Thank you.
1"Information insecurity: Information security challenges for Singapore Businesses", Strategic Intelligence, 17 January 2003. In Hong Kong, it is 71%, Malaysia is 63% and Australia it is 45%.
2 1 February 2004 News Alert "MyDoom becomes most damaging malware as SCO is paralysed" in http://www.mi2g.com/
3 "IDC finds IT security and Business Continuity Market Poised to Double in Size by 2006", IDC, October 2002.
4"Big Opportunities for Singapore in US IT Security" in Business Times, 15 Jan 2004.