Defeating Cybersecurity Through Hacking? First Internationally Certified Singaporean Firm Drives Up Security Standards
Cybercrimes have nearly doubled between 2014 and 2016, rising from 7.9% to 13.7% of all crimes, according to the inaugural Singapore Cyber Landscape report. PwC’s Global State of Information Security Survey (GSISS) further found that about 77% of Singaporean firms have detected at least one cyberattack incident in the last year. Despite this, 39% of companies stated that they are unprepared for cyberattacks and do not have an overall security strategy.
In today’s digital climate, companies must relook the way they build their online platforms to include cybersecurity systems from the get-go. Currently, the approach taken is typically to leave security testing to the end (i.e. when the platform is almost done), as a final precaution or part of compliance requirements. However, this would likely lead to data vulnerabilities in future that would prove even harder to resolve causing companies to lose their competitive edge.
As one of the largest financial hubs in the world, this afterthought culture towards cybersecurity can no longer be an option for Singapore.
Passionate about leading this change is Centurion Information Security (https://centurioninfosec.sg/). The first Singaporean company approved by CREST (internationally recognised accreditation that ensures professionalism of the technical cybersecurity industry) for Penetration Testing (i.e. hacking) and Information Security Consulting, Centurion is already raising the cybersecurity standards in Singapore.
Not limited by industry norms, Centurion’s approach is to understand what their clients’ cybersecurity goals are (e.g. what they want to protect) before deciding on the appropriate security test. Unlike the typical penetration testing done, Centurion goes the extra mile to personalise their security testing to not only detect and defend a company’s system – but even attack it to expose hidden weaknesses where necessary.
Tailoring their methods to clients’ needs, Centurion has gone as far as to take on the role of a hacker to help companies truly understand their security shortcomings and the damage that could potentially befall them. In one case where they were hired, a consultant simulated a full hacker attack. He physically went in to the company’s headquarters using common equipment like a laptop and wireless adaptor, found the place with the strongest signal (incidentally the toilet), and started hacking. Easily getting past security defences, he was able access their whole wireless network and access all personal information.
While unusual, Centurion is able to guarantee that every loophole has been exposed to better the company’s cybersecurity system. Ultimately through this, they were able to provide the client with an accurate and detailed breakdown of measures needed to protect themselves.
Believing that breaches like this occur because security was not a priority in the building process, Centurion advises that security testing needs to be enforced from the start and through every stage of the development. Rather than an afterthought or a quick-fix, this mindset shift must occur to allow Singapore to protect her cybersecurity vulnerabilities effectively.