Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
com/sg
The threat of cyber attacks continues to grow. The upsurge of new phishing methods
Executives are reporting that they detected may potentially result in the widened
more security incidents in the past 12 months, dissemination of malware, which has also
with the bulk of respondents (22%) detecting grown in complexity. Previously, in order
at least 3 incidents in the past year. More to for a malware to invade a device, users
significantly, 13% reported that they identified would first need to download, run, and
500 to 4,999 incidents, almost double the install a software. These days, new malware
figure from the year before (Figure 1). drive-by-download attacks are able to invade
a computer through the click of a link.
While certainly not new, the sophistication
of phishing methods (eg. spear phishing) has Around a third of the executives surveyed
evolved in recent years. In Singapore, around cited activists, activist organisations and
four in 10 executives reported their hacktivists as the most likely source of the
organisations fell victim to phishing attacks security incidents that took place over the
in the past 12 months, making it the most past 12 months (Figure 3).
pervasive cybersecurity and privacy threat
faced by organisations in the country,
as well as in the Asia Pacific region and
globally (Figure 2).
PwC 2
Meanwhile, the compromise of employee
records, followed by customer records, make
up the top 2 issues organisations in
Singapore experienced as a result of security
incidents (Figure 4).
0 or None 16
21
26
1 to 2 11
23
16
3 to 9 22
18
26
10 to 49 13
16
14
50 to 499 15
9
6
500 to 4,999 13
7
6
5,000 to 99,000 5
0
0
100,000 or more 3
2
2
Do not know 3
5
6
PwC 3
Figure 2 Areas where security incidents
occurred*
38
45
42
Phishing
attack
25
31
34
Consumer
technology
exploited Figure 3 Likely sources of security incidents*
(e.g., webcam,
home automation,
mobile apps, etc.)
Q: What is the estimated likely source of incidents?
28
35
31 % SG 2014 2015 2016
Unknown hackers 26
25
32 26
23 24
Former service 14
Operational Providers/consultants/ 23
contractors
technology 22
system exploited Organised crime 18
(e.g., industrial
control, plant 11
manufacturing 21
system exploited)
% SG 2016
64 53 53 56
62 50 53 57
69 66 66 65
CPO or similar executive in CISO in charge of the Employee security Require our employees to
charge of privacy compliance Security programme awareness training complete training on privacy
programme policy and practices
53 49 48 47
58 47 49 44
65 64 64 62
Limit collection, retention, and Require third parties Vulnerability Threat assessments
access of personal information (including outsourcing assessments
to the minimum necessary to vendors) to comply with
accomplish the legitimate our privacy policies
purpose for which it is collected
Alignment of 42
business objectives
with information 51
security strategy 47
74
63 66
44 46 43
40 40 37
36 34 34 34 34
32 30
27 27
‘123456’ remains the most commonly used Singapore also leads by a close margin in
password today. Users’ disregard for strong the adoption of multi-factor authentication –
password practices is one reason organisations comprised of a combination of authentication
in Singapore and worldwide are turning to safeguards – which is extensively applied by
advanced authentication technologies to add its financial institutions on functions such
an extra layer of security as well as to improve as online banking, financial transactions,
trust among customers and business partners. remote access and operations. The multi-
54% of executives surveyed in the country factor authentication used for online banking,
reported that the employment of advanced for example, often includes a combination
authentication has made online transactions of log-in passwords, hardware tokens, and
more secure for their organisations. one-time password (OTP) codes sent through
mobile phones.
While software token emerged as the more
widely adopted advanced authentication Cited by 40% of executives in Singapore
safeguard at the global and regional levels, as the priority safeguard that organisations
organisations in Singapore appear to have a will be looking into in the coming 12 months
stronger preference for hardware token partly (Figure 9), biometrics deliver a unique set of
due to its more tamper-resistant attribute convenience and efficiency whereby users are
(Figure 8). Taken in consideration that not required to remember passwords, and
software token is a newer form of advanced where the authentication payload does not
authentication, businesses will need to take expire. Additionally, biometrics may
the necessary precaution to ensure that their potentially be assimilated into multi-factor
base operating system and channels (e.g., authentication systems as an additional layer
mobile devices) are secured for the soft tokens of security in the future.
to be delivered.
59 60
59 61
70 57
Hardware Software
tokens tokens
52 50
47 43
55 54
57
59
51
Biometrics
(fingerprints, retina scans,
facial recognition etc.)
Biometrics 25
26
40
Behavioural 23
profiling and 24
monitoring 37
Mobile device 23
malware detection 26
35
Security strategy 24
for cloud computing 28
33
Security-event- 22
correlation tools 24
33
Use of virtual 23
desktop interface 22
(VDI) 30
Enhanced 47
Businesses are adopting open-source software scalability 55
for several reasons. The applications can be 55
PwC 13
Methodology
Get in touch
Survey 2017 is a worldwide study by PwC,
CIO and CSO. It was conducted online
PwC 14