Cyber security threats were once a matter of technology. People were not so much informed, and they preferred to leave the issue to people who were most engaged with the internet. However, the issue has developed into a global concern. No one is immune from cyber security threats. The threats are in the form of cyberbullying, ransomware attacks, and phishing. Organizations are more susceptible to threats. There are so many employees in organizations, and therefore, cyberbullies find organizations to be a great audience. Instead, they would attack massive groups of people and lead to more harm than launch their attacks on individuals. However, individuals also need to protect themselves against cyber security threats. This paper analyzes the threats in Singapore.
In 2020, the rate of cybercrimes accounted for 40% of the total crimes in Singapore. Currently, 26.8% of all the crimes reported in Singapore are cybercrimes. These are very massive numbers, and therefore, there is a problem that affects organizations in the country and the general state of affairs in the country. This paper analyzes the nature of cybercrimes in Singapore. It then discusses measures that organizations should put in place to ensure that they are protected from the crimes. The paper also highlights the role of the government and agencies, including the police, in protecting organizations from cyber security threats in Singapore.
Cyber security has several myths surrounding it. The truth is, both small and big business enterprises face threats. The difference is like threats. In 2020, the Covid-19 pandemic shook the whole world, and Singapore was no exception. While everyone complained of how much the pandemic had had a toll on their lives, cyberbullies thought otherwise. They used the opportunity to manipulate organizations and hence, the spike in the rate of cybercrimes during that year. There was fear and anxiety all over social media. The perpetrators impersonated government agencies and sent people false messages concerning the pandemic. Fear is one of the surest ways to get to the people. There were messages that the pandemic would soon kill everyone and that the ministry of health could do nothing about it. The messages circulated on social media quickly, and people could not focus on their work anymore. The health ministry in Singapore did all their best to put control measures in place, and the situation, however harmful it was, was being controlled. The false messages were circulating and served to drag people behind in their fight against the virus.
There were vaccination scams online, which cost so many people who fell for the trap. Cyberbullies generated messages asking people to pay for the vaccinations and get their vaccination reports online. The bullies created fake Covid-19 websites and spread malicious rumors on the websites. They created them using private software, and therefore, pulling them down would take so long. By the time the government managed to pull them down, they had scammed so many people. Therefore, cyberbullies gained so much power by extorting people during the pandemic. When employees join organizations, they take their personal information and store it in their database. The information includes academic and financial records. They are kept for analysis by the organization. Such information is useful when developing a compensation and promotion system in an organization. Hackers break into the organization’s database and steal the information. The hackers use sophisticated malicious software to carry out phishing attacks on the information. In other instances, some insiders collaborate with the hackers, giving them passwords to sensitive information in the organization. One would wonder what the hackers would do with employees’ sensitive information. They use the information to launch ransomware attacks. The rate of ransomware attacks in Singapore has risen by 154%. The attacks involve bullies taking possession of the organization’s sensitive information and using it to threaten the organization and its employees. These attacks have since shifted from SMEs to massive organizations. The attacks were previously indiscriminate and opportunistic and did not have a specific target. However, they have now shifted to specific targets for big organizations.
An attack was launched against the vendor Solar Winds. It was a supply chain attack, where malicious software was inserted into its database. The hackers managed to get information and used the leak and shame method. The method involves the hackers taking the organization’s sensitive information, making it inaccessible, and threatening to leak it to the public. The organization would then be in fear, and the hackers suggest a ransom that the organization has to pay for their information not to be leaked to the public. This is very manipulative and leads to losses in organizations. Once hackers have access to organizational data, they keep coming for more ransom, which is pulling down the economy in Singapore. Hackers also use command and control operations. They maintain compromised systems and suppress communication from the natural organizational communication centers. Such attacks only take some minutes but result in fraudulent dealings in the organization. There are currently 47,000 phishing URLs that have been reported in Singapore. Phishing targets big organizations, especially the country’s banking and finance sectors. The police and education sectors received the highest phishing emails in 2021. Web defacements have reported a decrease and are only currently targeted at SMEs. The reason might be that the attackers wanted a place to get a bigger audience. They have hence shifted to social media.
The big question is what organizations need to do in conjunction with the government and other agencies to protect cybercrimes. To establish the role of organizations, it is essential to identify the areas in which they have failed and, therefore, give a loophole to the attackers. The first problem is that there is poor network connection in most organizations. When the organization realizes that an attack has been launched, the attackers have already hacked the database. Organizations should update their systems and review network connection and cyber hygiene periodically. They would do this by installing software protection in their systems. That would ensure that any malware is detected and blocked in advance. Organizations should work towards identifying all the risk areas in the company. Such areas would include the database responsible for financial records. The areas would then be safeguarded with stronger passwords and higher scrutiny. Any potential attack should be thoroughly investigated. If the threat is confirmed, a case should be launched against the attackers. The best decision that an organization would make to protect itself from cyberbullying would be to install a system that detects a crime within seconds and before it is committed.
Organizations should also minimize collecting personal data in their databases. That would reduce the risk that they expose their employees too. Employees risk never getting employed elsewhere if their sensitive data is leaked to the public. Therefore, organizations should only collect information that is essential to the employee’s employment status in an organization. Organizations should also develop standards and codes to be adhered to by all employees and managers. There should be harsh penalties for any employee that breaches the code. Insider dealing can be controlled by paying fair wages and giving employees some days off. That would make all employees pay allegiance to the organization, and therefore, they would not choose to collaborate with hackers to help them access the organization’s passwords. Lastly, organizations should establish adequate risk management channels.
The role of the government is to ensure the effective implementation of the cybercrime law. There are legislations in Singapore that have already been put in place. The Cyber Security Act defines cyberbullying and offers protection of information from attack. The Computer Misuse Act defines offenses that are related to cyber security. The offenses include unauthorized access to systems of organizations and individuals, modification of information on computers, and modification of services. The Act further spells out the punishment for offenses related to cyberbullying. Cybercrime law provides for the acceptable behavior for ICT users and provides that there shall be sanctions for those who violate the acceptable standards. The criminal procedure sets the punishment for violation of the acceptable standards.
The punishment is meant to mitigate the losses incurred by the people whose privacy has been violated by cyberbullying. There is substantive, procedural, and preventive law in dealing with cybercrimes. The legislation that has been mentioned in this paper comprises substantive law. This kind of law is founded on the principle that there shall be no offense where no law has been prescribed. Therefore, cybercrime law clearly defines what cybercrime is and the punishment. Ignorance is no defense where the law is clear. The law prohibits specific cybercrime laws. Cybercrime includes traditional and real-world crimes and the crimes that emerge with current trends.
Procedural law refers to the processes followed in fulfilling substantive laws. Matters of jurisdiction apply in procedural law. If a cybercrime has been committed against an organization in Singapore, the case would have to be determined by a court in Singapore. Offenses of cyberspace do not have territorial boundaries and can be tried in any jurisdiction. The Republic of Singapore can try their national for a cybercrime, even if they were in another territory when they committed a crime. However, the crime must directly affect cyber security in Singapore. The government should ensure effective enforcement measures on how to prosecute cybercrime suspects. There should be more legal awareness on matters of cybercrime. The topic is evolving, and therefore, judges and attorneys should be notified of all developments in cybercrime. It would also be essential to compare how other jurisdictions have dealt with the same issue.
Decisions of other jurisdictions shall not be. The police would be instrumental in the fight by helping in the investigations and disclosure of evidence of cybercrimes. The police need adequate training on how to carry out investigations of cybercrimes. Evidence of cybercrimes is delicate and cannot be handled as definitive evidence. Therefore, the role of the police would be to ensure that the evidence is not distorted and that it is admissible in court and substantial. The police should also work on protecting organizations from potential threats.
In conclusion, the paper has discussed the nature of cyber security threats and how they destabilize organizations. They instill fear and anxiety in the spirit of organizations. The paper has highlighted the role of organizations, the government, and agencies in Singapore in ensuring adequate protection of organizations from cyber security threats. The threat is global, and therefore, it should not only be treated as an issue affecting Singapore. It should be addressed globally.
Ahmed M, ‘Ransomware: The Evolution of A Cybercrime’ (2019) 23 International Journal of Psychosocial Rehabilitation
‘Call For Revisions to Computer Misuse Act’ (2020) 2020 Network Security
De Bruijn H, and Janssen M, ‘Building Cybersecurity Awareness: The Need For Evidence-Based Framing Strategies’ (2017) 34 Government Information Quarterly References
Pool R, and Custers B, ‘the Police Hack Back: Legitimacy, Necessity and Privacy Implications of the Next Step in Fighting Cybercrime’ (2017) 25 European Journal of Crime, Criminal Law and Criminal Justice
Savaş S, and Karataş S, ‘Cyber Governance Studies In Ensuring Cybersecurity: An Overview of Cybersecurity Governance’  International Cybersecurity Law Review
Snider K and others, ‘Cyberattacks, Cyber Threats, And Attitudes toward Cybersecurity Policies’ (2021) 7 Journal of Cybersecurity
 Keren L G Snider and others, ‘Cyberattacks, Cyber Threats, And Attitudes toward Cybersecurity Policies’ (2021) 7 Journal of Cybersecurity.
 Hans de Bruijn and Marijn Janssen, ‘Building Cybersecurity Awareness: The Need For Evidence-Based Framing Strategies’ (2017) 34 Government Information Quarterly.
 Md Rifat Ahmed, ‘Ransomware: The Evolution of A Cybercrime’ (2019) 23 International Journal of Psychosocial Rehabilitation.
 ‘Call For Revisions to Computer Misuse Act’ (2020) 2020 Network Security.
 R.L.D. Pool and B.H.M. Custers, ‘The Police Hack Back: Legitimacy, Necessity And Privacy Implications Of The Next Step In Fighting Cybercrime’ (2017) 25 European Journal of Crime, Criminal Law and Criminal Justice.