Latest news with #DavidKoh
Yahoo
4 days ago
- Business
- Yahoo
S'pore vulnerabilities are no different from those of other nations: Commissioner of Cybersecurity
SINGAPORE – Cyber-threat levels have heightened amid geopolitical rivalries, with some states trying to coerce countries such as Singapore into taking or refraining from certain actions. Singapore's Cyber Security Agency's (CSA) chief executive David Koh warns that in this realm, the Republic's vulnerabilities are no different from those of any other nation. 'Train systems can be disrupted, power plants, water systems. It will move to a new dimension, where you will encounter real-world harms that will affect all of us,' he said. Mr Koh, who is also the country's first Commissioner of Cybersecurity, holds legal authority to investigate cyber threats and incidents, ensuring the continuity of essential services during cyber attacks. 'When we first started, the majority of threats were straightforward – web face defacements, DDoS (distributed denial of service) attacks. They were a bit more like digital graffiti,' said the former defence specialist in the armed forces, who has been CSA's chief executive since its founding 10 years ago. July 18 marks its 10th anniversary. These threats have grown in complexity as the economy has become more interconnected through the use of digital services. That means the agency has had to extend its umbrella, working with the private sector, to cover the man in the street. For instance, in 2024, CSA partnered with Google to launch Google Play Protect, which blocks malicious apps once detected. Google has since introduced the feature to places such as Brazil, India, South Africa, the Philippines, Thailand and Hong Kong. Mr Koh said that such a partnership would have been unimaginable 10 years ago. Today, besides chairing the United Nations' Open-Ended Working Group on cyber security, Singapore is also passing on its knowledge to its Asean neighbours and countries such as Japan, which is in the process of passing cyber-security laws. 'It is in Singapore's interest to support the international rules-based system; not just physical trade, but goods and services are increasingly also being transacted digitally,' Mr Koh said. Countries justifiably want control of their national security and have different tolerance levels for personal data sharing, he said, noting that interoperability can still be achieved. Singapore, Britain, Germany and Australia also co-lead the International Counter Ransomware Initiative. Singapore businesses, despite CSA's advice to refuse ransomware demands, routinely cave in, according to surveys. High-profile ransomware cases here in 2024 included those of law firm Shook Lin & Bok, the Jumbo Group and Mustafa. Recent polls by global security services firms Bitdefender and Sophos found that companies here are more likely than their global peers to keep silent about security breaches and pay up, and are less likely to negotiate the amounts. But there are no plans to legislate ransomware reporting, which is now voluntary. 'Cyber security, ultimately, is a risk management issue. It is not possible for us to mandate a standard of cyber security for everybody. It's not a one-size-fits-all,' Mr Koh said. Instead, the CSA hopes to raise reporting by working with the Singapore Business Federation to offer help to victims. With 70 per cent of companies that support the country's essential services coming from the private sector, the CSA has, over the years, evolved to assist businesses on security issues and work on training and professional standards. From about 70 employees when it started, the outfit has since grown to a headcount of around 500. Singapore was one of the first countries to establish a cyber-security agency and one of the first to have a Cybersecurity Act, which was enacted in 2018. The US, Britain, France and Australia were other leaders in the domain then. CSA's sphere now includes scams, national threats, cyber-security certifications and data security, which it works on with other government agencies, businesses and institutes of education and training. Singapore ranks well in cyber maturity compared with many countries, but the issue is how it compares with a determined attacker, Mr Koh said, urging Singaporeans to play a part. 'The weakest link can be the company that doesn't patch its software, uses weak passwords, or the supplier in the supply chain who makes a mistake, who doesn't take cyber security seriously. It could be the employee who clicks on the phishing e-mail, or the individual customer who comes in and has unsafe practices,' he said. Sometimes, extra security comes with friction. 'You need to recognise that this is a trade-off between convenience and security. Sometimes, it also translates into a little bit more cost. We must be willing to pay this cost,' Mr Koh said. Source: The Straits Times © SPH Media Limited. Permission required for reproduction Discover how to enjoy other premium articles here
Straits Times
5 days ago
- Politics
- Straits Times
S'pore vulnerabilities are no different from those of other nation: Commissioner of Cybersecurity
Find out what's new on ST website and app. Singapore's Cyber Security Agency's chief executive David Koh warned that in this realm, Singapore's vulnerabilities are no different from those of any other nation. SINGAPORE – Cyber threat levels have heightened amid geopolitical rivalries, with some states trying to coerce countries such as Singapore into taking or refraining from certain actions. Singapore's Cyber Security Agency's chief executive David Koh warned that in this realm, Singapore's vulnerabilities are no different from those of any other nation. 'Train systems can be disrupted, power plants, water systems. It will move to a new dimension, where you will encounter real world harms that will affect all of us,' he said. Mr Koh, who is also the country's first Commissioner of Cybersecurity, holds legal authority to investigate cyber threats and incidents, ensuring the continuity of essential services during cyber attacks. 'W hen we first started, the majority of threats were straightforward – web face defacements, DDoS (Distributed Denial of Service) attacks. They were a bit more like digital graffiti,' said t he former defence specialist in the armed forces, who has been CSA's chief executive from its founding 10 years ago. July 18 marks its 10th anniversary. These threats have grown in complexities as the economy grew more interconnected through the use of digital services. That meant the agency had to extend its umbrella, working with the private sector, to cover the man on the street. For instance, in 2024, the agency partnered Google to launch Google Play Protect, which blocks malicious apps once detected. Google has since introduced the feature to countries such as Brazil, India, South Africa, Philippines, Thailand and Hong Kong. Top stories Swipe. Select. Stay informed. World Trump diagnosed with vein condition causing leg swelling: White House World Trump was diagnosed with chronic venous insufficiency. What is it? Singapore 5 foreigners charged over scheme to deliberately get arrested in S'pore to sell sex drugs here Asia Appointment of Malaysia's new chief justice eases controversy over vacant top judge seats for now Singapore Driverless bus in Sentosa gets green light to run without safety officer in first for S'pore Singapore SPCA appoints Walter Leong as new executive director World US strikes destroyed only one of three Iranian nuclear sites, says new report Business Granddaughter of late Indonesian tycoon pays $25 million for Singapore bungalow Mr Koh said that such a partnership would have been unimaginable 10 years ago. Today, besides chairing the United Nations' Open-ended Working Group on cybersecurity, Singapore is also passing on its knowledge to Asean neighbors and countries such as Japan , which is in the process of passing cybersecurity laws . 'It is in Singapore's interest to support the international rules-based system, not just physical trade, but goods and services are increasingly also being transacted digitally,' he said. Countries justifiably want control of their national security, and have different tolerance levels for personal data sharing, he said, noting that interoperability can still be achieved. Singapore, Britain, Germany and Australia also co-lead the International Counter Ransomware Initiative. Singapore businesses, despite CSA advice to refuse ransomware demands, routinely cave in, according to surveys. High-profile cases in 2024 included law firm Shook Lin & Bok, the Jumbo Group and Mustafa. Recent polls by global security services firms Bitdefender and Sophos found that firms here are more likely than their global peers to keep silent on security breaches, pay up and less likely to negotiate amounts. But there are no plans to legislate ransomware reporting, which is now voluntary. 'Cybersecurity, ultimately, is a risk management issue. It is not possible for us to mandate a standard of cybersecurity for everybody. It's not a one-size-fits-all,' he said. Instead, the CSA hopes to raise reporting by working with the Singapore Business Federation to offer help to victims. With 70 per cent of companies that support the country's essential services coming from the private sector, the CSA has over the years, evolved to assist businesses on security issues and working on training and professional standards. From about 70 employees when it was started, the outfit has since grown to a headcount of around 500. Singapore was one of the first countries to establish a cybersecurity agency and one of the first to have a Cybersecurity Act, which was enacted in 2018. The US, Britain, France, Australia were other leaders in the domain then. The agency's sphere now includes scams, national threats, cyber security certifications and data security, which it works on with other government agencies, businesses and institutes of education and training. Singapore's cyber maturity ranks well compared with many countries, but the issue is how it compares with a determined attacker, he said, urging Singaporeans to play a part. 'The weakest link can be the company that doesn't patch its software, uses weak passwords, or the supplier in the supply chain who makes a mistake, who doesn't take cybersecurity seriously. It could be the employee who clicks on the phishing email, or the individual customer who comes in and has unsafe practices.' Sometimes, extra security comes with friction. 'You need to recognise that this is a trade-off between convenience and security. Sometimes, it also translates into a little bit more cost. We must be willing to pay this cost.'
Straits Times
6 days ago
- Business
- Straits Times
OCBC to work with local varsities to boost fraud detection, data security using quantum tech
Find out what's new on ST website and app. SINGAPORE - OCBC Bank is working with three local universities to tap the enhanced computational power of quantum computers to strengthen real-time fraud detection and better secure data against new threats. They are the National University of Singapore (NUS), Nanyang Technological University, Singapore (NTU Singapore) and Singapore Management University (SMU). Under their 12-month long research collaborations inked on July 17, OCBC will also be harnessing quantum algorithms to perform derivative pricing, the process of determining the value of equity derivative products such as options, futures and swaps. These collaborations are a step in the right direction as quantum is no longer just an exciting possibility, said the Ministry of Digital Development and Information's chief quantum advisor David Koh. He said that the technology will be able to solve problems that are considered impossible with traditional classical computing systems. 'For OCBC, potentially, it can optimise financial instruments,' said Mr Koh, who is also chief executive of Cyber Security Agency of Singapore. For others, it can solve complex logistic problems, accelerate drug discovery, discover new material and enhance security against increasing cyber threats, he added. Top stories Swipe. Select. Stay informed. Singapore Fatal abuse of Myanmar maid in Bishan: Traffic Police officer sentenced to 10 years' jail Singapore Care model to improve trauma outcome in central S'pore fashioned after 'bicycle wheel' Singapore HSA launches anti-vaping checks near 5 institutes of higher learning Singapore Kpod vapes, zombie kids: Why it's time to raise the alarm Life 11 new entries on Singapore's Bib Gourmand list, including three re-entries at Old Airport Road Singapore 15 under police probe for sharing Singpass credentials used in scams Singapore NEA monitoring E. coli at Sentosa beaches after elevated bacteria levels delay World Aquatics events Life First look at the new Singapore Oceanarium at Resorts World Sentosa 'If we can do this well, we will have a quantum ecosystem that offers our businesses a global competitive edge in a next-generation digital hub.' A total of $700 million has been committed to the research and development of quantum technology by Singapore authorities since 2002. In, 2024 OCBC started training employees in quantum computing - including proficiencies in quantum applications, programming and security measures. Some of the 50 OCBC employees that have been trained so far will be involved in the research collaborations. The researches will involve working with the National University of Singapore's Centre of Quantum Technologies (CQT) to speed up Monte Carlo simulations, a technique widely used in financial derivative pricing. Derivatives are contracts between two parties which value depends on various market scenarios, said NUS' assistant professor Patrick Rebentrost. To get a fair value, banks would have to get an average from simulating many market conditions. 'To simplify, a classical computer would need to simulate a million different scenarios, while a quantum computer would only need to simulate a thousand scenarios to get the same result,' said Prof Rebentrost, a principal investigator at CQT. To speed up accurate fraud detection, OCBC will work with SMU to apply quantum machine learning techniques to analyse complex and unstructured data to pick up patterns and anomalies that are indicative of fraudulent activity. As quantum technology evolves, it also risks leaving current encryption technology outdated. Thus, OCBC will also work with NTU to strengthen cryptography techniques. 'At NTU, we are using our expertise in post-quantum cryptography to develop solutions that can withstand next generation cyber attacks,' said Prof Wang Huaxiong, director of NTU's Strategic Centre for Research in Privacy-Preserving Technologies and Systems. Findings from these collaborations will be published in research papers and journals, which aims help any organisation seeking to adopt quantum technology, said Mr Peter Koh, OCBC's head of group technology architecture. 'With this knowledge, hopefully they can catch up.'
Singapore Law Watch
03-07-2025
- Singapore Law Watch
3 out of 4 in Singapore cannot identify deepfake content: Cyber Security Agency survey
3 out of 4 in Singapore cannot identify deepfake content: Cyber Security Agency survey Source: Straits Times Article Date: 03 Jul 2025 Author: Sarah Koh The prevalence of generative AI tools has made it easier to create fake content to scam unsuspecting victims. Only one in four people here can distinguish between deepfake and legitimate videos, even though a majority say they are confident they can do so. This is one of the key findings of a survey released on July 2 by the Cyber Security Agency of Singapore (CSA). Questions related to deepfakes were included for the first time in the 2024 edition of the Cybersecurity Public Awareness Survey, given the prevalence of generative artificial intelligence (AI) tools that make it easier to create fake content to scam unsuspecting victims. A total of 1,050 respondents aged 15 and above were polled in October 2024 on their attitude towards issues such as cyber incidents and mobile security, and adoption of cyber-hygiene practices. Nearly 80 per cent said they were confident about identifying deepfakes, citing telltale signs such as suspicious content and unsynchronised lip movements. But only a quarter of respondents could correctly distinguish between deepfake and legitimate videos when they were put to the test. 'With cyber criminals constantly devising new scam tactics, we need to be vigilant, and make it harder for them to scam us,' said CSA's chief executive David Koh. 'Always stop and check with trusted sources before taking any action, so that we can protect what is precious to us.' Compared with the previous iteration of the survey conducted in 2022, more people knew what phishing is. When respondents were presented with a mix of phishing and legitimate content, 66 per cent were able to identify all phishing content, an increase from 38 per cent in 2022. But only 13 per cent of the respondents were able to correctly distinguish between all phishing and legitimate content, a drop from 24 per cent in 2022. While such trends are concerning, they are not unexpected, said Mr Vladimir Kalugin, operational director of cyber-security firm Group-IB's unified products. 'This reflects the growing sophistication of scam tactics – for example, attackers now use AI to spoof well-known brands better and faster, adopt perfect grammar and mimic multi-factor prompts,' he said. Fake phone numbers, stolen accounts of real individuals, and deepfakes of celebrities and politicians are often used, enhancing the trustworthiness of malicious links, he added. 'As the fake looks more like the real, even a more aware public faces greater difficulty making that final call.' Mr Kalugin added that the growing inability to tell genuine messages from fake ones is eroding digital trust, which causes daily minute decisions such as clicking links and paying bills to slow down or stop entirely. This threatens the efficiency of online services and digital economy goals. According to the 2024 survey, there has been an increase in the installation of cyber-security apps and the adoption of two-factor authentication (2FA) over the years. More respondents had installed security apps in 2024, with 63 per cent having at least one app installed, up from 50 per cent in 2022. The adoption of 2FA across all online accounts and apps also increased from 35 per cent in 2022 to 41 per cent in 2024. Though 36 per cent of respondents in 2024 accepted their mobile devices' updates immediately, 32 per cent preferred to update later. Those who chose not to update their devices remained low, at 3 per cent, down from 4 per cent in 2022. Updates contain important fixes that address weaknesses in software and apps. Around a quarter of respondents in the 2024 survey said they had been hit with at least one cyber incident, a slight drop from 30 per cent in 2022. There was also a drop in the percentage of respondents who perceived that their devices were likely to be compromised by viruses or malware, from 60 per cent in 2022 to 57 per cent in 2024. Nearly 40 per cent of people perceived themselves as being at risk of falling for online scams, down from 43 per cent in 2022. About half of respondents expressed moderate to extreme concern about their Internet of Things (IoT) devices being hacked, but only 27 per cent said they knew how to secure such devices. Still, among 870 respondents who owned or used IoT devices, 47 per cent had changed their default password settings, up from 38 per cent in 2022. More users also installed software and device updates promptly, up from 31 per cent in 2022 to 43 per cent in 2024. CSA will be launching its sixth National Cybersecurity Campaign in September to build on existing outreach efforts. 'With insights gathered from the 2024 survey, the new campaign will highlight the importance of cyber-security practices such as installing security apps, enabling 2FA and updating software regularly,' said CSA. 'The campaign will also comprise roadshows, corporate partnerships and talks, with posters and videos running on various social media and out-of-home platforms.' Source: The Straits Times © SPH Media Limited. Permission required for reproduction. Print 109
The Star
02-07-2025
- The Star
Three in four in Singapore not able to identify deepfake content: Cyber Security Agency survey
SINGAPORE: Only one in four people here are able to distinguish between deepfake and legitimate videos, even though a majority said they are confident in identifying deepfake content. This is one of the key findings of a survey released on July 2 by the Cyber Security Agency (CSA) of Singapore. Questions related to deepfakes are new in the Cybersecurity Awareness Survey 2024 given the prevalence of generative artificial intelligence tools that make it easier to create fake content to scam unsuspecting victims. Overall, 1,050 respondents aged 15 and above were polled in October 2024 on their attitude towards issues such as cyber incidents and mobile security, and adoption of cyber hygiene practices. Nearly 80 per cent said they are confident in identifying deepfakes, citing telltale signs such as suspicious content and unsynchronised lip movements. However, only a quarter of them could correctly distinguish between deepfake and legitimate videos when they were put to the test. 'With cyber criminals constantly devising new scam tactics, we need to be vigilant, and make it harder for them to scam us,' said CSA's chief executive David Koh. 'Always stop and check with trusted sources before taking any action, so that we can protect what is precious to us.' Compared with an earlier survey conducted in 2022, more people know what phishing is. But when tested on their ability to distinguish between phishing and legitimate content, only 13 per cent of the respondents were able to correctly identify them, a drop from 24 per cent in 2022. There has been an increase in the installation of cybersecurity apps and adoption of two-factor authentication (2FA) over the years. More respondents have installed security apps in 2024, with 63 per cent having at least one app installed, up from 50 per cent in 2022. The adoption of 2FA across all online accounts and apps also increased from 35 per cent in 2022 to 41 per cent in 2024. Though 36 per cent of respondents in 2024 accepted their mobile devices' updates immediately, 32 per cent preferred to continue using their devices and update later. Those who choose not to update their devices remained low at three per cent, down from four per cent in 2022. Around one quarter of respondents in the 2024 survey said they have been hit with at least one cyber incident, a slight drop from 30 per cent in 2022. There was also a drop in percentage of respondents who perceived that their devices were likely to be compromised by virus or malware, from 60 per cent in 2022 to 57 per cent in 2024. Nearly 40 per cent of people perceived themselves as being at risk of falling for online scams, down from 43 per cent in 2022. - The Straits Times/ANN
