6 lessons to learn from SingHealth’s cybersecurity breach
Earlier this year, Singapore suffered its most serious cybersecurity breach at SingHealth. The underlying reasons that led to this catastrophe?
Shoddy passwords and a delayed approach to updating employee workstations. Over a million SingHealth patients fell prey to a dangerous personal data breach in addition to sensitive outpatient data.
In other words, the cyber attack was successful – and SingHealth paid dearly for it.
We’ve extracted 10 crucial lessons from this incident, making SingHealth’s mishap a true cautionary tale to those who take cybersecurity lightly.
Exploiting weakness and tardiness: Lessons from SingHealth’s cybersecurity breach
Let’s define the term “cybersecurity” right down to its bones. Merriam Webster provides the following definition:
“Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.”
Think of it like locking your gate every time you leave home. While not quite the same thing, a locked gate is a better deterrent to break-ins than negligence.
And unfortunate as the SingHealth breach might have been, it’s a timely reminder of the following lessons in cybersecurity.
1. Predictable passwords are weak passwords
According to news sources, one of the reasons why SingHealth was exposed to this insane data breach was due to weak password usage.
One of SingHealth’s local administrator accounts functioned with the password, “P@ssword”… which is about as tough to crack as you can imagine.
You might think to yourself, “No one’s ever going to guess my password – what are the chances?” Well, think again.
Hackers are not only equipped with fast brains and faster fingers – they also have software to help them dig through predictable password variants. Start using tougher passwords – you’ll be glad you did.
2. Crucial firmware and software updates can’t be missed
Ever put off installing Windows updates or updating certain programs and software on your PC?
You might not want to procrastinate again after learning that SingHealth fell prey to the data breach because of neglecting to update local workstations.
What’s a bit of time set aside, twiddling thumbs, while you wait for a software update compared to having sensitive, personal data compromised?
SingHealth’s folly came when local staff put off patching Microsoft Outlook, which could have defended them against a hacking tool used on an end-user workstation.
3. There are big threats, and then there are bigger threats
It’s important not to underestimate the severity of cyber attacks and malicious software out there. You might think you’re adequately protected, but there’s always something new that will dominate your defenses.
Technology is an ever-changing, ever-evolving force, and you can be sure that hacking capabilities grow as sure as your security measures improve as well.
4. Hacking tools are widespread on the Internet
And hackers out there are always in possession of arsenal in the form of advanced hacking tools and malicious software.
It’s better to be vigilant than complacent, and this awareness needs to be passed on to your tech team and security experts. Even frontline staff and non-tech employees should be educated on the dangers of cybersecurity weakness.
It’s time to get your people to stop resting on their laurels and help them become more alert.
5. Competent engineers and developers need to be onboard
Coding vulnerabilities and weaknesses were detected in SingHealth’s security infrastructure as well, and that too led to the unfortunate data breach and hack earlier this year.
It falls to employers and technical leads to arm their organisations with competent and skilled engineers and developers. Without them, you leave your door wide open to malware and more.
It’s time to start hiring smart and putting a tough team into place that’ll make any hacker’s life difficult.
6. Network protection and security is paramount to any organisation
One of the most important aspects of your digital infrastructure to protect is the organisational network. Once an open door is detected in your internal network, it might be difficult to flush out the hack or breach.
Weak networks are bad networks – SingHealth probably knows this best. Once a workstation was exploited and hacked into, it led to a domino effect that resulted in the exposure of millions’ personal data.
SingHealth’s case should serve as a huge, timely reminder to everyone who thinks cybersecurity doesn’t require effort in maintenance or the time of day.
As your business grows larger, you’ll surely see an increase in the collection of sensitive data. Whether it’s data on your customer base or your employees and CEOs, protection and security are things you can’t do without.
Putting together competent and vigilant tech teams will ensure your company isn’t exposed or vulnerable.
It’s time to dial up our efforts to protect ourselves from hackers and their malicious cyber attacks. As the saying goes, “Better safe than sorry.”