Search for:

With increased cyber threats arising from the invasion of Ukraine by Russia, organisations are encouraged to bolster cyber defences to protect their devices, networks and systems.

In brief

The Singapore Computer Emergency Response Team (SingCERT), set up by the Cyber Security Agency of Singapore to facilitate the detection, resolution and prevention of cybersecurity-related incidents on the internet, has issued a list of measures that organisations should adopt to ensure proper cyber hygiene controls are in place and operating correctly.

SingCERT’s advisory is issued on the basis of warnings of increased cyber threats globally arising from the recent cyberattacks on Ukraine and the developments in the invasion of Ukraine by Russia.

These fundamental steps, summarised below, are intended to strengthen an organisation’s defences against possible cyberattacks, such as web defacement, distributed denial of service and ransomware.


Recommended actions

To ensure fundamental cybersecurity measures are in place, SingCERT recommends the following actions:

Secure Systems and Network InfrastructureEnsure that multifactor authentication is required for all remote/privileged/administrative access to the organisation’s network.Update systems, applications and software to the latest version and download the latest security patches.Disable all ports and protocols that are not essential for business purposes.Install anti-virus software and keep the software (and its virus definition files) updated. Perform a scan of the systems and networks at least once a week and scan all received files.Implement strong access controls if using cloud services.
Monitor Network Connections and Review System Logs to Quickly Detect a Potential IntrusionEnable logging of system events to facilitate investigation of suspicious events or issues.Enable user access logging and consider using a Security Information and Event Management appliance for aggregation and monitoring of logs to maintain visibility even after logging periods.Actively review both Active Directory sign-in logs and unified audit logs for unusual activity.Closely monitor inbound and outbound network traffic for suspicious communications or data transmissions.
Prepare for Ransomware AttacksOrganisations should be on the lookout for potential ransomware attacks — one of the most common attacks conducted by threat actors. Falling victim to such attacks will adversely impact the operations and business continuity of any organisation.
Prepare Incident Response and Business Continuity PlansBack up data regularly and ensure that backups are isolated from network connections.Establish and validate an incident response and management plan.Ensure that critical business functions remain operable if the network becomes unavailable.

Source: SingCERT

Organisations with more resources available should also consider taking advanced actions recommended by the UK National Cyber Security Centre guidance, which includes:

  • Reprioritising resources and investment to accelerate cybersecurity improvement plans
  • Revisiting key risk-based decisions and validating whether the organisation is willing to continue to tolerate those risks or to invest in remediation or accept a capability reduction
  • Assessing whether it is appropriate to accept a temporary reduction in functionality (e.g., high-risk system functions such as rich data exchange from untrusted networks)
  • Taking a more aggressive approach to patching security vulnerabilities, accepting that this may have an impact on services
  • Considering delaying any significant system changes that are not security-related
  • Extending the operational hours of the organisation’s operational security team or having contingency plans in place to scale up operations quickly if a cyber incident occurs
  • Procuring threat feeds for systems that take automated action or notifications based on threat intelligence

Organisations affected by a cyberattack or have evidence of any suspicious compromise of their networks should consider reporting the incident to SingCERT, using the Cyber Incident Reporting Form.

LOGO_Wong&Leow_Singapore

© 2022 Baker & McKenzie.Wong & Leow. All rights reserved. Baker & McKenzie.Wong & Leow is incorporated with limited liability and is a member firm of Baker & McKenzie International, a global law firm with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a “principal” means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an “office” means an office of any such law firm. This may qualify as “Attorney Advertising” requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.

Author

Andy Leck is the managing principal of Baker McKenzie.Wong & Leow. Mr. Leck is recognised by the world’s leading industry and legal publications as a leader in his field. Asian Legal Business notes that he “always gives good, quick advice, [is] client-focused and has strong technical knowledge for his areas of practice”. Alongside his current role as managing principal, Mr. Leck has held several leadership positions in the Firm and externally as a leading IP practitioner. He currently serves on the International Trademark Association's Board of Directors and is a member of the Singapore Copyright Tribunal.

Author

Ken Chia is a member of the Firm’s IP Tech, International Commercial & Trade and Competition Practice Groups. He is regularly ranked as a leading TMT and competition lawyer by top legal directories, including Chambers Asia Pacific and Legal 500 Asia Pacific. Ken is an IAPP Certified International Privacy Professional (FIP, CIPP(A), CIPT, CIPM) and a fellow of the Chartered Institute of Arbitrators and the Singapore Institute of Arbitrators.

Author

Alex Toh is a senior associate in Baker McKenzie's Singapore office.

Write A Comment