Chen Kin Siong and Jonathan Phua were senior DSO employees when they decided to quit and startup. Opting to stay loan free, they bootstrapped the business with just their savings.
The pair had to take major pay cuts (they now make less than 50% their salaries), but both felt they could no longer ignore the flaws in Singapore’s cybersecurity landscape. Companies simply weren’t getting the expertise they needed.
And so in 2015, they decided to co-found InsiderSecurity.
When they first brought up the idea, an ex-colleague called him brave to quit his job, Phua says.
“It had nothing to do with bravery, I am just scared of waking up one day 30 years later and regretting not starting up.”
“Also, I could have misheard… maybe my colleague said foolish instead of brave,” he laughs.
Connecting With Cybersecurity
Chen had an early passion for computers, and is self-taught from books and online guides.
While in secondary school, he wrote a paper on the local computer security landscape. This paper ended up securing him multiple job offers, and companies didn’t realise he was still a student. His interest was further fuelled while working for the Ministry of Defence, acquiring skills to reverse-engineer malware and identify attacks.
Co-founder Phua was a programming geek who picked up cybersecurity late. It was only after he became a DSO computer scientist that he became aware of the possibilities.
Today, their team offers B2B cybersecurity solutions but their future is in the public. The goal, “building an ecosystem to train a bigger team of online defenders”.
The dream may sound lofty, but the team has already made notable accomplishments.
“Our algorithms discovered that thousands of devices, likely consumer ones, in Singapore had been hijacked. People had their web access rented out without their knowledge.”
These devices can become means to deliver crippling attacks on IT infrastructure (botnet hacks), and the team reported it to the Cyber Security Agency of Singapore (CSA).
“That was when we realised we were building something special,” says Phua.
The Cost, Or Value, In Cyber Crime
In cybersecurity economics, it’s a lot easier and cheaper to attack rather than defend.
An attacker only has to find a single weakness in the system, but a defender has to ensure every weakness is secured. Cybercrime is actually a lucrative career, fuelled by the increasing digitisation of our lives.
“A long time ago, people hacked for fame and to brag. Nowadays, a crime syndicate can earn millions or hundreds of millions.”
“In countries with young, educated talents but not enough, or only low-paying jobs, cyber-crime may be a serious career. Using crypto-currencies like Bitcoin, criminals can also hide the money trail.”
Conversely, cybersecurity has not caught up.
“This creates a rich hunting ground for hackers.”
Cyber Hygiene In Singapore
Cyber hygiene refers to cybersecurity awareness, and the men agree that the local government is “moving in the right direction” with it.
However, it remains an area of irony, Phua continues.
Cybercrime can employ sophisticated technology, but the really effective ones are low-tech attacks such as phishing emails and weak passwords.
“The best tech can’t protect people from themselves. Cyber hygiene, as boring as it is, has an important role to play,” he iterates.
Thoughts On The New SAF Unit?
Phua calls the new unit timely. While it helps our national defence, the NSmen might pursue careers in cybersecurity – a solution to our manpower shortage.
However, he concedes that it might not be enough.
“People need to be motivated to do their own learning. Threats and tech move so fast, what you learn might become obsolete.”
Perhaps the cyber unit can offer training for credit for relevant university courses, he suggests, so people can save time on semesters.
“But this may attract the wrong kind of people to apply for the NS cyber unit hahaha!”
Co-founder Chen reveals that he was a part of the original cybersecurity team, COSMIC and SAFCert (information here). While he was not able to comment on the new unit, he muses that it represents a “big step forward” in recognising the important of cyber defence and recruitment.
Security Tips For The Regular Singaporean
I ended off the interview by asking them for tips for the average Singaporean, whereupon they replied, “there are really too many.”
The best is to configure the account recovery phone number for Gmail or other web accounts.
“I’ve seen a few cases where a friend’s Gmail was hacked and the account could not be recovered as Google was unable to verify the friend as the true owner.”
“The cloud providers serve millions, so they won’t give you a personal customer service (unless you are the President or Bill Gates), so if you haven’t set it, do it now!”
Featured Image Credit: InsiderSecurity