Opinions

ShopBack, Razer, Grab Have Faced Data Breaches - How Can S'pore Step Up Cybersecurity?

Startups grow and expand their operations, fuelled by investor funding and government support.

However, as they scale up, more consumer data gets processed by them and cybersecurity issues creep in.

In recent months, several companies in Singapore, such as ShopBack and RedDoorz, have been the recent target of data breaches.

For online cashback platform ShopBack, the team was alerted to “unauthorised access” of its systems containing customers’ personal data “a few days ago” and initiated an investigation.

In an email to its customers on Friday (25 Sep), ShopBack said it was still confirming what data had been compromised. 

Screengrab of the ShopBack's email to its customers
Screengrab of the ShopBack’s email to its customers / Image Credit: Reddit

ShopBack also mentioned that they do not store customers’ credit card numbers and that CVV and account passwords are encrypted, but suggested that users change them as an “added precautionary measure”.

Other than ShopBack, hospitality startup RedDoorz also acknowledged on Saturday (26 Sep) that one of its IT databases suffered a breach earlier this week.

In a statement, it assured that “for now”, no sensitive data pertaining to financial information such as customer credit cards or passwords, was compromised “to the best of its knowledge”.

RedDoorz
Image Credit: RedDoorz

For Grab, a 2019 update put the data of some 21,541 GrabHitch drivers and passengers at risk of unauthorised access in what was their fourth breach of data privacy regulations over a course of two years.

On the other hand, earlier this month, the data of 100,000 Razer customers around the world too had been at risk of being accessed by the public due to a misconfigured server.

The data breach was discovered by cyber-security consultant Volodymyr Diachenko who said the server was misconfigured for public access since 18 August. He immediately notified the company via their support channel.

However, his message was processed by non-technical support managers for more than three weeks until the data was secured from public access.

Razer has not confirmed the number of customers affected nor officially released an explanation on it.

This spate of data breaches raises the question: are we not prioritising cybersecurity enough?

The Most Encountered Cybersecurity Incidents

According to a Cyber Security Agency survey, more than a quarter of Singapore’s residents suffered at least one cybersecurity lapse in the past year.

The most common cyber incidents encountered include unauthorised attempts to access online accounts (14 per cent), and the usage of online accounts to contact others without consent (10 per cent).

csa cybersecurity public awareness survey
Statistics from Cybersecurity Public Awareness Survey 2019 / Image Credit: Cyber Security Agency

Other types of cyber incidents involve changing the settings of their computers without consent (9 per cent) and having their personal data stolen as a result of a cyber incident (8 per cent).

Awareness On Cybersecurity Still Low

As phishing remained a popular way for cyber attackers to target victims, the 2019 survey also included a new section to study respondents’
understanding of phishing.

Phishing is a technique that hackers use to con you into providing your personal information or account data. Phishing emails and text messages may look like they are from a company you know or trust.

Although 66 per cent of respondents knew what phishing was, only 4 per cent could identify all the phishing emails correctly.

Example of a phishing email
Example of a phishing email / Image Credit: OCBC Bank

The survey also found out that the proportion of respondents who installed security applications in their mobile devices saw only a slight increase from 45 per cent in 2018 to 47 per cent in 2019.

This is despite 85 per cent of them indicating they understood the risks of not having these security apps, and 64 per cent saying they knew how to use them.

How To Know If You Are A Victim Of A Data Breach?

There are a couple of ways to check if your personal information has been compromised.

For one, if you are using the Google Chrome web browser, you can use the Passwords feature to check if any of your passwords has been compromised.

Under Settings, go to Passwords. Under Passwords, go to Check Passwords. A list of saved passwords on your browser will show up. If your password has been compromised, it will show. Otherwise, you are all good.

Screengrab from Google Chrome web browser

Another way is to run a free data breach report from F-Secure Identity Theft Checker by cyber security company F-Secure.

When you enter your email address, they will check their Breach Database to see if personal information tied to your email address has been exposed in known data breaches.

A report will be sent to you to outline what type of personal information of yours has been exposed to online criminals.

Even though your information was breached, you can still minimise the impact and prevent online criminals from using your personal information for profit such as changing your passwords and always using unique passwords.

Alternatively, if you have been a victim of a data breach, the organisation in question would contact those affected.

For instance, if SingHealth experienced a data breach, they would reach out to those whose data was breached to notify them.

The Cyber Security Agency said that they will be focusing on education through public platforms and also launch a masterplan later this year.

S’pore Faces The Highest Cybersecurity Risk In APAC

With a high internet adoption rate, Singapore faces the highest cybersecurity risk in APAC. Fortunately, it is also the most prepared to deal with cybersecurity in terms of policies and readiness.

Exposure to cyber attacks would increase as nations aimed to become digital economies, according to software company VMware’s senior vice president and APAC Japan general manager, Duncan Hewett.

Singapore
Image Credit: EFMD’s blog

On a national level, the worst breach of personal data in Singapore’s history is the SingHealth cyber attack in 2018, which saw PM Lee Hsien Loong on the target list.

Since 2017, cyber attacks have been on the rise in Singapore, with the breaches of SephoraAXA InsuranceUber and Red Cross, alongside the leaking of Singapore HIV data and security scares at the Ministry of Defence and Singapore Armed Forces.

According to a report by US-based cyber-security firm Carbon Black, the top three sectors here that saw evidence of malicious cyber-attack activity were travel and transport (75 per cent), F&B (73 per cent) and professional services (61 per cent).

How Digitalisation Can Result In Increased Risk

As digital natives, we are becoming increasingly comfortable with technology, and are giving away more personal data than ever despite growing risks and consequences.

A survey conducted by the Center for Data Innovation found out that 58 per cent of consumers are “willing to share their most sensitive personal data” (i.e., biometric, medical and/or location data) in return for using apps and services.

With that said, we need to be more careful about our data that we willingly hand over to companies.

With consumers putting trust in companies to manage and protect their private data, companies in turn must be well-equipped with a cybersecurity strategy.

Cyber attacks are becoming more sophisticated as perpetrators evolve with technology.

This was most prevalent in the financial services sector, with 93 per cent of the firms reporting that cyber attacks have become more sophisticated.

Digital transformation opens up new network entry points, such as cloud, social and mobile, resulting in increased and diverse risks.

Some companies have invested heavily in technology but have not yet changed their organisations to make the most of these investments.

Many are struggling to develop the talent and business processes. There is a huge challenge in hiring cybersecurity professionals due to the talent crunch.

After all, the job requires extensive industry knowledge to provide insights and advice.

As technology continues to adapt and evolve at a rate, organisations that do not evolve their cybersecurity strategies in their digital transformation projects are at risk.

Featured Image Credit: Agoda / KrAsia / Slashgear

Subscribe to Vulcan Post Newsletter

Stay updated with our weekly curated news and updates.
 
Read more about our privacy policy here.