The Straits Times has recently reported that data on 70,000 members of the island’s Securities Investors Association (SIA) were stolen five years ago with the association and its victims only informed about this breach last week. If the SingHealth data hack had not occurred, would this SIA breach ever see the light of day? If the details of the Prime Minister of Singapore were not affected, would it ever have been noticed and revealed?
When asked about the SIA incident, Deputy director of the Singapore Computer Emergency Response Team (Singcert), Ms Goh Yan Kim, stated that this incident was completely unrelated to the SingHealth incident as SIA is not a public sector agency or Critical Information Infrastructure. But that’s not really answering the question is it? It could still be the same people hacking into the systems? It could also be that the government would have taken more steps to protect its data if this incident had been made public back in 2013. It is also shockingly appalling that the victims of the SIA hack were only informed about their stolen data 5 years later! What has Singcert been doing all this while? Are they overworked, under-resourced or sleeping on the job?
Are there even more hacking incidences waiting to be discovered? Now that hacking is not just confined to the health sector or the public sector, to what extent is the rest of our data in other sectors safe?
Given that Singapore prides efficiency above all else, have we been too focused on ticking the checklists rather than reviewing the checklists for relevancy? In declaring arbitrary deadlines for new projects, are we crossing all the Ts and dotting all the Is?
Given that Singapore has publicly declared its desire to be a smart city and pumped large sums of money into developing these industries, I wonder if we have given ourselves enough time to consider the risks and vulnerabilities. Did we grow too big too fast? Do we have enough skilled IT security employees? Are Singcert’s current employees up to scratch? How can 70000 individuals have their data illegally accessed without drawing the attention of anyone for 5 years? That is as preposterous as it is scary.
The government has been criticised as complacent but perhaps this complacency permeates all areas of Singapore. We blindly trust the system trusting it to be fail safe even though the world has changed. If anything, this hacking saga is a wake up call to the entire foundation of how we do things. Focus less on getting things done fast and more on doing things thoroughly and right.