Singapore government must realise human error also a security breach


Eileen Yu, for By The Way at ZDNet wrote: "A recent data breach has highlighted a need for the Singapore government to realise human errors are cybersecurity risks that need to be addressed, and not simply dismissed as mistakes that carry little threat to an organisation's network. The incident exposes a mindset within the public sector that, if left to fester, will put citizens at higher risk and erode public trust in the government's ability to safeguard their personal data. 

"Last week, a folder containing personal data of 6,541 individuals was "inadvertently" sent via email to several parties, according to the Singapore Accountancy Commission (SAC), a statutory body under the Ministry of Finance.

"The error was discovered only months after the first email was sent, when an email protection tool--implemented in October as part of a government-wide deployment--triggered an alert. The incident exposed personal details such as names, national identification number, date of birth, and employment information. 

"The data was sent out in multiple email messages between June 12 and October 22 this year to 22 organisations, all of which were later asked to delete the data folder as well as ascertain whether the folder had been forwarded to other parties. The SAC, however, did not disclose if, and how many, other parties had received or accessed the data. 

"Asked about further remediation since the incident had been highlighted as a security risk, SAC's chief executive Evan Law told ZDNet in an email: 'Sending out this administrative email is not a security risk as it was by mistake that a staff attached the data file.'

"And asked what efforts the commission was making to ascertain if the personal data had been published online or sold on the dark web, Law replied that all primary and secondary recipients already had provided an official statement to SAC via email, stating that they deleted folder and had not forwarded the folder."

This is an interesting story, and only shows that we still have a long way to go worldwide in understanding that the human is the last line of defense and at the same time the weak link in IT security, unless they are stepped through new-school security awareness training. KnowBe4 has an office in Singapore and we are glad to help. 

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews