If a company’s data was locked up by cyber attackers, what should its first response be? Facing extended disruption to operations, should it pay the ransom or quickly alert its customers and the authorities?
These were some of the questions posed to Singapore company directors in a couple of workshops conducted today by Ensign InfoSecurity to train these leaders to better respond to cyber crises.
The 90-minute workshops are part of an effort started today by the Singapore-based cybersecurity company and the Singapore Institute of Directors (SID) to help the leaders think through critical decisions during a real cyberattack to make their organisations more resilient.
The aim is to train 1,000 board members by 2028 through these workshops, which include a simulated scenario based on a real case as well as a live demo to show how easy it is for a hacker to access a victim’s computer.
In today’s workshop, where the media were invited to observe, Ensign InfoSecurity took participants through a potential scenario where a Singapore-based manufacturer was hit by a ransomware attack.
In the simulation, hackers had exploited a vulnerability in the virtual private networking (VPN) software to steal 70GB of data and encrypt it. In 72 hours, the company had to pay up US$1.5 million in Bitcoin or have its data exposed.
Today’s attendees had to consider how long operations would be disrupted and face pressure from the public as well as customers and shareholders demanding updates. At risk, too, was the potential embarrassment from leaked data.
“There are no perfect answers,” said Lim Minhan, executive vice-president of consulting at Ensign InfoSecurity, because each business would have to best find a way that meets its needs and priorities.
Nonetheless, it is important to be prepared for an attack even as the fog of war often makes it hard to find a good way forward, he explained, drawing from experience consulting other organisations that had been hit by cyberattacks.
Unlike training for C-level management, which often include a lot more detailed and technical discussions, the workshops for board members give a big-picture understanding of today’s threats and offer ideas to respond effectively.
Board members have to be mindful of the governance roles they play and consider the long-term impact of a cyber attack, such as operational and reputational risk, said Terence Quek, the chief executive officer of SID.
While Ensign InfoSecurity focused on ransomware today, it also pointed out state actors are responsible for 40 per cent of attacks in Asia-Pacific – a crucial trend that is becoming alarming.
The company, owned by Singapore’s state investment firm Temasek Holdings and telecom operator StarHub, is helping to investigate a recent cyberattack on Singapore’s critical infrastructure by a China-linked hacker group called UNC3886.
Asked what state actors would typically look for in their espionage efforts, Lim would only say that many “pre-position” themselves in an environment to be ready to disrupt critical infrastructure when needed in future. “Their interest is to stay hidden for a long time.”
