When much of the world was forced to stay home and work remotely amid the COVID-19 health crisis, it felt as though our lives pretty much moved online. And it is here that we meet a pandemic in another form: cyber crimes. As the usage of video conferencing apps boomed, cyber criminals moved fast to cash in on the popularity of these apps. Zoom, one of the most widely-used video conferencing tool in recent times, has seen its security and privacy issues snowball at an alarming speed. In January 2020, Google registered 149,000 active phishing websites. In February, the number nearly doubled to 293,000. The following month, it increased to 522,000 – a 350 per cent increase since January.¹
Around the world, authorities have also issued warnings of malicious cyber activities that are leveraging on the COVID-19 situation – from cryptojacking² to messages disguised as official notifications relating to the new virus³, and even hacking attempts on coronavirus vaccine research data⁴. The COVID-19 crisis has resulted in digital adoption at an unprecedented speed. Recent data by McKinsey⁵ showed that in just eight weeks, consumer and business digital adoption clocked five years’ worth of progress. Companies have never seen such an urgent need to digitalise overnight to keep their businesses running, and at the same time, cyber criminals are quick to jump on the opportunities they see and use the pandemic to their advantage.
But what makes the situation even more worrying, is the sustained and severe shortage of cybersecurity professionals.
The International Information System Security Certification Consortium (ISC)² pointed out that the global IT security skills shortage has surpassed four million⁶, with a staggering 2.6 million shortfall in the Asia Pacific region. This means that the global cybersecurity workforce would need to grow 145 per cent to meet the demand and close this gap.
Singapore itself faces an estimated talent shortage of up to 3,400 cybersecurity professionals in 2020, according to the
Cyber Security Agency of Singapore (CSA). This mismatch in jobs and skills is a risk inherently bound to the country’s push towards a Smart Nation agenda – of whch cybersecurity has been identified as a critical enabler.⁷ As cyber threats evolve to become more sophisticated and advanced – and with more severe consequences – cybersecurity professionals will have to constantly upgrade their skills to remain relevant.
Training as part of cybersecurity strategy
Since 2009, NUS-ISS has been in partnership with (ISC)², providing cybersecurity certifications under its suite of courses that are aligned with the National Infocomm Competency Framework (NICF). Currently, the institute is the only official training partner for (ISC)² in Singapore.
The three certifications that NUS-ISS offers – namely, the Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), and Certified Cloud Security Professional (CCSP) – were designed to equip cybersecurity professionals with an understanding of the threats that potentially affect the businesses and functions within their organisations. The (ISC)² constantly reviews and updates its common body of knowledge (CBK) to reflect the changes that are happening in the security landscape. This ensures that the curriculum is able to meet the needs of the professionals as well as the industry.
However, as businesses move to digitalise every aspect of their workflow, these threats no longer only concern the cybersecurity team. “Given the current landscape of security threat, the know-how and application of security controls must go beyond the cybersecurity team,” Ng Kok Leong, Senior Lecturer & Consultant, Digital Strategy & Leadership Practice stressed. Ensuring that every ICT professional and engineer has sufficient training of cyber risks and security controls therefore becomes an important aspect of an organisation’s cybersecurity strategy.
(ISC)² SSCP: Opening doors to the world of cybersecurity
NUS-ISS is launching the (ISC)² Systems Security Certified Practitioner (SSCP) – a globally recognised information security certification for for IT administrators, managers and network security professionals who are responsible for the hands-on operational security of their organisation’s critical assets. “(ISC)² SSCP addresses professionals who are fairly new to the field of information security, or do not have security as their primary job responsibility,” explained Kok Leong. On the importance of equipping ICT professionals with cybersecurity knowledge, Kok Leong added, “It is imperative that everyone in an organisation knows how to operate an IT environment in a secure manner. After all, they are the ones closer to their work – the code they write, the system/network they configure and the infrastructure they operate.”
Clayton Jones, managing director, Asia-Pacific, (ISC)² said, "A safe and secure cyber world will require dedicated and talented professionals that are engaged and skilled. Together with our long-time partner, NUS-ISS, we look forward to sharing our experience and resources through the globally recognised SSCP programme."
Mr Khoong Chan Meng, CEO of Institute of Systems Science (ISS) at NUS, said, "Cyber security skills are absolutely critical for any digitalisation initiative. In our mission to develop digital talent, we are actively helping our industry to address cybersecurity talent shortages and skills gaps. We are pleased to add SSCP to our suite of cybersecurity programmes, in partnership with (ISC)2. I am confident that the proven SSCP programme will provide participants with the springboard to contribute impactfully in the digital economy."
The COVID-19 crisis has created a lasting impact on the way we live, work and use technology. While it accelerated technological adoption at a rate that was previously unimaginable, it also expanded the surface area for cyber threats to happen – and organisations now have to make sure their security can keep up.
Find out more about the (ISC)² SSCP programme here
_____________________________________________________________________
¹Radoini Adil. "Cyber-crime during the COVID-19 Pandemic." unicri.it , United Nations Interregional Crime and Justice Research Institute. 11 May 2020. Web. 11 June 2020.
²Baharudin Hariz. "Spike in attempts to hijack computers for cryptocurrency mining: Cyber-security firm". Straitstimes.com, 3 June 2020. Web. 11 June 2020.
³The Cyber Security Agency of Singapore (CSA). "Malicious Cyber Activities Leveraging COVID-19 Situation". csa.gov.sg. 13 Feb 2020. Web. 11 June 2020.
⁴Breuninger Kevin, Stankiewicz Kevin, Macias Amanda. "China-linked hackers are targeting US coronavirus vaccine research, FBI warns." cnbc.com. 13 May 2020. 12 June 2020.
⁵Baig Aamer, Hall Bryce, Jenkins Paul, Lamarre Eric, McCarthy Brian. "The COVID-19 recovery will be digital: A plan for the first 90 days". Mckinsey.com. 14 May 2020. Web. 12 June 2020.
⁶(ISC)². "Cybersecurity Workforce Study 2019". isc2.org. 2019. Web. 13 June 2020.
⁷Tham Irene. "Government e-services will not be affected by move to delink Internet access: Cyber Security Agency chief". Straitstimes.com. 9 June 2020. Web. 13 June 2020.