Singapore government sees rise in security incidents amid increased data sharing
Singapore's public sector recorded a 2% climb in the number of data security incidents this past year, which the government attributes to digital transformation efforts and an increase in data-sharing among its agencies.
Singapore's public sector clocked a 2% climb in data security incidents, likely fueled by continuing digital transformation and increased data-sharing among its agencies.
There were 182 data incidents in the government's fiscal year 2022, ended 31 March 2023, compared to 178 last year. None of these were deemed severe or posed any significant impact on the affected agency or individuals, noted the Smart Nation and Digital Government Office (SNDGO) in its annual update of the government's data protection efforts.
The number of incidents categorized as medium in severity dropped from 52 to 46 in fiscal year 2022, according to the report.
The 2% climb in data incidents likely was due to the acceleration of data-sharing among government agencies as the sector moved ahead with its digital transformation efforts, SNDGO said. It attributed the "low" increase to improved awareness among public service officers regarding the need to protect data and report all data incidents.
As part of various initiatives to bolster its data security practices, the Singapore government in March introduced a privacy toolkit that enables its officers to apply "privacy enhancing techniques" to datasets, while retaining the data's value.
The self-service portal allows data to be shared within as well as outside the public sector more quickly in a secure manner while mitigating the risk of data leaks from sharing datasets, SNDGO said. The toolkit currently is used by more than 80 government agencies, it said.
During the fiscal year, the government also completed the deployment of technical measures to improve the logging and monitoring of data transactions, which would help detect high-risk or suspicious activities. For example, a data loss protection tool was implemented on all government laptops to prevent accidental loss or unauthorized disclosure of sensitive data from government networks, systems, and devices.
Two initiatives are ongoing and slated to be completed by the next fiscal year, including efforts to reduce the government's surface attack area by minimizing data collection, data retention, data access, and data downloads. Measures also are being put in place to safeguard data directly when it is stored and distributed, so the data is unusable even if extracted, SNDGO said.
In addition, a central account management application will continue to be rolled out to eligible government IT systems, which will strengthen account management and user access rights. Some 63% of such IT systems are running on the central management platform, as of April 1, 2023.
The Singapore government, though, recognizes it is impossible to completely eliminate data incidents and is focused on being able to respond swiftly to data incidents, according to SNDGO. To this end, the government conducted its annual central ICT and data incident management exercise involving 24 agencies across five ministries. This aims to build the government's competency in data incident response.