SecureAge in the News

For press inquiries, email pr@secureage.com

SecureAge in the News

For press inquiries, email pr@secureage.com

2019

Should you pay the ransom in a ransomware attack?

Jerald Ray, COO of Secure Age, debates the merits and drawbacks of paying up when ransomware comes calling.

"The data being held hostage should never be anthropomorphised – data is not a human life.’"

Singapore makes mark on AI with Apache Singa

Outside healthcare, Apache Singa is being used by SecureAge, a Singapore-based cyber security firm, to develop deep learning models for malware detection, in a bid to improve detection accuracy and identify new strains of malware using past data."

What industry gets wrong about cyber insurance

Insurers offering cyber insurance policies have done well to present themselves as a sanctuary of reason and resourcefulness amidst the frenzy of a ransomware attack."

"There's the chance victims could see paying a ransom as an insurer's default. The decision to pay or not pay became the insurer's right to choose, based solely on claims of expediency or the recommendation of the independent incident response experts called in." 

Jerald Ray, COO of SecureAge

Effective Encryption Protects Data When it's Most Vulnerable

"An effective selection and implementation of an encryption tool has one purpose: to protect the data when it's most vulnerable, such as when it has value to a company ( i.e. when data is accessible, in motion, or in use). That’s precisely when those volume-level encryption tools stop being effective or fail altogether." 

Jerald Ray, COO of SecureAge

SecureAge’s AI-Powered APEX Anti-Malware Engine Comes Out-of-Beta for SecureAPlus Users

"The problem with traditional antivirus solutions is that they rely on a prearranged blacklist of currently known malware types to protect users, and therefore fail in catching new viruses until a user’s system has already been compromised."

"APEX was designed to perform one step ahead, using machine learning to detect malware and ransomware before they infect a user’s system, acting as a proactive deterrent rather than a reactive countermeasure."

"We hope that APEX changes the way people think about securing their data and artificial intelligence. AI is here to help people and make their lives easier. With the use of deep learning technology and big data, APEX will be able to recognize malicious patterns without relying on traditional definition updates — making it faster, lighter, and more reliable than anything else on the market."

Dr. Teow-Hin Ngair, CEO of SecureAge

Google Calendar Privacy Concerns Raised

As a result, users of various services, including Google Calendar, need simpler tools to make clear security choices."

Jerald Ray, COO of SecureAge

Applying Encryption Widely in Banking

If you look at everything from customer interface to backend of historical data, banks are having to acquire encryption in so many different forms."

Jerald Ray, COO of SecureAge

Singapore’s SecureAge eyes US market

"US is the “logical next step” in the company’s expansion, and that SecureData’s ability to protect information at rest or in-motion has been proven by customers including the Singapore government and military."

"Elsewhere in Asia, SecureData is also being used by government offices in Tokyo and Hong Kong to prevent sensitive, top-secret data from being stolen by intruders and malicious insiders."

Dr. Teow-Hin Ngair, CEO of SecureAge

“We only pre-install algorithms that have become global standards through rigorous multi-round peer reviews, such as AES 256.” 

"The launch of the US office is being undertaken with a partner company that has dedicated sales staff, as well as pre-sales and support engineers currently training on SecureAge products."

“Along with direct sales, they will work through their own resellers to identify and certify resellers nationwide while also providing a support function.”

Jerald Ray, COO of SecureAge

Singapore Adopts Stricter ID Collection Rules

“When it comes to storing digital data, tokenization and encryption are the best available solutions."

There is the potential of providing a tokenized/randomized one-time use ID number through SMS that would serve in lieu of providing an NRIC. For example, where NRIC data is legally required to be collected by hotels, a one-time use ID code or number could be generated by the NRIC-issuing body. That one-time ID number could only be confirmed by the same NRIC-issuing body at a later date, and not by the hotel which collected it to comply with the law.”

"In situations where the NRIC is used for confirmation of identity, any form of the collected data should be encrypted, ideally by a file-level encryption tool that could not only maintain the personal data in a secure state, but also allow for secure wiping/erasure of that data to comply with any reasonable or legally prescribed retention period.

Jerald Ray, COO of SecureAge

Have we learned anything from medtech security breaches?

“This is not the first time the healthcare industry has seen a breach in client information. One of the fundamental issues is that medical agencies, providers and hospitals aren’t making cybersecurity enough of a priority in general."

“This could stem from the fact that lost patient records do not really impact their business directly – and they don’t lose any money directly resulting from patient record breaches. Unless more regulations are put in place, this will continue to be a recurring issue.”

Dr. Teow-Hin Ngair, CEO of SecureAge

Why the type of data doesn't determine privacy penalties

Essentially, there should be no difference in penalty or worry based on the level of sensitivity of the personal data of others that was lost. It’s all sensitive."

"To define some data as sensitive and other as less sensitive or even innocuous is ingenuous and a fatal flaw in security policy."

"The harm to the consumers who had their personal information exposed should be the measuring stick for damages and compensation."

Jerald Ray, COO of SecureAge

Capital One Breach Highlights Shortfalls of Encryption

“Experts said there are a few likely techniques that Capital One might have applied that could have allowed a hacker to decrypt data stored in the cloud. One possibility is that the bank simply encrypted the server itself, not individual pieces of data."

"This method protects information while it is stored but does nothing to safeguard it when someone accesses the device where it is located."

Jerald Ray, COO of SecureAge

Capital One breach exposes not just data, but dangers of cloud misconfigurations

“Capital One’s claims regarding its encryption practices is weak."

"Particularly the line about, ‘unauthorized access also enabled decrypting,’ which goes against the very core function of responsible encryption practices. It’s precisely when unauthorized attempts to access data occur that encryption displays its value and worth. What’s missing here is the key, literally. What type of key was it? And who had it?"

Jerald Ray, COO of SecureAge

Equifax might owe you $125. Here's how to get it

"The Equifax data breach and settlement serves as a tragic case study of net economic loss to all but the perpetrators."

"The settlement does very little for those whose data was breached, especially when the damage will hit individuals in the future where attribution to this single breach may be impossible."

Jerald Ray, COO of SecureAge

A call to end 'warrant-proof' encryption, but where does privacy protection fit in?

"Technology has consistently removed the presumed tradeoffs of the physical world."

"The argument seeks just enough compassion or empathy from people for them to simply agree to giving up personal security for the sake of some notion of prescribed communal security,"

"Effective and responsible encryption is agnostic to the content it protects, as it should be." 

"Barr's arguments against "warrant proof" encryption fail to acknowledge that consumers' personal information are precisely the precursors to all collective actions taken by society."

Jerald Ray, COO of SecureAge

All Aboard the Digital Bandwagon: Capital 95.8FM Radio Interview

"Everyone should learn about cybersecurity. In an age where everything is digitalized, any information can be hacked and easily retrieved – one can be at risk of financial losses and damage of reputation. Hence cybersecurity is just as important as coding in this digital economy. We should all have at least a basic understanding of cybersecurity so we won’t fall for traps laid by hackers."

Dr. Teow-Hin Ngair, CEO of SecureAge

SecureAPlus Antivirus App Getting AI-Powered APEX Engine

SecureAge has announced that it is bringing an AI-powered Apex engine to its SecureAPlus application for Android. This new engine is expected to "supplement existing features for better mobile protection.

Additional levels of privacy are already available in SecureAPlus, and has noted the app's App Locker feature as an example. App Locker pre-emptively blocks access to selected applications if someone steals your phone or tries to use it without your knowledge.

Financial details of nearly 12 million patients at risk following AMCA breach

"Such events are unfortunately common within the healthcare industry due to the community not paying enough attention to cybersecurity, compared to other facets of healthcare."

"This is not the first time the healthcare industry has seen a breach in client information. One of the fundamental issues is that medical agencies, providers and hospitals aren't making cybersecurity enough of a priority in general."

"This could stem from the fact that lost patient records do not really impact their business directly — and they don't lose any money directly resulting from patient record breaches. Unless more regulations are put in place, this will continue to be a recurring issue."

Dr. Teow-Hin Ngair, CEO of SecureAge

Data Breach Affects 12M Quest Diagnostics Patients

"One of the biggest fundamental issues is that medical agencies, providers and hospitals are not making cybersecurity enough of a priority."

"This could be because losing patient records does not directly impact these organizations’ businesses."

“Unless more regulations are put in place, this will continue to be a recurring issue.”

Dr. Teow-Hin Ngair, CEO of SecureAge

Quest Diagnostics data breach – the industry sounds off

"This is not the first time the healthcare industry has seen a breach in client information."

“One of the fundamental issues is that medical agencies, providers and hospitals aren’t making cybersecurity enough of a priority in general.” 

“This could stem from the fact that lost patient records lost do not really impact their business directly – and they don’t lose any money directly resulting from patient record breaches. Unless more regulations are put in place, this will continue to be a recurring issue.”

Dr. Teow-Hin Ngair, CEO of SecureAge

SecureAge Integrates Artificial Intelligence Powered APEX Anti-Malware Engine in VirusTotal

“As part of the VirusTotal network, our priority is to champion the value that the APEX engine can bring to users in keeping them informed and protected from existing and unknown malware types.”

“We hope that this integration is also a testament to our commitment to become a major contributor to the overall cybersecurity community.”

Dr. Teow-Hin Ngair, CEO of SecureAge

VirusTotal += SecureAge

SecureAge APEX is an anti-malware scanning engine powered by artificial intelligence, designed to extend the detection capabilities of the SecureAge SecureAPlus endpoint protection platform (EPP).

The APEX engine that runs in VirusTotal targets Windows PE files; with integration into the VirusTotal ecosystem, SecureAge looks forward to further enhancing APEX's capabilities, and above that, adding value to VirusTotal's cybersecurity services.

800,000 blood donors' personal data accessed illegally and possibly stolen; police investigating

“There is nothing blood donors who may have had their information accessed can do."

"You can't change your NRIC number or date of birth, that's the unfortunate reality of the situation"

"Some of the information that was stored in the server, such as the NRIC number and date of birth of donors, is sometimes used by services such as banks and telephone companies to verify one's identity."

Dr. Teow-Hin Ngair, CEO of SecureAge

Partnership: SecureAge joins the PolySwarm ecosystem

“Polyswarm’s ecosystem provides a unique platform that allows a broader audience to access innovative detection technologies that are available in the market. This system makes it the perfect venue for the SecureAge APEX engine to flex its predictive capabilities to detect threats that non-traditional methods may otherwise miss.”

Dr. Teow-Hin Ngair, CEO of SecureAge

Expanding the boundaries of the digital workplace

Alternatively, downloads to an unmanaged device may be allowed, but only if the file is encrypted. Sample suppliers that offer transparent file-level encryption include SecureAge (SecureData). 

2019

2018

通过第三方应用程序索取双重认证系统密码 是否更安全?

“其实是蛮重要的,因为现在的社交媒体只靠密码就可以登录你的网站,所以从那个角度来讲骇客偷取了你的密码,他就可以代表你进去你的网页,改任何东西,然后发出各式各样的资料。”

“其实是没有太多的安全隐患,它没有像双重认证卡这样安全,不过还是挺安全的,像第三方的应用程序的话都是比较知名的,像谷歌这类公司发出的应用程序,其实在安全性方面还是很高的。”

“当然是你自己要保护你自己的机器,就像应用所谓的防毒软件,使骇客没办法把病毒放到你的系统里面偷取你的资料。”

倪朝兴博士, SecureAge总裁

Transcript from Simplified Chinese to English

Is it safer to request a two-factor authentication system password from a third-party application?

"It is essential. You rely only on a password to log in to your social media account. From that point of view, if the hacker steals your password, he can enter your web page on your behalf and change anything. From there, he can send out all sorts of information."

"There are not many security risks. It is not as secure as a two-factor authentication card, but it is still quite secure. For instance, well-known third-party applications such as Google, the applications that they have developed have high-security aspects."

"You will have to do your part to protect your machine, such as installing anti-virus software. This prevents hackers from putting the virus into your system to steal your data."

Dr. Teow-Hin Ngair, CEO of SecureAge

政府电子密码系统技术故障长达六小时 现已恢复运作

"主要系统如果是当机的话,至少有一个后备系统可以马上把它设置起来,最少这个服务还可以延续下去,这样用户就可以继续用这个服务,不然现在他们不能用这个服务就造成很多困扰。"

倪朝兴博士, SecureAge总裁

Transcript from Simplified Chinese to English

SingPass, CorpPass systems back online after 6 hours of downtime

"If the main system is down, there needs to be at least one backup system to set it up immediately. Users will then be able to continue using this service. Otherwise, this will cause a lot of inconveniences."

Dr. Teow-Hin Ngair, CEO of SecureAge

2018

Mediacorp Channel 8 News

通过第三方应用程序索取双重认证系统密码 是否更安全?

(Is it safer to request a two-factor authentication system password from a third-party application?)

Mediacorp 8 World

政府电子密码系统技术故障长达六小时 现已恢复运作

(SingPass, CorpPass systems back online after 6 hours of downtime)

2017

Cyber security sector gets S$16m boost in grants

“In using deep learning to study historical data on viruses and malware, his solution has an edge over the usual solutions in the market."

“The normal solutions today are quite poor in detecting malware that are newly released. Studies have shown that their detection rate on day one of new malware releases is only 5 per cent. But with deep learning, our preliminary results have shown that our solution can detect over 90 per cent of malware on day one.”

Dr. Teow-Hin Ngair, CEO of SecureAge

2016

专家建议公众应多留意网络安全 做好防范

“电信业者它们有时会供给用户一些设备,像路由器等等之类,它们应该选择一些安全性比较高的设备给他们的用户,不然的话用户就很容易受到这些黑客的侵害。”

倪朝兴博士, SecureAge总裁

Transcript from Simplified Chinese to English

Experts suggest that the public should pay more attention to network security

"Telecom operators sometimes provide users with some devices, like routers, etc. They should choose more secure devices for their users; otherwise, users will be vulnerable to these hackers."

Dr. Teow-Hin Ngair, CEO of SecureAge

2016

Mediacorp 8 World

专家建议公众应多留意网络安全 做好防范

(Experts suggest that the public should pay more attention to network security)

2014

Heck, I'm hacked?

"Scenarios like the above could happen and are difficult to detect."

"For example, if they get their hands on your SingPass and NRIC, they can see confidential information about your company. Professional hackers have the means to do so."

"These type of hacking attempts are hardly detected because you won't even know they have hit you."

"If professional hackers were to do a targeted attack on Singapore companies, I would say most of our companies here would fail."

"But the beauty of being in Singapore is that it is a small country, so we're not really on the radar of hackers."

Dr. Teow-Hin Ngair, CEO of SecureAge

逾千人SingPass疑遭人盗用 资信局同警方已彻查

“最基础的你需要有一些防病毒的软件,要安装在你的机器上面。当然还有另外一种就是,你的电脑是不是给人家拿去用等等之类,都有很大的可能。”

“像新加坡银行方面,它会给大家一个所谓一次性密码的机器,那种机器都会造成说,如果有人要破坏、盗取你的密码会比较难,因为那个密码整天都在变。” 

倪朝兴博士, SecureAge总裁

Transcript from Simplified Chinese to English

1560 SingPass user accounts breached

"The most basic you need to have an anti-virus software install on your machine. There can be another possibility, have you pass your computer to others to use it? All of these are possible."

"For instance, banks in Singapore, they will provide you a device that generates a one-time password. As the password is changing all day, it will be difficult for someone to destroy the data on your machine or steal your password."

Dr. Teow-Hin Ngair, CEO of SecureAge

The day Anonymous knocked on my door

"The country's "vibrant" IT security environment, low rate of reported breaches and incidents, and not being at the frontline of online attacks had lulled local organizations into a "false sense of security" leaving them vulnerable."

Dr. Teow-Hin Ngair, CEO of SecureAge

2013

Public-private partnership a challenge for cybercrime centers

"Many cybercrime centers are structured to focus on protecting government systems and critical infrastructure. As such, they tend to leave out the private sector, and subsequently, they cannot benefit from such government efforts and their computer systems remain vulnerable to cyberattacks."

"Both sides must recognize safeguarding national systems, critical infrastructure, IP can be significantly improved only when both parties combine their resources and intelligence together."

"Many security professionals may be good in traditional methods of protections but cannot keep up with the latest threats and do not understand how cybercriminals' evolving tactics. Such professionals may be able to prevent a garden variety of threats but not advanced one."

"This is why a cybercrime center needs capable cybersecurity professionals, especially people who understand the intrinsic weaknesses in computer systems"

Dr. Teow-Hin Ngair, CEO of SecureAge

Asia needs regional cybercrime center

"There is a lack of a cybercrime institution such as Europe's Cybercrime Center in the region, even though there are agencies that have more limited focus and remit."

"Singapore's Interpol Global Complex is also in the pipeline and expected to be operational in 2014. The new center will bring in sophisticated and more comprehensive security processes and systems, but it is not enough since cybersecurity is not the sole focus for Interpol."

"A dedicated cybersecurity agency in Asia will be more effective in protecting governments, businesses, and end users against cybersecurity threats."

Dr. Teow-Hin Ngair, CEO of SecureAge

2012

S'pore PA site breach signals more to come

"More attacks are set to come, especially with hackers who want to "show off" their skills to the world. They will pick Singapore randomly just like they do with all the other governments . Specifically, they will attack any site they can penetrate.

"The Singapore's computer emergency response team (CERT) could also play a bigger role in engaging government agencies to ensure their systems are continually updated to prevent newly discovered vulnerabilities."

Dr. Teow-Hin Ngair, CEO of SecureAge

Singapore's statutory body confirms Web site hack

"The country's "vibrant" IT security environment, low rate of reported breaches and incidents, and not being at the frontline of online attacks had lulled local organizations into a "false sense of security" leaving them vulnerable."

Dr. Teow-Hin Ngair, CEO of SecureAge

Regulators should make breach disclosure compulsory

"Companies will not report a breach on their systems as their foremost concern would be their shareholders and such disclosures will not benefit them."

"The legal framework, at least in Singapore, has yet to address this issue though. The soon-to-be-operational Personal Data Protection Act did not make it compulsory for companies to disclose breaches. This could be done on purpose to help companies reduce the already hefty compliance costs."

"By contrast, the United States, European Union and Australia are some countries that have put in place data breach notification regulations to protect consumers. This puts Singapore behind the ongoing data protection trend globally"

"The need to get companies to reveal breaches has to be balanced with limiting the disclosure to those on a need-to-know basis. Regulators should also have provisions in place to prevent similar breaches from happening again."

"For instance, only serious breaches should be reported and cases that qualify would include those that affect a sizeable number of people or result in losses in sensitive data. Such information include credit card numbers, medical information and personally identifiable details."

Dr. Teow-Hin Ngair, CEO of SecureAge

Cyberweapon choice boils down to intent, capabilities

"Attackers also tend to use cyberweapons that they are familiar with, or are able to serve a specific purpose. For instance, the 2011 attacks from Russia with virus "Carberp"  mainly targeted banking systems because they have the capability to disable antivirus systems on user machines."

"The most common attacks that can be deployed by hackers are the distributed denial of service (DDoS) attacks  which can be used to cripple enterprise Internet servers due to their ease of deployment while affecting numerous machines."

"On the other hand, advanced persistent threats (APTs) are the most sophisticated attacks and they create malware on user machines which communicate with their command-and-control servers to allow attackers to study the user machine and carry out specific attacks."

Dr. Teow-Hin Ngair, CEO of SecureAge

Asian security startups not attractive to investors

"The Asian culture of not wanting to fail means businesses in the region will not be willing to try security products without a good brand name."

Dr. Teow-Hin Ngair, CEO of SecureAge

Singapore suffers from 'false sense of security'

"The "vibrant" security scene in the city-state with more than 100 security companies here, and existing laws such as the Computer Misuse Act, help deter people from hacking into organizations here. This can be seen by the low number of reported security incidents."

"The country is also not likely to be one of the primary targets for hackers and hactivist groups because of its small population size. This makes companies here a smaller target than those in countries such as the United States, for example."

"However, Singapore-based companies have been lulled into a "false sense of security" even though the abovementioned factors are not enough to ensure the country will be safe from hacking activities."

"The low report rate, for instance, is because there is no incentive for companies to lodge one. Since the local government's priority is to keep business costs low and reporting the incident will only add to expenses , such incidents are often not known and companies are not penalized for not sharing the information."

Dr. Teow-Hin Ngair, CEO of SecureAge

E-govt services on intranet 'tricky'

"It is possible for a country to put its e-government services on the intranet if it is really serious about it. However, this will be done at the expense of accessibility, which will be "greatly curtailed and limited" to end-users who have access to the intranet."

"More importantly, the citizens may lose their ability to communicate with others in the world."

"E-government services servers should be limited in their access to critical and highly-sensitive information so that in the event these are compromised, the damage can still be contained."

"There is a use case for dedicated intranets though. For networks such as those used by the military, a separate intranet is usually set up to support internal services and end-user machines to protect the system against malicious attacks and content from the Internet."

Dr. Teow-Hin Ngair, CEO of SecureAge

S'pore govt to open tender for 2FA providers

"In light of recent e-government account hacks and a security landscape today with more sophisticated cybercriminals, these services should start adopting two-factor authentication (2FA) as a security layer, or make use of the National Authentication Framework (NAF) to secure important transactions."

"With 2FA adoption for e-government services, additional costs may be incurred by operators or the users. Users may also feel inconvenienced with another authentication device that they may need to carry around."

Dr. Teow-Hin Ngair, CEO of SecureAge

Tight budgets no excuse for SMBs' poor security readiness

"Smaller companies tend to be "hard-pressed" to invest or focus on IT-related resources such as security tools due to the lack of capital. This financial situation is further worsened by the tightening global and local economic climates, which has forced SMBs to focus on surviving above everything else."

"As such, IT security may be seen as a secondary concern relegated behind more pressing concerns such as finding new business, growing and sustaining operations, maintaining human resources, and financial control."

"Additionally, security implementations are not easy to design, implement and sustain without having a dedicated budget and skilled internal resources as it is not a singular project but a sustained program."

Dr. Teow-Hin Ngair, CEO of SecureAge

Singapore, South Korea ink IT security partnership

"This marks the first time SITF's security chapter has signed an MOU with a foreign entity."

"Korea was chosen because it is the second biggest economy in Asia, behind Japan."

"It is a dynamic market where vendors rarely compete against each other, and would instead collaborate [because] there is always something you do not know as cyber threats evolve every day."

"Many Asians are innovative, intelligent and creative in terms of technology, but these companies still live in the shadows of multinational companies from the United States. I am keen to bring companies to the next level, and that Asian security companies have the potential to become like a Symantec or McAfee."

Dr. Teow-Hin Ngair, CEO of SecureAge

Infocomm Development Authority of Singapore and Cloud Security Alliance Launch Joint Initiative to Create Trusted Cloud Ecosystem in Singapore

"We’re excited that the CSA has come to Singapore, and even more so to be part of this leading initiative to close the competency gap and build the environment of trust that is so critical for cloud services to succeed.”

“It is our privilege to be part of this initiative to fortify the best security practices for cloud computing arena. Through CSA, we hope to educate and address the security concerns that have slowed down organization’s adoption of cloud computing in the Asia-Pacific region. We will take this opportunity to share with enterprises our security experiences and mindshare on ways to build a highly secured cloud environment to protect mission-critical data from being compromised."

Dr. Teow-Hin Ngair, CEO of SecureAge