SecureAge in the News

Click here to for press inquiries.

SecureAge in the News

Click here to for press inquiries.

2020

CISA shakeup

"While unlikely that the firing of the CISA Director will inspire cyber attacks from abroad on critical infrastructure in the US because systems appear more vulnerable today than yesterday, industry partners, observers, and US citizens certainly will be skeptical of any statements made by CISA about the election or anything else between now and January 2021. Supporters of the President will have bought in to his claims of CISA and its Director having failed completely and lied about election security. And detractors of the President will assume that anyone who accepts such a tenuous appointment by the lame duck President as the new Director will be complicit in his claims. Until the Biden administration can take over, the best outcome for now would be an interim appointment of someone within CISA who built the Agency together with Krebs."

Jerry Ray, COO of SecureAge

Chris Krebs’ Firing by Trump Increases Risk of U.S. Cyberattacks

“Every state official that’s seen their career cut short as a result of the president’s temperament is piling onto the potential for skepticism from the intelligence community and state partners, foreign and domestic, regarding future statements made by CISA about the election or any other pertinent matters."

"There’s also the question of whether Krebs’ replacement will be trustworthy or a Trump loyalist."

“Will they, too, undercut the validity of the election process? These questions alone can erode trust in our cyber defense integrity around the world. And they’ll remain an unfortunate constant throughout the narrative in the Krebs firing fallout until the new administration takes hold.”

"The message this move sends to the broader international collection of cybercriminals and advanced persistent threats (APTs) is very negative. It says the United States is divided and distracted, and lacks a united defensive front against cyberattacks."

“We could very well see an uptick in continued activity from current threats, as bad actors may see this news as a rallying cry over the weeks ahead. Disinformation campaigns regarding election results, COVID-19 themed phishing attacks and data theft attempts on our health care and vaccine research infrastructures were all already happening. Now they might happen a bit more often.”

Nigel Thorpe, Technical Director of SecureAge

Cyber Official’s Ouster Tests Government Relations With Private Sector

"The dynamic also could extend internationally. You will see a lot of countries look to each other [for information] instead of to the U.S. first."

Jerry Ray, COO of SecureAge

Manufacturing Under Attack

Nigel Thorpe, technical director at SecureAge puts the spotlight on cyber attacks on the manufacturing industry and suggests that it is time for a new data-centric approach

Hunting forward. Getting the "big things" right. Singapore's data protection law.

“The election results are already in dispute is the message being championed by the party more in fear of losing. And while domestic and foreign actors alike are trying to sow further discord thereafter by spreading falsehoods about the election results, cyber criminals are already relishing in the madness. The higher the temperature of those defending or defaming the election results, the lower their awareness of multitude of attacks awaiting them through phishing emails, fraudulent websites, and all of the well known forms by which the highly distracted may be exploited online."

"As the votes continue to be counted, the most inevitable and effective cyber attacks will be subtle, unnoticed, unattributable, and masked within the culture of doubt and suspicion cast upon the election for the sake of either plausible deniability by the victors or grounds for dispute by the vanquished. With only a fraction of a percent of the voting population determining the outcome, the attackers need only work in the margins and against those least able to defend themselves or least likely to notice.”

Jerry Ray, COO of SecureAge

Unknown Biden-Trump Election Outcome Benefits Cybercriminals

“The higher the temperature of those defending or defaming the election results, the lower their awareness of the multitude of attacks awaiting them. Those attacks include phishing emails, fraudulent websites and other tactics to exploit the “highly distracted"."

“As the votes continue to be counted, the most inevitable and effective cyberattacks will be subtle, unnoticed, unattributable and masked within the culture of doubt and suspicion cast upon the election for the sake of either plausible deniability by the victors or grounds for dispute by the vanquished"

“With only a fraction of 1 percent of the voting population determining the outcome, the attackers need only work in the margins and against those least able to defend themselves or least likely to notice.”

Jerry Ray, COO of SecureAge

It’s the data (stupid)!

Nigel Thorpe, technical director at SecureAge takes a look at the traditional approach to cyber security and suggests that we need to focus more on the data itself rather than simply trying to prevent access to it.

Cyber security threats against global governments increase exponentially

Nigel Thorpe, technical director at SecureAge, looks at the growing cyber security threats to global governments and suggests that it is time for a new approach to data protection.

Election 2020: 9 Ways Cybercriminals Are Trying to Steal Your Vote

“Whatever the pathway or intended target within the realm of candidates, platforms, parties, voters and voting infrastructure, the most inevitable and effective cyberattacks will be subtle, unnoticed, misattributed and masked within the culture of doubt and suspicion cast upon the election for the sake of either plausible deniability by the victors or grounds for dispute by the vanquished. With only a fraction of a percent of the voting population able to determine the outcome, the attackers need only work in the margins and against those least able to defend themselves or least likely to notice.”

Jerry Ray, COO of SecureAge

GDPR post Brexit: what
should firms expect?

"Any organisation that works with European businesses or consumers will still need to comply in order to continue operating in the territory. The UK will also retain data protection legislation which, in the short term at least, will continue to look a lot like GDPR."

“Whatever the future means in terms of changes to UK or European data protection, the principles of GDPR remain good business principles. What consumer is going to trust an organisation which has poor controls over their personal data? And ‘security by design’ is just good business sense. In today’s world of immediate news coverage, customer trust in an organisation can be lost in seconds, so doing all that is possible to mitigate security threats is an essential investment.”

Nigel Thorpe, Technical Director of SecureAge

America-First Cybersecurity Must Precede Manufacturing

Can America achieve manufacturing self-reliance if the nation doesn’t first enhance its cybersecurity capabilities?

Jerry Ray, COO of SecureAge

Cyber security in the new Wild West

While technologies such as identity management and Zero Trust rightly remain important, the focus for security must become data-centric. If security is built right into the data itself, then it will no longer matter when information is stolen – it will ultimately be useless to the thief.

Nigel Thorpe, Technical Director of SecureAge

Cybersecurity Skills Gap: 6 Tips That Demand Your Attention to Close the Talent Shortage

“Considering the technical nature of roles in cybersecurity, hiring managers require a college education but prefer a master’s degree. Degrees alone do not necessarily qualify an individual, and many adversaries have neither academic backgrounds nor purposes, leading to a mismatch of education with cybersecurity work. As experience is most often the second main requirement, it is also favored over tangible skills. This creates an unhealthy cycle of only hiring experienced security experts already in the industry while building a massive barrier to entry for aspiring workers. An added issue is that many hiring managers are unfamiliar with the distinction between a security pro and an IT pro, resulting in a muddled talent pool and exaggerated expectations that candidates tackle both disciplines, which is ultimately unsustainable for new hires.”

"Coupling that with comprehensive corporate training programs and proper CISO level oversight can ensure that new hires don’t burn themselves out on the job or are forced to learn how to mitigate security issues on the fly (which will ultimately do more harm to the organization than good)."

Jerald Ray, COO of SecureAge

Unravelling encryption

Nigel Thorpe, technical director at SecureAge explores the myths and mis-selling of encryption and explains why it’s all about the data

CPRA, or CCPA 2.0

"CPA has a number of weaknesses. One is that users might have a hard time understanding what they’re opting into when the data is more technical and less attributable, like IP geolocation data, rather than something like a social security number. Individuals will be hard-pressed to make a decision to opt out that reflects a full understanding of the potential utility and value of that data."

"Another weakness is that it’s not easy to guess which companies actually need to comply with the CCPA. The CCPA has a number of requirements that make a business eligible. Companies must meet one of the following criteria in order to be subject to the CCPA: (1) An annual revenue of $25 million or more, (2) Collect data from 50,000 California consumers and (3) Derive 50% or more of revenue from the sale of personal information"

"What appears to be a small office for mortgage refinancing may be over the 50,000 user records sold threshold with many statewide outlets under different names. And that leads to the darker side, all of those companies that don’t meet the requirements to be subject to CCPA but collect and trade data as a normal course of business, from boutique job recruitment sites to payday loan offices. Billions of electronic records are independently generated by small and medium-sized enterprises that contribute to millions of personal data repositories that can be breached without any of the sanctions or remedies within CCPA being available to the victims."

Jerald Ray, COO of SecureAge

The Risks of Checkbox Compliance

To become truly compliant, with security that persists even if data is stolen, organisations’ information security focus must change from protecting storage locations to securing the data itself. There’s no ransom leverage in empty threats.

Nigel Thorpe, Technical Director of SecureAge

AI helps home users detect and prevent unknown cyber threats

SecureAge adds Automatic Mode to SecureAPlus

Protecting data when it is most vulnerable

Data is most vulnerable when accessible, in transit, in use and volume encryption loses effectiveness.

Jerald Ray, COO of SecureAge

Talk like an Egyptian: a brief history of data encryption

While financial institutions have been using encryption technologies for years, the implementation is through “security silos” that seek to protect the most important data. In today’s world of high connectivity and strong regulation, however, all information must be seen as important.

Nigel Thorpe, Technical Director of SecureAge UK

Losing the Human Touch to Protect Data

It’s time to take a fresh look at data security. Rather than trying to fill in the security gaps to protect the increasingly disparate perimeter defenses, we need to take a data-centric approach to security and protect it at the most basic level, which is the file at rest, in use or in motion. 

Nigel Thorpe, Technical Director of SecureAge UK

A brief history of data encryption

Nigel Thorpe from SecureAge explores its evolution and asks if today’s PKI encryption techniques have cracked it.

Twitter Hack & Scam

"The latest Twitter hack exposes the identity and access management vulnerability and the risk of administrator accounts being compromised, leaving data vulnerable. It appears that cybercriminals gained access to Twitter’s internal network, then used an admin tool to control the user accounts of prominent individuals and organisations to post fraudulent messages. Using social engineering to gain access to Twitter staff accounts, giving access to data stored in the network.

This incident illustrates the loophole with identity and access management such that if a user account is compromised, data is left unprotected. This loophole can be closed by taking a data-centric approach to security, where information is automatically protected, with authenticated encryption built right into the data. This means that even unencrypted files, when changed or moved, will immediately be encrypted so that, if stolen, they will appear to be garbage to the thief.

A compromised user account still has access to data, but it remains encrypted all the time, even when in use. When copied from its ‘safe’, access-controlled location – even if that’s outside the organisation – the data remains encrypted and therefore useless. No ransom, no embarrassing disclosures, no legal action."

Nigel Thorpe, Technical Director of SecureAge UK

Be prepared: Why you need an incident response policy

"Incident response plans need to take into account how to allocate resources depending on the criticality of the infrastructure components affected by the breach. This could mean prioritizing immediate remediation of the attack or restoration of a mission critical server or forensic analysis of the mechanism of the attack. The order and allocation will be entirely dependent on the attack vector, the system(s) attacked, the data exfiltrated, the IT staff available either in-house or on contract, and the general industry or business line of the victim."

“Another important follow-up task is to do a total review of all the tools, policies, and settings within the system that suffered the breach. Typically, the single point of failure is somehow revisited and shored up or patched as if that was the only weakness. In reality, the entire security blanket needs to be unwoven, as the ineffective components may have led to or created that point of vulnerability, which on its own may not have been vulnerable."

Jerald Ray, COO of SecureAge

Lockdown sees rise in brute force attacks of over 100,000 daily

"Hackers work from a position of being able to attempt millions of attacks in the knowledge that a few will get through."

Ransomware and brute force attacks are great examples, and organisations must assume that someday one or more of these attacks will succeed no matter what barriers are put in place. Clearly, we don't want cybercriminals inside the network, but we must plan for the eventuality by inherently protecting data at source using file encryption. Implemented properly, so that people don't need to be aware of the encryption that's going on, any stolen data will remain encrypted and therefore useless to the hacker."

Nigel Thorpe, Technical Director of SecureAge UK

Cybersecurity risks in a possible US manufacturing resurgence

"The U.S. cannot manufacture everything it needs or wants, even if isolationism proves to be the only way to survive a global pandemic."

The US has been the richest target of cyberattacks from abroad aimed at capturing that knowledge to accelerate development of goods–both tangible and intangible–without having to pay the rents that have funded the US economy for decades of dwindling manufacturing. Even if the US somehow found a domestic market devout and large enough to finance a return of manufacturing of US-designed goods, those foreign actors will not only still target American IP to reduce their development costs, but will now also have a larger attack surface: the manufacturing equipment, materials, and logistics reliant on robots, AI, and data."

Those Americans willing to pay higher prices for virtually every tangible item to be made in the U.S.A. will be tested early and often enough to prevent any meaningful shift away from foreign dependency on manufacturing to ever happen."

In any scenario by which the U.S. relinquishes its massive net importer-status to become a self-reliant manufacturing hub, the digital systems and data running all of it would be even more vulnerable than the digitally stored IP that it currently produces. Autonomous farm equipment or welding machines can be hacked and attacked from anywhere on the planet in a way a human laborer cannot. But with a labor force both too expensive and paltry compared to those in countries like China and India, the US will have to rely on machines to manufacture a quantity and variety big enough to satisfy the demand that Americans are uniquely known for throughout the world."

Jerald Ray, COO of SecureAge

SecureAge introduces 'Recommended Actions' for Endpoint Protection to relieve user anxiety for remote or office-based workers

‘Recommended Actions’ has been added to its Application Whitelisting to provide additional real-time guidance on how to respond to prompted alerts when a non-trusted file is identified. The new feature is particularly valuable for people working from home, outside the usual oversight of the enterprise because of COVID-19.

SecureAge brings its data security and enterprise encryption solutions to the UK

Leading supplier to Singapore government and military launches in UK with a spotlight on secure data and remote working

Tokyo Olympics Postponed, But 5G Security Lessons Shine

Jerry Ray, COO at SecureAge, discussed about the now postponed Tokyo Games and its use of 5G and the myriad of security concerns Japan is preparing for.

Olympics Could Face Disruption from Regional Powers

It's only a matter of time before Russia takes action against WADA again. These attacks will likely come via a combination of data leaks and disinformation aimed at exposing private or medical information on participating athletes and altering it to embarrass other countries or anti-doping officials."

The best thing the country can do in the short term is to create a countrywide push to educate its citizens and incoming tourists about how to protect themselves and their devices. After all, it's usually the human element that ends up being the weakest link in the cybersecurity chain."

Jerald Ray, COO of SecureAge

2020

CyberWire

CISA shakeup

Security Boulevard

Twitter Hack & Scam

2019

The key cybersecurity risks set to rise in 2020

As 2019 comes to a close, Dr. Teow-Hin Ngair, CEO/Founder of global cybersecurity biz SecureAge, tells Digital Journal about what to expect in the space heading into 2020.

Enterprise neglect leaves Black Friday cybersecurity responsibility to customers

“Black Friday and Cyber Monday sale emails have been flooding consumer inboxes, but retailers won't say anything about your transaction being secure [or] anything about what they're doing to secure the data from a technology standpoint."

I haven't seen investment in new tools or infrastructure for any reason other than capacity. When I look at our sales cycles, and when I look at the sales cycles of partners of ours who sell other products, we've never noticed that the holidays have increased [security spending] for any enterprise customers.” 

Jerald Ray, COO of SecureAge

TransUnion fraud survey highlights merchant holiday sales risks

“Protect customer data at all costs with file-level encryption backed up regularly to external/offsite storage. Real-time file-level encryption of databases, transaction files, invoices, receipts, and anything else on the systems of retailers will prevent not only loss of customer data through breaches, but also quick restoration of data in the event of a ransomware attack.”

“If a retailer’s customer data is not encrypted and compromised, unrecognized purchases against a credit card versus mysterious deductions from a bank account will be easier to stomach while working through the issue with banks.” 

“Be on the lookout for unsolicited deals through email, text messaging, or social media that either appear outrageously generous, or require the downloading of a mobile app or desktop application. And, while never overstated, be sure to look for “https” to precede any web address, as well as the “lock” icon when starting the purchase sequence."

Jerald Ray, COO of SecureAge

Should you pay the ransom in a ransomware attack?

Jerald Ray, COO of SecureAge, debates the merits and drawbacks of paying up when ransomware comes calling.

"The data being held hostage should never be anthropomorphised – data is not a human life.’"

Singapore makes mark on AI with Apache Singa

Outside healthcare, Apache Singa is being used by SecureAge, a Singapore-based cyber security firm, to develop deep learning models for malware detection, in a bid to improve detection accuracy and identify new strains of malware using past data."

What industry gets wrong about cyber insurance

Insurers offering cyber insurance policies have done well to present themselves as a sanctuary of reason and resourcefulness amidst the frenzy of a ransomware attack."

"There's the chance victims could see paying a ransom as an insurer's default. The decision to pay or not pay became the insurer's right to choose, based solely on claims of expediency or the recommendation of the independent incident response experts called in." 

Jerald Ray, COO of SecureAge

Effective Encryption Protects Data When it's Most Vulnerable

"An effective selection and implementation of an encryption tool has one purpose: to protect the data when it's most vulnerable, such as when it has value to a company ( i.e. when data is accessible, in motion, or in use). That’s precisely when those volume-level encryption tools stop being effective or fail altogether." 

Jerald Ray, COO of SecureAge

SecureAge’s AI-Powered APEX Anti-Malware Engine Comes Out-of-Beta for SecureAPlus Users

"The problem with traditional antivirus solutions is that they rely on a prearranged blacklist of currently known malware types to protect users, and therefore fail in catching new viruses until a user’s system has already been compromised."

"APEX was designed to perform one step ahead, using machine learning to detect malware and ransomware before they infect a user’s system, acting as a proactive deterrent rather than a reactive countermeasure."

"We hope that APEX changes the way people think about securing their data and artificial intelligence. AI is here to help people and make their lives easier. With the use of deep learning technology and big data, APEX will be able to recognize malicious patterns without relying on traditional definition updates — making it faster, lighter, and more reliable than anything else on the market."

Dr. Teow-Hin Ngair, CEO of SecureAge

Google Calendar Privacy Concerns Raised

As a result, users of various services, including Google Calendar, need simpler tools to make clear security choices."

Jerald Ray, COO of SecureAge

Applying Encryption Widely in Banking

If you look at everything from customer interface to backend of historical data, banks are having to acquire encryption in so many different forms."

Jerald Ray, COO of SecureAge

Singapore’s SecureAge eyes US market

"US is the “logical next step” in the company’s expansion, and that SecureData’s ability to protect information at rest or in-motion has been proven by customers including the Singapore government and military."

"Elsewhere in Asia, SecureData is also being used by government offices in Tokyo and Hong Kong to prevent sensitive, top-secret data from being stolen by intruders and malicious insiders."

Dr. Teow-Hin Ngair, CEO of SecureAge

“We only pre-install algorithms that have become global standards through rigorous multi-round peer reviews, such as AES 256.” 

"The launch of the US office is being undertaken with a partner company that has dedicated sales staff, as well as pre-sales and support engineers currently training on SecureAge products."

“Along with direct sales, they will work through their own resellers to identify and certify resellers nationwide while also providing a support function.”

Jerald Ray, COO of SecureAge

Singapore Adopts Stricter ID Collection Rules

“When it comes to storing digital data, tokenization and encryption are the best available solutions."

There is the potential of providing a tokenized/randomized one-time use ID number through SMS that would serve in lieu of providing an NRIC. For example, where NRIC data is legally required to be collected by hotels, a one-time use ID code or number could be generated by the NRIC-issuing body. That one-time ID number could only be confirmed by the same NRIC-issuing body at a later date, and not by the hotel which collected it to comply with the law.”

"In situations where the NRIC is used for confirmation of identity, any form of the collected data should be encrypted, ideally by a file-level encryption tool that could not only maintain the personal data in a secure state, but also allow for secure wiping/erasure of that data to comply with any reasonable or legally prescribed retention period.

Jerald Ray, COO of SecureAge

Have we learned anything from medtech security breaches?

“This is not the first time the healthcare industry has seen a breach in client information. One of the fundamental issues is that medical agencies, providers and hospitals aren’t making cybersecurity enough of a priority in general."

“This could stem from the fact that lost patient records do not really impact their business directly – and they don’t lose any money directly resulting from patient record breaches. Unless more regulations are put in place, this will continue to be a recurring issue.”

Dr. Teow-Hin Ngair, CEO of SecureAge

Why the type of data doesn't determine privacy penalties

Essentially, there should be no difference in penalty or worry based on the level of sensitivity of the personal data of others that was lost. It’s all sensitive."

"To define some data as sensitive and other as less sensitive or even innocuous is ingenuous and a fatal flaw in security policy."

"The harm to the consumers who had their personal information exposed should be the measuring stick for damages and compensation."

Jerald Ray, COO of SecureAge

Capital One Breach Highlights Shortfalls of Encryption

“Experts said there are a few likely techniques that Capital One might have applied that could have allowed a hacker to decrypt data stored in the cloud. One possibility is that the bank simply encrypted the server itself, not individual pieces of data."

"This method protects information while it is stored but does nothing to safeguard it when someone accesses the device where it is located."

Jerald Ray, COO of SecureAge

Capital One breach exposes not just data, but dangers of cloud misconfigurations

“Capital One’s claims regarding its encryption practices is weak."

"Particularly the line about, ‘unauthorized access also enabled decrypting,’ which goes against the very core function of responsible encryption practices. It’s precisely when unauthorized attempts to access data occur that encryption displays its value and worth. What’s missing here is the key, literally. What type of key was it? And who had it?"

Jerald Ray, COO of SecureAge

Equifax might owe you $125. Here's how to get it

"The Equifax data breach and settlement serves as a tragic case study of net economic loss to all but the perpetrators."

"The settlement does very little for those whose data was breached, especially when the damage will hit individuals in the future where attribution to this single breach may be impossible."

Jerald Ray, COO of SecureAge

A call to end 'warrant-proof' encryption, but where does privacy protection fit in?

"Technology has consistently removed the presumed tradeoffs of the physical world."

"The argument seeks just enough compassion or empathy from people for them to simply agree to giving up personal security for the sake of some notion of prescribed communal security,"

"Effective and responsible encryption is agnostic to the content it protects, as it should be." 

"Barr's arguments against "warrant proof" encryption fail to acknowledge that consumers' personal information are precisely the precursors to all collective actions taken by society."

Jerald Ray, COO of SecureAge

All Aboard the Digital Bandwagon: Capital 95.8FM Radio Interview

"Everyone should learn about cybersecurity. In an age where everything is digitalized, any information can be hacked and easily retrieved – one can be at risk of financial losses and damage of reputation. Hence cybersecurity is just as important as coding in this digital economy. We should all have at least a basic understanding of cybersecurity so we won’t fall for traps laid by hackers."

Dr. Teow-Hin Ngair, CEO of SecureAge

SecureAPlus Antivirus App Getting AI-Powered APEX Engine

SecureAge has announced that it is bringing an AI-powered Apex engine to its SecureAPlus application for Android. This new engine is expected to "supplement existing features for better mobile protection.

Additional levels of privacy are already available in SecureAPlus, and has noted the app's App Locker feature as an example. App Locker pre-emptively blocks access to selected applications if someone steals your phone or tries to use it without your knowledge.

Financial details of nearly 12 million patients at risk following AMCA breach

"Such events are unfortunately common within the healthcare industry due to the community not paying enough attention to cybersecurity, compared to other facets of healthcare."

"This is not the first time the healthcare industry has seen a breach in client information. One of the fundamental issues is that medical agencies, providers and hospitals aren't making cybersecurity enough of a priority in general."

"This could stem from the fact that lost patient records do not really impact their business directly — and they don't lose any money directly resulting from patient record breaches. Unless more regulations are put in place, this will continue to be a recurring issue."

Dr. Teow-Hin Ngair, CEO of SecureAge

Data Breach Affects 12M Quest Diagnostics Patients

"One of the biggest fundamental issues is that medical agencies, providers and hospitals are not making cybersecurity enough of a priority."

"This could be because losing patient records does not directly impact these organizations’ businesses."

“Unless more regulations are put in place, this will continue to be a recurring issue.”

Dr. Teow-Hin Ngair, CEO of SecureAge

Quest Diagnostics data breach – the industry sounds off

"This is not the first time the healthcare industry has seen a breach in client information."

“One of the fundamental issues is that medical agencies, providers and hospitals aren’t making cybersecurity enough of a priority in general.” 

“This could stem from the fact that lost patient records lost do not really impact their business directly – and they don’t lose any money directly resulting from patient record breaches. Unless more regulations are put in place, this will continue to be a recurring issue.”

Dr. Teow-Hin Ngair, CEO of SecureAge

SecureAge Integrates Artificial Intelligence Powered APEX Anti-Malware Engine in VirusTotal

“As part of the VirusTotal network, our priority is to champion the value that the APEX engine can bring to users in keeping them informed and protected from existing and unknown malware types.”

“We hope that this integration is also a testament to our commitment to become a major contributor to the overall cybersecurity community.”

Dr. Teow-Hin Ngair, CEO of SecureAge

VirusTotal += SecureAge

SecureAge APEX is an anti-malware scanning engine powered by artificial intelligence, designed to extend the detection capabilities of the SecureAge SecureAPlus endpoint protection platform (EPP).

The APEX engine that runs in VirusTotal targets Windows PE files; with integration into the VirusTotal ecosystem, SecureAge looks forward to further enhancing APEX's capabilities, and above that, adding value to VirusTotal's cybersecurity services.

800,000 blood donors' personal data accessed illegally and possibly stolen; police investigating

“There is nothing blood donors who may have had their information accessed can do."

"You can't change your NRIC number or date of birth, that's the unfortunate reality of the situation"

"Some of the information that was stored in the server, such as the NRIC number and date of birth of donors, is sometimes used by services such as banks and telephone companies to verify one's identity."

Dr. Teow-Hin Ngair, CEO of SecureAge

Partnership: SecureAge joins the PolySwarm ecosystem

“Polyswarm’s ecosystem provides a unique platform that allows a broader audience to access innovative detection technologies that are available in the market. This system makes it the perfect venue for the SecureAge APEX engine to flex its predictive capabilities to detect threats that non-traditional methods may otherwise miss.”

Dr. Teow-Hin Ngair, CEO of SecureAge

Expanding the boundaries of the digital workplace

Alternatively, downloads to an unmanaged device may be allowed, but only if the file is encrypted. Sample suppliers that offer transparent file-level encryption include SecureAge (SecureData). 

2019

2018

政府电子密码系统技术故障长达六小时 现已恢复运作

"主要系统如果是当机的话,至少有一个后备系统可以马上把它设置起来,最少这个服务还可以延续下去,这样用户就可以继续用这个服务,不然现在他们不能用这个服务就造成很多困扰。"

倪朝兴博士, SecureAge总裁

Transcript from Simplified Chinese to English

SingPass, CorpPass systems back online after 6 hours of downtime

"If the main system is down, there needs to be at least one backup system to set it up immediately. Users will then be able to continue using this service. Otherwise, this will cause a lot of inconveniences."

Dr. Teow-Hin Ngair, CEO of SecureAge

2018

Mediacorp Channel 8 News

通过第三方应用程序索取双重认证系统密码 是否更安全?

(Is it safer to request a two-factor authentication system password from a third-party application?)

Mediacorp 8 World

政府电子密码系统技术故障长达六小时 现已恢复运作

(SingPass, CorpPass systems back online after 6 hours of downtime)

2017

Cyber security sector gets S$16m boost in grants

“In using deep learning to study historical data on viruses and malware, his solution has an edge over the usual solutions in the market."

“The normal solutions today are quite poor in detecting malware that are newly released. Studies have shown that their detection rate on day one of new malware releases is only 5 per cent. But with deep learning, our preliminary results have shown that our solution can detect over 90 per cent of malware on day one.”

Dr. Teow-Hin Ngair, CEO of SecureAge

2016

专家建议公众应多留意网络安全 做好防范

“电信业者它们有时会供给用户一些设备,像路由器等等之类,它们应该选择一些安全性比较高的设备给他们的用户,不然的话用户就很容易受到这些黑客的侵害。”

倪朝兴博士, SecureAge总裁

Transcript from Simplified Chinese to English

Experts suggest that the public should pay more attention to network security

"Telecom operators sometimes provide users with some devices, like routers, etc. They should choose more secure devices for their users; otherwise, users will be vulnerable to these hackers."

Dr. Teow-Hin Ngair, CEO of SecureAge

2016

Mediacorp 8 World

专家建议公众应多留意网络安全 做好防范

(Experts suggest that the public should pay more attention to network security)

2014

Heck, I'm hacked?

"Scenarios like the above could happen and are difficult to detect."

"For example, if they get their hands on your SingPass and NRIC, they can see confidential information about your company. Professional hackers have the means to do so."

"These type of hacking attempts are hardly detected because you won't even know they have hit you."

"If professional hackers were to do a targeted attack on Singapore companies, I would say most of our companies here would fail."

"But the beauty of being in Singapore is that it is a small country, so we're not really on the radar of hackers."

Dr. Teow-Hin Ngair, CEO of SecureAge

逾千人SingPass疑遭人盗用 资信局同警方已彻查

“最基础的你需要有一些防病毒的软件,要安装在你的机器上面。当然还有另外一种就是,你的电脑是不是给人家拿去用等等之类,都有很大的可能。”

“像新加坡银行方面,它会给大家一个所谓一次性密码的机器,那种机器都会造成说,如果有人要破坏、盗取你的密码会比较难,因为那个密码整天都在变。” 

倪朝兴博士, SecureAge总裁

Transcript from Simplified Chinese to English

1560 SingPass user accounts breached

"The most basic you need to have an anti-virus software install on your machine. There can be another possibility, have you pass your computer to others to use it? All of these are possible."

"For instance, banks in Singapore, they will provide you a device that generates a one-time password. As the password is changing all day, it will be difficult for someone to destroy the data on your machine or steal your password."

Dr. Teow-Hin Ngair, CEO of SecureAge

The day Anonymous knocked on my door

"The country's "vibrant" IT security environment, low rate of reported breaches and incidents, and not being at the frontline of online attacks had lulled local organizations into a "false sense of security" leaving them vulnerable."

Dr. Teow-Hin Ngair, CEO of SecureAge

2013

Public-private partnership a challenge for cybercrime centers

"Many cybercrime centers are structured to focus on protecting government systems and critical infrastructure. As such, they tend to leave out the private sector, and subsequently, they cannot benefit from such government efforts and their computer systems remain vulnerable to cyberattacks."

"Both sides must recognize safeguarding national systems, critical infrastructure, IP can be significantly improved only when both parties combine their resources and intelligence together."

"Many security professionals may be good in traditional methods of protections but cannot keep up with the latest threats and do not understand how cybercriminals' evolving tactics. Such professionals may be able to prevent a garden variety of threats but not advanced one."

"This is why a cybercrime center needs capable cybersecurity professionals, especially people who understand the intrinsic weaknesses in computer systems"

Dr. Teow-Hin Ngair, CEO of SecureAge

Asia needs regional cybercrime center

"There is a lack of a cybercrime institution such as Europe's Cybercrime Center in the region, even though there are agencies that have more limited focus and remit."

"Singapore's Interpol Global Complex is also in the pipeline and expected to be operational in 2014. The new center will bring in sophisticated and more comprehensive security processes and systems, but it is not enough since cybersecurity is not the sole focus for Interpol."

"A dedicated cybersecurity agency in Asia will be more effective in protecting governments, businesses, and end users against cybersecurity threats."

Dr. Teow-Hin Ngair, CEO of SecureAge

2012

S'pore PA site breach signals more to come

"More attacks are set to come, especially with hackers who want to "show off" their skills to the world. They will pick Singapore randomly just like they do with all the other governments . Specifically, they will attack any site they can penetrate.

"The Singapore's computer emergency response team (CERT) could also play a bigger role in engaging government agencies to ensure their systems are continually updated to prevent newly discovered vulnerabilities."

Dr. Teow-Hin Ngair, CEO of SecureAge

Singapore's statutory body confirms Web site hack

"The country's "vibrant" IT security environment, low rate of reported breaches and incidents, and not being at the frontline of online attacks had lulled local organizations into a "false sense of security" leaving them vulnerable."

Dr. Teow-Hin Ngair, CEO of SecureAge

Regulators should make breach disclosure compulsory

"Companies will not report a breach on their systems as their foremost concern would be their shareholders and such disclosures will not benefit them."

"The legal framework, at least in Singapore, has yet to address this issue though. The soon-to-be-operational Personal Data Protection Act did not make it compulsory for companies to disclose breaches. This could be done on purpose to help companies reduce the already hefty compliance costs."

"By contrast, the United States, European Union and Australia are some countries that have put in place data breach notification regulations to protect consumers. This puts Singapore behind the ongoing data protection trend globally"

"The need to get companies to reveal breaches has to be balanced with limiting the disclosure to those on a need-to-know basis. Regulators should also have provisions in place to prevent similar breaches from happening again."

"For instance, only serious breaches should be reported and cases that qualify would include those that affect a sizeable number of people or result in losses in sensitive data. Such information include credit card numbers, medical information and personally identifiable details."

Dr. Teow-Hin Ngair, CEO of SecureAge

Cyberweapon choice boils down to intent, capabilities

"Attackers also tend to use cyberweapons that they are familiar with, or are able to serve a specific purpose. For instance, the 2011 attacks from Russia with virus "Carberp"  mainly targeted banking systems because they have the capability to disable antivirus systems on user machines."

"The most common attacks that can be deployed by hackers are the distributed denial of service (DDoS) attacks  which can be used to cripple enterprise Internet servers due to their ease of deployment while affecting numerous machines."

"On the other hand, advanced persistent threats (APTs) are the most sophisticated attacks and they create malware on user machines which communicate with their command-and-control servers to allow attackers to study the user machine and carry out specific attacks."

Dr. Teow-Hin Ngair, CEO of SecureAge

Asian security startups not attractive to investors

"The Asian culture of not wanting to fail means businesses in the region will not be willing to try security products without a good brand name."

Dr. Teow-Hin Ngair, CEO of SecureAge

Singapore suffers from 'false sense of security'

"The "vibrant" security scene in the city-state with more than 100 security companies here, and existing laws such as the Computer Misuse Act, help deter people from hacking into organizations here. This can be seen by the low number of reported security incidents."

"The country is also not likely to be one of the primary targets for hackers and hactivist groups because of its small population size. This makes companies here a smaller target than those in countries such as the United States, for example."

"However, Singapore-based companies have been lulled into a "false sense of security" even though the abovementioned factors are not enough to ensure the country will be safe from hacking activities."

"The low report rate, for instance, is because there is no incentive for companies to lodge one. Since the local government's priority is to keep business costs low and reporting the incident will only add to expenses , such incidents are often not known and companies are not penalized for not sharing the information."

Dr. Teow-Hin Ngair, CEO of SecureAge

E-govt services on intranet 'tricky'

"It is possible for a country to put its e-government services on the intranet if it is really serious about it. However, this will be done at the expense of accessibility, which will be "greatly curtailed and limited" to end-users who have access to the intranet."

"More importantly, the citizens may lose their ability to communicate with others in the world."

"E-government services servers should be limited in their access to critical and highly-sensitive information so that in the event these are compromised, the damage can still be contained."

"There is a use case for dedicated intranets though. For networks such as those used by the military, a separate intranet is usually set up to support internal services and end-user machines to protect the system against malicious attacks and content from the Internet."

Dr. Teow-Hin Ngair, CEO of SecureAge

S'pore govt to open tender for 2FA providers

"In light of recent e-government account hacks and a security landscape today with more sophisticated cybercriminals, these services should start adopting two-factor authentication (2FA) as a security layer, or make use of the National Authentication Framework (NAF) to secure important transactions."

"With 2FA adoption for e-government services, additional costs may be incurred by operators or the users. Users may also feel inconvenienced with another authentication device that they may need to carry around."

Dr. Teow-Hin Ngair, CEO of SecureAge

Tight budgets no excuse for SMBs' poor security readiness

"Smaller companies tend to be "hard-pressed" to invest or focus on IT-related resources such as security tools due to the lack of capital. This financial situation is further worsened by the tightening global and local economic climates, which has forced SMBs to focus on surviving above everything else."

"As such, IT security may be seen as a secondary concern relegated behind more pressing concerns such as finding new business, growing and sustaining operations, maintaining human resources, and financial control."

"Additionally, security implementations are not easy to design, implement and sustain without having a dedicated budget and skilled internal resources as it is not a singular project but a sustained program."

Dr. Teow-Hin Ngair, CEO of SecureAge

Singapore, South Korea ink IT security partnership

"This marks the first time SITF's security chapter has signed an MOU with a foreign entity."

"Korea was chosen because it is the second biggest economy in Asia, behind Japan."

"It is a dynamic market where vendors rarely compete against each other, and would instead collaborate [because] there is always something you do not know as cyber threats evolve every day."

"Many Asians are innovative, intelligent and creative in terms of technology, but these companies still live in the shadows of multinational companies from the United States. I am keen to bring companies to the next level, and that Asian security companies have the potential to become like a Symantec or McAfee."

Dr. Teow-Hin Ngair, CEO of SecureAge

Infocomm Development Authority of Singapore and Cloud Security Alliance Launch Joint Initiative to Create Trusted Cloud Ecosystem in Singapore

"We’re excited that the CSA has come to Singapore, and even more so to be part of this leading initiative to close the competency gap and build the environment of trust that is so critical for cloud services to succeed.”

“It is our privilege to be part of this initiative to fortify the best security practices for cloud computing arena. Through CSA, we hope to educate and address the security concerns that have slowed down organization’s adoption of cloud computing in the Asia-Pacific region. We will take this opportunity to share with enterprises our security experiences and mindshare on ways to build a highly secured cloud environment to protect mission-critical data from being compromised."

Dr. Teow-Hin Ngair, CEO of SecureAge