Singapore has introduced certification programmes to tag small and large enterprises that have adopted good cybersecurity practices. The move is touted as essential for companies to ascertain their security posture amidst increasing supply chain attacks.
The certification scheme encompassed two cybersecurity marks, one of which would enable small and midsize businesses (SMBs) to prioritise basic security measures they should implement to protect their systems and operations against common cyber attacks. These baseline measures included preventive measures to control access to systems and data, and cyber incident response.
The Cyber Essentials mark not only recognised SMBs with good cyber hygiene, but also would help these companies understand fundamentals they should have in place even with their limited IT or cybersecurity resources, said Singapore’s Cyber Security Agency (CSA).
An SMB food and beverage company, for instance, with the Cyber Essentials mark would have adopted baseline cybersecurity measures to safeguard personal data of its customers, such as name and date of birth, needed to facilitate its loyalty programme. These included controlling access to and backing up customer data and investing in software to secure its internal IT systems.
The second certification programme was targeted at larger and more digitalised businesses, including multinational corporations, CSA said. Called Cyber Trust, it outlined a risk-based approach to help organisations understand their risk profiles and determine security elements they needed to prepare to mitigate such risks.
Specifically, the Cyber Trust mark encompassed five cybersecurity preparedness tiers that matched the company’s risk profile. Each tier