Survey reveals that while the Singapore public is growing more conscious of cybersecurity, they just don’t think they would be victims.

High-profile cybersecurity incidents in Singapore’s past have made their mark. Since April 2015, a specialized agency has been hard at work patrolling the Smart Nation’s digital borders.

The Cybersecurity Agency of Singapore (CSA) has the challenging mission of strengthening our digital infrastructures and international partnerships in order to create a safer cyberspace and to develop a resilient and vibrant national infrastructure and cybersecurity ecosystem.

In its annual “Cybersecurity Public Awareness Survey” for 2018, results of which were released on 11 Sep 2019, the findings showed that progress has been made in mobilizing people to take online security seriously.

Results in a nutshell

First the good news. A 78% majority of the 1,105 respondents (aged 15 years and above) agreed that everyone has a role to play in ensuring cybersecurity. This is a 3% improvement over 2017 findings.

There was also a 10% improvement in the adoption rate of Two-Factor Authentication (2FA) for all online accounts. Finally, about 80% were concerned about falling prey to online scams and fraud.

Not so rosy were behavioural patterns and attitudes. More respondents were using their personal mobile devices for online transactions, yet a higher proportion of them did not install security applications in their devices, from 47% in 2017 to 55%, despite knowing the risks of not doing so.

Despite the generally higher level of awareness and concern about cyber incidents, only around 30% thought  that such incidents—including ransomware, abuse of personal data, malware/virus infections and hacking of smart devices—would happen to them.

Living up to Smart Nation aspirations

With its strong economic standing, and its small and agile technological infrastructure, Singapore is well placed to be the technology hub of Southeast Asia. Its aspirations to be a Smart Nation have been steady and vigorous, national cyber incidents notwithstanding.

CSA’s Chief Executive David Koh said the survey shows that while Singaporeans are concerned about cyber threats and agreed that they have a role to play, most believe that they are not the target of cyber criminals. “Cyber threats are part and parcel of the digital age, and cyber-attacks will only increase. No one is immune.”

Reality is, the more technologically savvy the nation is, the greater the attack vector open to cybercriminals. Close to half (48%) of respondents had experienced at least one cyber incident in the past 12 months. More than one in three of them (36%) had pointed to advertisement pop-ups after browsing websites online as the most common cyber incident.

“Cybercriminals are always on the lookout for new victims and their methods evolve and get more sophisticated with time. While the government will continue our efforts to protect our essential services from cyber threats and create a secure cyberspace for our businesses and the community,

the government cannot do it alone. We must all do our part to protect ourselves from cyber threats,” said CSA’s deputy chief executive (Development), Teo Chin Hock.

Transforming perceptions into practice

The survey has shown that, even when people have the right awareness, they tend to have the “it won’t happen to me” mentality. This “optimism bias” can and does translate into inaction or complacency.

Case in point here and elsewhere in the world: optimism biases (among other mistakes such as poor crisis communication and compliance culture) were an underlying factor in major security breaches and outages involving even highly-trained IT professionals.

Which is why constant public education is CSA’s goal. Insights gathered from the 2018 survey are the basis for their annual Go Safe Online C.A.F.E. (Cybersecurity Awareness for Everyone) campaign.

This year, the number of roadshows has been ramped up from one to four, first in Ang Mo Kio town in September, followed by Tampines town in November. This will be followed by two roadshows held at educational institutions early next year.

The expanded campaign marks CSA’s continued efforts to increase cybersecurity awareness in community. Through fun and interactive activities, visitors can receive practical training on how to set strong passwords, spot signs of phishing and install anti-virus software.