In today's digital age, the threat of data breaches looms large, with cybercriminals continuously honing their tactics to exploit vulnerabilities. The repercussions of such breaches can often be severe, resulting in financial losses, reputational damage, and legal liabilities for businesses of all sizes.


On March 30th, 2024, Poh Heng Jewellery fell victim to a data breach, resulting in unauthorised access to customers’ personal data.  As of the publication of this article, Poh Heng Jewellery’s website remains offline as the company works on upgrading their systems, underscoring the enduring impact of such breaches.


Recent years have seen an increasing trend of such occurrences, with notable organisations like RE&S, Cortina Watch, Starbucks, Marina Bay Sands, and Carousell being affected. 


These incidents shed light on several fundamental issues that need to be addressed when it comes to cybersecurity:

  • Failure to conduct regular Vulnerability Assessment and Penetration Testing (“VAPT”)
  • Absence of effective Anti-Virus solutions
  •  Delayed implementation of system patches or reliance on legacy systems
  •  Usage of weak passwords and lack of Multi-Factor Authentication (“MFA”)
  •  Inadequate security awareness training for employees

Ensuring Cybersecurity

There are several programmes available in Singapore to aid businesses in mitigating cyber risks and avoiding PDPA breaches. One effective approach is adherence to the Cyber Essential Requirements developed by the Cyber Security Agency (CSA). Additionally, organisations can seek added assurance by referring to the CSA Cyber Trustmark Requirements.


Before delving into the issues, it would be prudent to first conduct a Cyber Security Health Check. Akin to a medical examination, this assessment offers insights into the organisation's security posture, enabling the implementation of preventive actions to avert significant damage.


Furthermore, ensuring that every system undergoes VAPT before commissioning is an effective preventive measure among many others.


The pivotal question that businesses need to consider: Are we willing to risk being part of the data breach statistics, or shall we take proactive measures to safeguard our organisations? It's important for businesses to remember that the costs associated with rectifying data breaches far outweigh those of implementing preventative cybersecurity measures.

How can we Help?

At RSM Singapore, we understand the gravity of cybersecurity threats and are committed to helping organisations like yours mitigate the risks associated with data breaches. Our Technology Compliance team has extensive experience working with various SMEs in areas of data privacy, cyber security and business continuity. We are confident in our ability to offer practical recommendations to enhance your organisation’s security posture.


Our Risk Advisory division is currently certified across a spectrum of vital standards, including the Data Protection Trust Mark, Data Protection Essentials, ISO 27001 and Cyber Essentials Mark. Furthermore, we have guided our clients in obtaining these certifications, underscoring our commitment to excellence by helping you to enhance your security posture to safeguard sensitive information and ensure robust security measures are implemented.
 

Reach out to our specialists for your cybersecurity needs: 

Adrian Tan, Partner & Industry Lead - Technology, Media & Telecommunications Practice; Head of ESG Practice
Adrian Tan
Partner
Hoi Wai Khin , Partner & Deputy Industry Lead - Technology, Media & Telecommunications Practice
Hoi Wai Khin
Partner