Regulations are still necessary to ensure that organizations prioritize cybersecurity. Singapore recently released guides aimed at helping businesses understand the risks associated with using cloud services and how to secure their cloud environments. These guides were developed in collaboration with cloud vendors such as Amazon Web Services, Google Cloud, and Microsoft. They outline the specific risks and responsibilities of organizations using cloud services and provide steps for safeguarding their environments. The guides also include provider-specific instructions for AWS, Microsoft, and Google platforms. The goal is to facilitate the adoption of national cybersecurity standards and improve the cybersecurity posture of organizations using cloud services.
The Singapore government also took steps to expand a national security labeling initiative to include medical devices. This initiative aims to improve the security of medical devices that are increasingly connected to hospitals and home networks. By embedding security into the product design, manufacturers can help healthcare operators make informed decisions about using these devices. The labeling scheme includes four ratings that reflect the level of evaluation the product has undergone.
While initiatives like these are valuable, they should be accompanied by clear mandates rather than just being guidelines. These mandates can include requirements such as a patch management strategy and a robust monitoring system. Clear timelines for compliance should be provided. Governments can enforce these requirements and penalize vendors that do not meet them. This approach helps drive actions forward and protects organizations and citizens from cyber threats.
It’s important to note that organizations in operational technology (OT) sectors need to manage their ecosystems differently from IT infrastructures. They must establish an inventory of their OT systems and devices and ensure that third-party tools are secured and integrated for clear visibility across the supply chain. Governments can facilitate this process by enforcing industry requirements and penalizing non-compliant vendors.
Overall, robust cyber resilience is crucial, especially as sectors such as healthcare and government face increasing threats. Governments in Asia-Pacific are experiencing thousands of attacks each week, highlighting the need for stronger cybersecurity measures. As the underlying OT infrastructure evolves, the management of the entire ecosystem becomes complex. Collaboration between governments, device manufacturers, and security players is essential to address these challenges and close security gaps.
