What is Cyber Security? Threats, Best Practices & Why It Matters

Cyber security is one of the biggest buzzwords in this digital age, and it’s encouraging that more people are starting to understand the importance of safeguarding themselves online. In fact, 62% of people in the Asia-Pacific region feel that they could potentially become a victim of cybercrime¹, to say nothing of the billions of dollars’ worth of economic damage that these already cause each year.

Naturally, since nobody wants to end up a victim of a potential phishing or malware attack, it’s important that we know how these threats operate and protect ourselves.

We’ve done up a rundown of facts, best practices, and other useful information in this article, so take it right from the top with us, or hop straight to one of the other sections below by clicking on them.

Let's get started!
 

• What is Cyber Security?
  Learn basic cyber security definitions and what it entails.
  
  
• Why is Cyber Security important?
  Find out why this growing digital field is more essential than ever.
  
  
• Types of Cyber Security Threats
  Learn how Phishing Scams, Malware, Data Breaches, and other cyber threats operate.
  
  
• Cyber Security Best Practices
  Tips and tricks you can use to better protect yourself and your loved ones.
  
  
• Additional Help & Resources
  Websites and resources that can shed more light on cyber security.

What is cyber security?

In its most basic form, cyber security (or computer security) is defined by the Cambridge Dictionary as “things that are done to protect a person, organisation, or country and their computer information against crime or attacks carried out using the Internet.”

It is one of many subsets under the umbrella of information security, though it can be tricky to differentiate them considering they overlap in many areas. Briefly, the key difference between cyber security and information security is that the former is limited to safeguarding data from cyber threats, while the latter concerns protecting information in general.

But subset or not, cyber security is still a rather broad topic, and an essential one at that. So, before we get into the dangers posed by cyber threats, let’s take a look at why the importance of cyber security cannot be understated.

Why is cyber security important?

From ordering our meals to shopping for birthday gifts and making bank transfers, an increasing number of modern services and amenities are going digital. Naturally, this means that more and more of the world’s data – both personal and corporate – will inevitably end up online.

Unfortunately, digital technology is not the only thing that’s evolving – crime is as well. Today’s cybercriminals have learned to weaponise many technologies for their own malicious purposes, resulting in a continuously expanding criminal playbook.

For example, the rapid advancement of generative A.I., while immensely beneficial and helpful to society, has likewise enabled cybercriminals to carry out more effective impersonations, frauds, and identity thefts.

So, with cybercriminals becoming increasingly cunning and devious, we don’t just need to have the right technical defences set up – we also need to be aware of how these threats operate and what we can do to combat them. All of this makes cyber security an absolute essential at all levels of modern society.

Common Types of Cyber Security Threats

Indeed, today’s cyber threats are as diverse as they are brutal. They can take any number of different forms, so let’s dive into some of the more common variations and how they operate.

According to insights from 2023’s Singapore Police Force Annual Scams and Cybercrime Brief, there were a total of 50,376 reported cybercrimes in Singapore last year – a 49.6% increase from 33,669 cases in 2022. Crucially, 92.4% of these were scams, making it our top cybercrime concern here on the little red dot.

What’s also interesting about the report are the sheer variety of different scam types listed, and these certainly deserve their own space in due time. However, Scams (and by extension, phishing) aren’t the only cyber threats you’ll want to keep an eye on – Malware and Data Breaches are also major contenders.   

Phishing Scams

Phishing is a type of cyber-attack that involves tricking individuals into revealing sensitive information through digital means. It preys on human psychology and trust by masquerading as a trustworthy source over email, social media, calls, or text messaging.

Notably, it is one half of a very dangerous duo of cyber security threats. The other half is malware (short for “malicious software”) and is itself a multi-faceted cyber threat allowing scammers to infiltrate unprotected systems and facilitate the actual collection of stolen information (more on this in the next section!).

So, how might a conventional phishing attack play out? According to an article published in 2023 by The Straits Times, a Singaporean man received an email request from the Consumers Association of Singapore (CASE) sometime that year, claiming to offer a guaranteed refund on a complaint he previously raised with the government watchdog.

After opening it, the scam email directed the victim to click on a malicious live chat icon enclosed within. Believing it to be legitimate, he subsequently entered his banking details on a false DBS Banking portal, allowing the scammers to access his account and siphon out over S$149,000.

Malware

Although scammers frequently partner it with phishing techniques, malware by definition describes any software intentionally designed to cause damage, disrupt operations, steal data, or gain unauthorized access to computer systems. This is an extremely broad umbrella term that not only includes malicious websites, but computer viruses, trojans, ransomware, and more.
 

Computer Viruses
 

A computer virus is a type of malware designed to spread from device to device by attaching itself to legitimate programs or files. When the user opens these infected programs, the virus activates, corrupting files, stealing data, or disrupting system operations.

One of the best examples is 1999’s Melissa virus, an email-based malware originating in the United States that disguised itself as an important Word document. When it was opened, the virus accessed the user's email contacts and sent itself to the first 50 addresses in their address book, causing widespread disruption. This virus, as reported by The Washington Post led to substantial disruptions in various industries and affected companies as far away as Japan and China.

Trojans

A trojan disguises itself as a legitimate program to trick users into downloading and installing it. Once activated, it performs various malicious activities such as stealing data, installing additional malware, or granting hackers unauthorised access to the system.

The Zeus Trojan from 2007 is a notorious example, spreading through phishing emails and stealing banking credentials on Windows computers. The technical writeup from cyber security provider F-Secure details how this process unfolds as well as the trojan’s other capabilities.

Ransomware

Ransomware is a particularly destructive type of malware that forcibly encrypts a victim's files, or locks them out of their system, demanding payment (usually in cryptocurrency) for the files to be returned. Unfortunately, paying the ransom does not promise that the files that will be released.

Historically, the most prominent case of ransomware took place in 2017. Commonly referred to as the WannaCry attack, the malicious software exploited a vulnerability in Microsoft Windows operating systems, spreading to hundreds of thousands of computers in over 150 countries, including Singapore (as noted in The Straits Times). Although it was eventually shut down, the ransomware dealt damage on an international scale, disrupting businesses, government agencies, and even hospital operations.

Telltale Signs of Phishing and Malware

Unexpected or Urgent Requests

Be wary of emails, texts or SMS messages that create a sense of urgency, claiming immediate action is required to avoid negative consequences. Phishing messages aim to encourage recipients to react instinctively, thereby increasing the chance of them divulging personal information without proper consideration.

Suspicious Email Addresses and Content

 Phishing messages often feature misspelt or altered versions of legitimate URLs, as well as unsolicited links or attachments with unusual file extensions – these are signs of malware. Poor grammar and spelling errors in the body text are also a dead giveaway.

Requests for Personal Information

Legitimate organizations like banks and government agencies will never ask users to divulge sensitive information via email or messages. As such, if the message requests for such details, it’s likely to be a phishing attempt.

Data Breaches

If you’ve ever watched spy movies like Mission: Impossible, you've probably seen how the agents infiltrate secure facilities to steal classified information.

Data breaches are the real-life digital equivalent of these scenarios. Cybercriminals employ a combination of hacking, phishing, and malware, or exploit lapses in cybersecurity to gain unauthorised access to sensitive information. This can include trade secrets, financial records, customer details, blueprints, and more.

In September 2022, a data breach at Starbucks Singapore (as reported by Channel NewsAsia) exposed the personal details of over 300,000 customers on the black market. The breach stemmed from a set of administrative credentials shared on a Google Sheet, which were subsequently misused by an unknown third party for malicious gain.

Following the discovery of the breach, e-commerce developer Ascentis, responsible for Starbucks Singapore's platform, was fined S$10,000 for security lapses.

Cyber Security Best Practices: Tips, Tricks & more

Now that we have a better idea of the dangers posed by cyber threats to everyday consumers, how can we go about protecting ourselves and our loved ones?

Generally, a solid cyber security defence involves three things: a good awareness of cyber threats, firm knowledge of best practices, and having proper, updated malware protection on your devices. We’ve already discussed some threat-specific tips for phishing and malware above, but here are some general-purpose tips that you’ll find useful across the board.
 

1. Use Strong, Unique Passwords

If a child can guess your password, it’s best to go back to the drawing board.
 

Ensure that passwords are complex and not easily guessable by including a mix of numbers, uppercase, lowercase, and special characters.

Additionally, avoid using the same password across multiple sites, and set up Two-Factor Authentication (2FA) where possible. Such options are usually available on Settings pages, and many account-based utilities will also prompt you to set up 2FA when you first download them.
 

2. Be Wary of Suspicious Content

Interacting with them is usually a one-way ticket to a malware infection.
 

When it comes to cyber security, always err on the side of caution. Not only should you avoid interacting with dodgy online content but do keep in mind that personal details should never be divulged over third-party chats and emails either. Legitimate organisations will not ask you to do so, and the easiest way to confirm a potential request (if need be) is to directly contact the respective bank or government agency via their official hotlines.
 

3. Keep Software Updated

Yesterday’s malware protection won’t fare well against today’s cyber threats.

Ensure that your malware protection software, operating systems, and applications are constantly updated with the latest security patches. Scheduling regular system scans will also help protect against known vulnerabilities and identify potential cyber security concerns that need to be addressed.

4. Avoid using Public WiFi Networks

Prevention is always better than cure.

In addition to having little to no security features, public WiFi networks should be avoided as it’s impossible to tell at a glance which public networks are safe, and which are compromised by cybercriminals. Plus, the lack of security protocols and encryption means these can potentially leak your personal information or expose you to malware.
 

5. Subscribe to a Paid VPN

A half-hearted cyber security defence is no defence at all.

By encrypting your internet traffic, Virtual Private Networks, or VPNs are excellent tools that provide improved security while also hiding your online presence and identity from prying eyes.

However, paid VPNs, like the one included in our own StarHub CyberProtect, are highly recommended over free options. The latter might not only track and sell your data to third parties, but they also tend to have lower encryption standards alongside strict limitations on bandwidth, speed, and server locations. In other words, you’ll probably have less-than-stellar experiences when using them, so it’s best to pay for quality, in that sense.
 

6. Educate Yourself and Others

Sharing is caring.

Vigilance is key to cyber security, so staying informed and reading up about the latest cyber threats and best practices will definitely come in handy.

There’s no shortage of good resources for these, and don’t be shy about educating others too. Sharing your knowledge with family members, especially children and the elderly, is a great move. By helping your loved ones understand the importance of cyber security and how to protect themselves, everyone can enjoy happier and healthier digital experiences!

Additional Help & Resources

Since we’re on the topic, there are lots of helpful and reputable cyber security resources available to us here on the little red dot. Whether you need reports on the latest cybercrime trends in Singapore, additional tips on staying safe online, or if you just want to learn more about modern cyber threats, feel free to check these out.
 

1. Cyber Security Agency of Singapore (CSA)

The CSA is the primary agency responsible for strengthening Singapore's cyber security posture. In addition to organising cyber security forums and initiatives, the agency also offers a wealth of information on national cyber security strategies for both individuals and businesses alike.
 

Website: Cyber Security Agency of Singapore
 

2. Infocomm Media Development Authority (IMDA)
 

The IMDA plays a crucial role in driving Singapore's digital transformation, providing detailed regulatory and licensing information alongside vulnerability reporting protocols for cyber security. Their reports also offer valuable insights into Singapore’s previous brushes with ransomware and other types of cyber-attacks.
 

Website: Infocomm Media Development Authority
 

3. Singapore Police Force (SPF)
 

The Media Room on the SPF website offers general information on the latest cybercrime trends, safety tips, and public guidelines on reporting cyber incidents. Key highlights, infographics, and writeups, such as the aforementioned Scams and Cybercrime Brief, are also available.
 

Website: Singapore Police Force

This article was last updated on 3 July 2024.

1: Source: F-Secure Consumer Research Survey, APAC, July, 2022