Singapore government sees rise in security incidents amid increased data sharing

Singapore’s public sector clocked a 2% climb in data security incidents, likely fueled by continuing digital transformation and increased data-sharing among its agencies. 

There were 182 data incidents in the government’s fiscal year 2022, ended 31 March 2023, compared to 178 last year. None of these were deemed severe or posed any significant impact on the affected agency or individuals, noted the Smart Nation and Digital Government Office (SNDGO) in its annual update of the government’s data protection efforts. 

Also: When digital transformation goes wrong: Five ways to get back on track

The yearly report has been released since 2019 as part of recommendations from a review of the public sector’s data security practices, which was first initiated following a series of breaches involving government entities. 

The number of incidents categorized as medium in severity dropped from 52 to 46 in fiscal year 2022, according to the report.

The 2% climb in data incidents likely was due to the acceleration of data-sharing among government agencies as the sector moved ahead with its digital transformation efforts, SNDGO said. It attributed the “low” increase to improved awareness among public service officers regarding the need to protect data and report all data incidents. 

As part of various initiatives to bolster its data security practices, the Singapore government in March introduced a privacy toolkit that enables its officers to apply “privacy enhancing techniques” to datasets, while retaining the data’s value. 

The self-service portal allows data to be shared within as well as outside the public sector more quickly in a secure manner while mitigating the risk of data leaks from sharing datasets, SNDGO said. The toolkit currently is used by more than 80 government agencies, it said.

Also: Best secure browsers to protect your privacy online

During the fiscal year, the government also completed the deployment of technical measures to improve the logging and monitoring of data transactions, which would help detect high-risk or suspicious activities. For example, a data loss protection tool was implemented on all government laptops to prevent accidental loss or unauthorized disclosure of sensitive data from government networks, systems, and devices.

Two initiatives are ongoing and slated to be completed by the next fiscal year, including efforts to reduce the government’s surface attack area by minimizing data collection, data retention, data access, and data downloads. Measures also are being put in place to safeguard data directly when it is stored and distributed, so the data is unusable even if extracted, SNDGO said. 

In addition, a central account management application will continue to be rolled out to eligible government IT systems, which will strengthen account management and user access rights. Some 63% of such IT systems are running on the central management platform, as of April 1, 2023. 

Also: The best VPN services (and tips to choose the right one for you)

The Singapore government, though, recognizes it is impossible to completely eliminate data incidents and is focused on being able to respond swiftly to data incidents, according to SNDGO. To this end, the government conducted its annual central ICT and data incident management exercise involving 24 agencies across five ministries. This aims to build the government’s competency in data incident response.

Several public IT systems in 2019 had been impacted by data breaches that resulted in, among others, the personal information of 808,201 blood donors and 14,200 individuals with HIV being compromised. Personal data of another 1.5 million SingHealth patients was also compromised in 2018 in what was described as Singapore’s most serious data security breach.