A misconfigured network and tons of cybersecurity vulnerabilities are the reasons why hackers managed to compromise SingHealth’s systems, resulting in one of the most severe cyber attacks Singapore has seen during recent years. So, what can we learn from this disaster?
Perhaps the most shocking finding is that their administrators were able to spot suspicious database logins at the time, but due to a lack of training and cybersecurity awareness, they failed to recognise the danger.
The hackers managed to exploit the vulnerability in connectivity between Citrix servers and the SCM database. The servers were poorly secured against unauthorised login attempts – no two-factor authentication was required to get in. Due to a coding vulnerability that was present in the SCM database, the hackers were able to obtain the login credentials needed for accessing it.
The lesson to be learned, according to the committee that reviewed this breach, is that cybersecurity must be viewed as a risk management issue. The right move is the one that takes operational requirements, security, and cost into the equation.
In terms of prevention of similar scenarios and responding correctly, educating employees goes a long way. Cybersecurity checks should become routine so any potential vulnerabilities can be addressed as soon as possible, and regular penetration testing is a big part of that. If the bleak scenario does unfold regardless of the steps taken to prevent it, the incident response processes must be laid in place to ensure an effective response to cyberattacks.