Let us take Singapore as an example. With 1000+ FinTech firms and increasing investments, the “smart financial centre” initiative of Singapore is a huge success story, recognised globally. To sustain this, apart from innovation and technology, the main ingredient is consistent availability of talent as the demand for expertise in technology and financial services increases, while the supply is inconsistent, uncurated and fragmented.Recent data from the Singapore government job portals reveal that there are several hundred jobs at any point in time posted by FinTech companies that are open for months! This invariably slows down the ability to build businesses, innovate or scale. Interestingly, while the local talent for technology and BFSI may be limited in Singapore, the crisis this year presented a significant opportunity to reimagine the Future of Work and workforce. While efforts should continue to upskill and reskill local talent, it is now possible to create dedicated local and cross-border talent hubs to work part-time, fulltime-short term with the option of working physically or remotely. We expect the plug and play of freelance management experts and expertise to cost 25-30% less to an enterprise, keeps costs flexible and dramatically shortens time to “hire and deploy” from an average of 120 days to 15 days.
Gigs and Generations – Conceptual Clarity of Who We Need
Culturally, the US and Europe are more accepting of freelancing as full-time careers compared to the Asia Pacific. It is predicted that by 2027 the majority of the workforce in the US will be freelancers overtaking traditional employment. The buzz in the Asia Pacific has just started with both employers and employable talent accepting a new reality – learning to run businesses with a blended workforce, starting at the top of the pyramid. Particularly, since the ratio of new jobs to lost jobs is skewed in the wrong direction.
Power of Blended Workforce
A blended workforce is a combination of permanent, part-time, full time-short term and turnkey practitioners, working as a single collaborative workforce. It is built around business activity clusters – Strategy, Implementation and Institutionalisation, applied to create a plan for core and non-core workforce to drive business.
A creative estimation of how a blended workforce gets distributed across the three business clusters is depicted below (Figure 2). What is important here is to recognise that the ratio of permanent to flexible workforce has to start at 10-15% across different levels. Enterprises will gain the most on cost optimisation when they focus on the management layer to go blended. Not an easy change to drive but then change is often driven by some tough calls and some low hanging fruits to build a sustainable cost model.
Developing & Implementing a Blended Workforce Strategy: What to Consider
Fix the core and flex the non-core should be the mantra
Identify roles by each business and function
Segregate core and non-core roles by job profiles
Classify them into buckets of permanent full time, permanent part time, cyclical, and freelance on demand, based on:
Time demand for the roles
Importance to business goals
Criticality to daily business output
Criticality to daily or weekly business continuity
Set up a process to engage and create a blended workforce strategy
Implement the plan with a blend of a common self-service platform and a central client service team to source, engage and deploy workforces
Once the process review is completed, the organisation structures will be finalised. Creation of a strategy and the process are the easier parts. A disciplined fulfilment of the plan is critical to success. So, is this the new normal? Pretty much yes, if organisations need to optimise costs and be agile to reduce or scale with freelance experts and shared talent pools.
The Potential Benefits of a Blended Workforce
A Blended Workforce will help reduce your talent scarcity gap, while providing thousands of work opportunities to locals who are freelance experts. So, what are these benefits that can make you sleep better at night better?
Cost optimisation. Freelance experts do not need the fully loaded costs. They can work remotely or physically and do not need investment in regular training, insurance, or other related benefits.
Targeted purpose-hire for short term. With deliverables specified upfront, measurable, results focused and tracked for closure.
Job Sharing. Two or may be three, for the prize of one! Jobs can be dismantled to tasks or activity clusters to hire more than one expert in place of a full-time role. Enables razor sharp focus on sourcing for expertise, increases employment opportunities and accelerates productivity.
Boundaryless with an opportunity to find cross-border talent pools to work on-demand, remotely. It cuts both ways- Singaporean talent finding work opportunities outside the country whilst the best talent from other countries made available to grow Singapore’s economy.
Speed of hire is dramatically reduced (we have several client cases, with a reduction from an average of 120 days to 15 days, to clients’ delight!)
Reduced infrastructure costs because the workforce works remotely or at best part-time physically. Easy to implement with hot desking, if needed but enables permanent cost reduction.
Builds resilience by staying agile and nimble in the cost line, with an ability to scale up or down rapidly based on business needs.
How Open is the Financial Services Industry to Blended Workforce and Future of Work?
SolvecubeHR conducted a recent survey with CXOs across 22 countries, predominantly focused on the Asia Pacific region. Some key findings for the financial services industry are:
In summary, a blended workforce is the Future of Work. Asia Pacific will see a massive shift in its mindset from “jobs to work opportunities”. Employers and talent pools will embrace new ways of working to remain agile and prudent. The power of aggregation, curation, and collaboration by leveraging an AI matchmaking platform, backed by creation of shared talent pools, will be a game changer.
FinTech innovation and performance is here to stay and thrive. It needs to be backed by a well-oiled machine to support implementation of a blended workforce plan to institutionalise and scale.
We can build technologies to disintermediate people dependency, but we cannot take humans out of the human capital needed to build these technologies.
About iCube: iCube Consortium is a Singapore based, Human Capital Management (HCM) solutions firm, with an award-winning AI platform to source and manage freelance management experts and execute turnkey assignments in Asia and Middle East
Singapore FinTech Festival 2020: Talent Summit
For more insights, attend the Singapore FinTech Festival 2020: Infrastructure Summit which will cover topics on Founders success and failure stories, pandemic impact on founders and talent development, upskilling and reskilling for the future of work.
In June, the Infocomm Media Development Authority (IMDA) awarded 5G licenses to Singtel and JVCo (formed by Starhub and M1), after they completed the required regulatory processes – including the selection of their preferred frequency spectrums, vendor partners and other technical matters such as performance, coverage, resilience, and cybersecurity. They will be required to provide coverage for at least half of Singapore by end-2022, scaling up to nationwide coverage by end 2025. While Singtel and JVCo were allocated radio frequency spectrum to deploy nationwide 5G networks, other mobile operators, including MVNOs, can access these network services through a wholesale arrangement. The networks will also be supplemented by TPG who has been allocated the remaining mmWave spectrum and will be allowed to roll out localised 5G networks.
Ecosystm Principal Advisor, Shamir Amanullah says, “Singapore, along with Thailand, leads 5G adoption in Southeast Asia and major telecom operators Singtel and StarHub launched trials which gives customers an opportunity to experience 5G speeds and potential new services.”
Singtel’s Journey Forward
Earlier this month Singtel launched its 5G NSA infrastructure on a 3-month trial promising speeds of 1Gbps by use of 3.5GHz frequency coupled with the existing 2100 MHz spectrum. It has made it free for the first 20,000 customers with 5G-compatible smartphones. While the 5G signals initially cover certain central and southern parts of Singapore, the coverage is expected to increase over the trial period. Singtel is also working on the development of other 5G services and integrating its network with technologies such as AI, IoT, Cloud, AR and data technologies, in line with the Government’s vision for 5G.
Last week, Singtel unveiled a 24×7 unmanned 5G powered stall to transform and reshape the retail experience. Labelled as 5G NOW @ UNBOXED, the hyper-connected store is designed to provide a first-hand experience of 5G services and possibilities to retailers and consumers. The store aims to offer seamless service experience to visitors looking for services such as SIM card replacements, and device collection through self-service kiosks. To create a more personalised experience for visitors, a 5G virtual assistant Stella is deployed at the store, integrated with facial recognition and emotion reading capabilities which will work in tandem with UNBOXED’s 5G rover Stanley. The rover is connected with the kiosk’s security system and will manage the contactless experience for visitors through temperature checks and maintaining social distancing measures. The 5G service with wireless connectivity and high speeds makes the store movable in a sort of hybrid online and offline retail model.
Amanullah says, “Singtel has ramped up its digitalisation efforts and increased adoption of digital channels and services to improve their customer experience. The 5G NOW @ UNBOXED phygital experience is cutting edge and brings the physical and digital experience in a seamless fashion for its customers. Singtel will be able to integrate physical and digital marketing efforts which should increase sales opportunity. In a recent report, Singtel announced that more than 70% of customer service transactions are online while only 30% of sales are transacted online. The unmanned 5G powered phygital experience should see online sales rising.”
The 5G powered pop-up store follows the launch of Singtel’s 5G non-standalone (NSA) network in the 3.5 GHz frequency as well as existing 2.1 GHz spectrum integrating technologies such as dual connectivity. The trial based 5G network offers Singtel customers a sense of 5G services such as high-speed internet of more than 1Gbps, video streaming, cloud gaming, AR/VR and other consumer use-cases.
JVCo’s 5G Initiatives
JVCo has also launched its 5G connectivity services using the NSA 5G architecture in the country in partnership with Nokia. StarHub launched its trials in August 2020 which will end on 16 February 2021. The trial runs on an NSA 5G infrastructure on the 2100 MHz spectrum with the SA 5G infrastructure operating on the 3.5 GHz expected to be ready in mid-2021. The StarHub Mobile+ or Biz+ mobile plans, allows customers to automatically experience some early 5G benefits using compatible mobile devices. The 6-month, free trial is a lead up to the full commercial launch of 5G standalone services next year. The telecom operator has a planned investment of USD 146.4 million in 5G infrastructure over a five-year period.
Meanwhile, M1 is working closely with IMDA and is expected to roll out 5G trial services, soon.
Amanullah says, “In the challenging financial times due to the COVID-19 pandemic which has impacted roaming, prepaid segment, equipment sales among others, it is impressive that the leading operators in Singapore are bringing cutting-edge connectivity services which should drive digitalisation of consumers and enterprises.”
Ecosystm research shows that enterprises in Southeast Asia are increasingly considering telecom operators as go-to-market partners (Figure 1). Enterprises are demanding more than just devices and connectivity and with the fervent digital transformation (DX) efforts underway, services such as managed services, business application services, cybersecurity and network services are in demand. Technology vendors have an opportunity to partner with the right telecom operator in each market to enhance their IT market offerings, ahead of the 5G rollouts.
The broad 5G ecosystem inculcates cross-sector innovation and greater collaboration leading to new business models and exciting new opportunities. Singtel is the leading operator in the region and has the enterprise segment contributing approximately 65% to its revenue in its domestic market. In the World Communications Award 2019, Singtel won both “Best Enterprise Service” and “The Broadband Pioneer” awards. This places Singtel in a fine position to capitalise on the 5G enterprise services.
5G Needed Now More Than Ever
The pandemic has seen a rise in network traffic, onboarding of the digital customer and rapid DX of businesses which has whetted the appetite for faster broadband speeds and new services. Southeast Asia countries stand to profit from the trade war between the US and China and 5G features of low latency and higher security can boost adoption of IoT, Smart Manufacturing and broader Industry 4.0 goals to drive the economy.
Fixed Wireless in Southeast Asia is expected to be very popular considering the low penetration of fibre to the home (with the exception of Singapore) and will provide enterprises with a viable secondary connection to the internet. Popular applications – including video streaming and gaming – which are speed, latency and volume hungry will also be a target market for operators. Mobile operators that do not have a fixed broadband offering can enter this space and provide a serious “wireless fibre” alternative to homes and businesses.
Governments and telecom regulators ought to make spectrum available to the major telecom operators as soon as possible in order to ensure that the cutting edge 5G communications services are made available to consumers and businesses. Many experts believe 5G can raise the competitiveness of a nation.
US-China Trade War Threatens to Change Equipment Supplier Landscape
Despite severe pressures caused by the US-China trade war, Huawei posted an impressive 13.1% YoY growth in 1H 2020 registering revenue of USD 64.88 billion. Both Huawei and ZTE generate approximately 60% of their business from their domestic markets which is critical with the current unfavourable global sentiments. Huawei has diversified its business and built its consumer devices business which should withstand the disruptions caused by the political challenges.
Ericsson and Nokia stand to benefit from Huawei’s current global position and this was evident with the wins for the 5G contracts by Singtel and JVCo (Singtel and M1). The JVCo announced it selected Nokia to build the Radio Access Network (RAN) for the 5G standalone (SA) mmWave network infrastructure in the 3.5GHz radio frequency band. Singtel selected Ericsson to provide for the RAN on the same mmWave network.
However, while there is an opportunity for NEC and Samsung to join the party, Huawei is expected to do well in most other countries in Southeast Asia.
The Indonesia market is the largest in the region and is expected to hit USD 133 billion from USD 40 billion in 2025. Indonesia’s lack of a world-class telecom infrastructure coupled with their slowness in 5G adoption has not impeded the country’s attractiveness for global technology investors who see the 270 million population as an immense opportunity. US tech giants, Facebook, Google, and PayPal have invested in Indonesia to reap the benefits from the growing digital economy powered by unicorns such as Gojek, Bukalapak, Tokopedia. In June 2020, Google Cloud launched in Jakarta, only the second in the region after Singapore with the four big unicorns being anchor customers.
In 2025, Google predicts Thailand to be the second-largest internet economy worth USD 50 billion. The internet economy for Singapore, Malaysia and the Philippines are estimated to be over USD 27 billion each. Shopee and Lazada are the top eCommerce apps in the region and have seen an increase in sales due to the disruption in the Retail industry. In-store shopping contributes to more than 50% of Retail in Singapore and Malaysia – this provides a tremendous opportunity for eCommerce players.
While movement restrictions are gradually being lifted, some things may never return where they were before COVID-19. Public debts have risen with numerous aids and handouts impacting economic growth forecast and rising unemployment is impacting customer spending power. On the plus side, DX of businesses and sharp onboarding of customers have redefined interactions, and sectors such as Education, are going online which will boost the digital economy. While the challenges are evident, exciting times are ahead for the technology and telecom sector in Southeast Asia.
Public awareness of data privacy rights has also been improving worldwide. Surveying respondents in 12 of the world’s largest economies in Europe, Asia Pacific and the Americas, the Cisco Consumer Privacy Study conducted in May 2019 showed that 84% of these respondents care about privacy – of these, 80% stated that ‘they are willing to act to protect it’.
While both surveys convey strong sentiments about data privacy, findings also imply that beyond mere awareness, there is an insufficient understanding of privacy regulations on a deeper level. The study by Pew Research Center showed that 63% of American adults disclosed that they have ‘very little or no understanding of the laws and regulations’ that are set to protect their privacy. 33% of them stated that ‘they have some understanding’, while only 3% stated that they have a good comprehension of these laws. In the Cisco Consumer Privacy Study, only approximately one-third of all respondents knew about the regulations.
The Importance of Building Trust
These findings illustrate that more needs to be done to gain consumer trust in the digital realm. And if the majority of the consumers don’t trust how the government and organisations such as Google, Facebook, Microsoft, Amazon and the like, handle data, then will the doors shut on the large AI community that is focused on collecting data and helping create a better world for all citizens? How could government agencies and organisations drive operational efficiency and better user experience if they are unable to obtain value and insights from a collection of very limited dataset, with all the regulatory compliance requirements?
Lately, tech giants such as IBM, Google, Facebook and Microsoft have been researching and developing advancements towards a better AI world, while at the same time remaining compliant to any data privacy laws. Here in Singapore, institutions of higher learning such as the National University of Singapore (NUS), the Nanyang Technological University (NTU) and the Agency of Science, Technology and Research (A*STAR) are similarly researching and developing privacy preservation technologies (PP technologies).
At A*STAR, a programme team was formed and named the Trusted Data Vault (TDV) Programme, to research and develop a suite of PP technologies – be it as a standalone or in combination – to be commercialised by industry partners.
The Role of Privacy Preservation Technologies
Through intense research, technology development and industry collaborations, the TDV programme aims to advocate PP technologies towards applications that will unlock the potential of AI. This will create new value for digital services while ensuring compliance with privacy regulations and high ethical standards.
The heart of the TDV programme lies in the various PP technologies that have been garnering massive interest worldwide in resolving data privacy challenges, stemming from the rapid advancement of digital technology coupled with global privacy laws. The programme covers the research and development of federated learning (a technology coined by Google back in 2018), homomorphic encryption (a technology founded by Craig Gentry from IBM), secure multiparty computing, blockchain, and so on. Progressively, PP technologies have been a subject of interest for organisations who are pursuing ways to relieve privacy concerns of consumers and fulfil the terms of privacy laws. In short, PP technologies aim to keep sensitive data secure and protected while it is being used, as well as enhance the privacy of data when it is being analysed.
As datasets become larger, more complex and diversified, PP technologies have emerged as the most feasible solution to privacy issues. A patent analytics study conducted by Intellectual Property Office of Singapore (IPOS) stated that homomorphic encryption (HE), secure multiparty computing (MPC), differential privacy (DP) and federated learning (FL) have emerged as promising solutions among various the PP technologies developed. These are the same technologies that institutions such as NUS, NTU and A*STAR are pursuing.
Homomorphic encryption (HE) transforms data to a different dataset to protect sensitive information while allowing computation on its encrypted version, also known as cyphertext. This method, therefore, does not compromise any data integrity.
Secure multiparty computing (MPC) is a cryptographic protocol that distributes computation across multiple parties where no individual party can see the other party’s data. MPC protocols can enable data scientists and analysts to compliantly, securely, and privately compute on distributed data without ever exposing or moving it.
Differential privacy (DP) is an easier process compared to MPC and HE, and it involves introducing noise such that the query result cannot be used to infer much about any single individual and therefore provides privacy.
Federated learning (FL) is an emerging PP technology, which is a machine learning technique that achieves computation and model training without exchanging data between data owners and data consumers. This prevents data leakage from the data owner’s premises.
Of these four PP technologies that were outlines, HE, MPC and FL are at the forefront of research and development in the A*STAR’s TDV programme.
On the whole, industrial implementation of these PP technologies are still at an early stage. It has been reflected in the patented inventions at IPOS that the financial sector is the top industry of interest, followed by healthcare, social media applications and logistics/supply chain.
On a global scale, patented inventions relating to PP technologies have been on the rise. From 2009 to 2018, over 23,000 PP-related inventions were being published worldwide, with high annual growth of 18% in the recent five years, according to IPOS. Due to strong market demands, innovations in these technologies are expected to grow even as more research and development works are needed to improve their capabilities and industrial applications.
The Role of Blockchain
A*STAR’s TDV programme also focuses on blockchain. As the literature shows these days, blockchain has grown to varying types since it was first mooted by Satoshi Nakamoto. Blockchain these days is classified into public blockchain, private blockchain, and consortium or sometimes known as a federated blockchain.
Ms. Angela Wang, the Programme Manager of TDV at A*STAR, says, ”The big difference between public blockchain and consortium/federated blockchain is that anyone, even those you don’t trust, can join the public blockchain, while consortium/federated blockchain considers each member as a trusted partner to begin with.”
The future appears bright for the privacy landscape worldwide, as researchers and top tech companies continue to invest their resources in PP technologies to create secure digital platforms, products and services. This will give rise to a healthy ecosystem of digital trust between organisations and consumers.
For more insights from our ongoing AI research, please create your account on the Ecosystm platform.
In the report, Ecosystm Principal Analyst, Sash Mukherjee said, “Fintech plays a significant role in driving greater inclusion, especially to drive the induction of the unbanked into the mainstream economy, give the underbanked more options to leverage the broader financial services available, and reduce disparity in the adoption of financial services by bridging the gender gap and differences based on ethnicity and socio-economic status. It is not hard to imagine a similar fate for Healthtech. As the industry focuses on value-based outcomes, governments put in more regulations around accountability and transparency in the industry, and people expect the customer experience that they get out of their retail interactions, Healthtech start-ups will become as mainstream as Fintech start-ups.”
However, Mukherjee notes that there might be some pitfalls in this journey, especially when organisations focus more on the technology and less on the actual application and benefits of the technology. “Innovators and start-ups need to align themselves early, with corporates and technology providers to gain a better understanding of the market and regulatory landscape.”
Singapore bringing key industry stakeholders together
The MoU between Alibaba Cloud, Pfizer and Singapore’s Fintech Academy announced yesterday, is a move in the right direction that promises to give early and necessary guidance to Healthtech start-ups. Under the newly formed Healthcare Fintech Alliance (HFA), Alibaba will provide infrastructural support and technological mentorship to the Healthtech and Fintech start-ups to help them leverage cloud, AI and other technologies for their future requirements. The Fintech Academy will guide these start-ups through talent management and venture building programs. Pfizer will provide thought leadership through its network of healthcare experts and opinion leaders, including guidance on commercialisation of the products and services. The Healthcare Fintech Alliance initiative will begin with a pilot in Singapore, Indonesia, and Vietnam before expanding to other regions – Malaysia and the Philippines.
Mukherjee says, “The healthcare industry, for all the cutting-edge research, that it represents, has been remarkably slow to transform. But the COVID-19 crisis has forced the industry to transform, without the luxury or time to think about it. While the implications on the life sciences and provider organisations is clearer, there has simultaneously emerged a need for transformation in the healthcare payer industry. There will be greater demand from consumers for micro-financing to tide over sudden healthcare crises and greater transparency in how these funds are managed. Again, there is an immense potential here for the industry to learn from Fintech.”
Healthcare Fintech Alliance Focus Areas
The focus areas for Healthcare Fintech Alliance shows the deep connection between Healthtech and Fintech.
Healthcare Affordability. Micro-financing and other financial models involving patients, family members, payers, and other healthcare stakeholders
Value Based Healthcare. Linking payment schemes to a drug’s effectiveness, health outcomes or utilisation
Outcome Monitoring. Tracking and reporting of outcomes derived from patients, wearables, healthcare providers, R&D databases and real-world evidence.
Personalised Healthcare. Using digital technology to tailor healthcare to individual needs
Innovative Healthtech Devices. Driving adoption in digital tools, such as diagnostic tools linked to medicine access and reimbursement
Population Health Management. Leveraging patient and associated data in a compliant way to better understand population health characteristics, for effective wellness programs, treatment protocols and cost management.
“Alliances such as these have potential benefits for the industry stakeholders such as Alibaba and Pfizer. Alibaba has been focusing on the Southeast Asia market – earlier in the month the Alibaba Cloud Philippines Ecosystem Alliance was formed to support digital transformation in start-ups and small and medium enterprises. Initiatives such as this is an effective way to associate themselves with the evolving start-up community in the region,” says Mukherjee. “Life sciences companies operate in an extremely competitive global market where they have to work on new products against a backdrop of competition from generics and global concern over rising healthcare expenditure. Against that backdrop, this alliance is the right go-to-market messaging for Pfizer as well.”
“However, the deepest positive impact of alliances such as these will be on the Healthcare industry as a whole. It makes concepts such as value-based healthcare, remote care and personalised healthcare achievable in the near future.”
In Australia, we’re seeing attackers targeting internet-facing infrastructure relating to vulnerabilities in Citrix, Windows IIS web server, Microsoft Sharepoint, and Telerik UI.
Where these attacks fail, they are moving to spear-phishing attacks. Spear phishing is most commonly an email or SMS scam targeted towards a specific individual or organisation but can be delivered to a target via any number of electronic communication mediums. In the spear-phishing emails, the attacker attaches files or includes links to a variety of destinations that include:
Credential harvesting sites. These genuine-looking but fake web sites prompt targets to enter username and password. Once the gullible target provides the credentials, these are then stored in the attackers’ database and are used to launch credential-based attacks against the organisation’s IT infrastructure and applications.
Malicious files. These file attachments to emails look legitimate but once downloaded, they execute a malicious malware on the target device. Common file types are .doc, .docx, .xls, .xlsx, .ppt, .pptx, .jpg, .jpeg, .gif, .mpg, .mp4, .wav
OAuth Token Theft. OAuth is commonly used on the internet to authenticate a user to a wide variety of other platforms. This attack technique uses OAuth tokens generated by a platform and shares with other platforms. An example of this is a website that asks users to authenticate using their Facebook or Google accounts in order to use its own services. Faulty implementation of OAuth renders such integration to cyber-attacks.
Link Shimming. The technique includes using email tracking services to launch an attack. The attackers send fake emails with valid looking links and images inside, using email tracking services. Once the user receives the email, it tracks the actions related to opening the email and clicking on the links. Such tracking services can reveal when the email was opened, location data, device used, links clicked, and IP addresses used. The links once clicked-on, can in- turn, lead to malicious software being stealthily downloaded on the target system and/or luring the user for credential harvesting.
How do you safeguard against Cyber-Attacks?
The most common vectors for such cyber-attacks are lack of user awareness AND/OR exploitable internet-facing systems and applications. Unpatched or out-of-support internet-facing systems, application or system misconfiguration, inadequate or poorly maintained device security controls and weak threat detection and response programs, compound the threat to your organisation.
Governments across the world are coming up with advisories and guidelines to spread cybersecurity awareness and prevent threats and attacks. ACSC’s Australian Signals Directorates ‘Essential 8’ are effective mitigations for a large majority of present-day attacks. There were also guidelines published earlier this year, specifically with the COVID-19 crisis in mind. The Cyber Security Agency in Singapore (CSA) promotes the ‘Go Safe Online’ campaign that provides regular guidance and best practices on cybersecurity measures.
Ecosystm’s ongoing “Digital Priorities in the New Normal” study evaluates the impact of the COVID-19 pandemic on organisations, and how digital priorities are being initiated or aligned to adapt to the New Normal that has emerged. 41% of organisations in Asia Pacific re-evaluated cybersecurity risks and measures, in the wake of the pandemic. Identity & Access Management (IDAM), Data Security and Threat Analytics & Intelligence saw increased investments in many organisations in the region (Figure 1).
However, technology implementation has to be backed by a rigorous process that constantly evaluates the organisation’s risk positions. The following preventive measures will help you address the risks to your organisation:
Conduct regular user awareness training on common cyber threats
Conduct regular phishing tests to check user awareness level
Patch the internet-facing products as recommended by their vendors
Establish baseline security standards for applications and systems
Apply multi-factor authentication to access critical applications and systems – especially internet-facing and SaaS products widely used in the organisation like O365
Follow regular vulnerability scanning and remediation regimes
Conduct regular penetration testing on internet-facing applications and systems
Apply security settings on endpoints and internet gateways that disallow download and execution of files from unfamiliar sources
Maintain an active threat detection and response program that provides for intrusion detection, integrity checks, user and system behaviour monitoring and tools to maintain visibility of potential attacks and incidents – e.g Security Information & Event Monitoring (SIEM) tools
Consider managed services such as Managed Threat Detection and Response delivered via security operations (SOC)
Maintain a robust incident management program that is reviewed and tested at least annually
Maintain a comprehensive backup regime – especially for critical data – including offsite/offline backups, and regular testing of backups for data integrity
Restrict and monitor the usage of administrative credentials
Get more insights on the adoption of key Cybersecurity solutions and investments through our “Market Insights and Vendor Selection” research module which is live and ongoing on the Ecosystm platform.
5/5 (2) In his blog, The Cybercrime Pandemic, Ecosystm Principal Advisor, Andrew Milroy says, “Remote working has reached unprecedented levels as organisations try hard to keep going. This is massively expanding the attack surface for cybercriminals, weakening security and leading to a cybercrime pandemic. Hacking activity and phishing, inspired by the COVID-19 crisis, are growing rapidly.” Remote working has seen an increase in adoption of cloud applications and collaborative tools, and organisations and governments are having to re-think their risk management programs.
We are seeing the market respond to this need and May saw initiatives from governments and enterprises on strengthening risk management practices and standards. Tech vendors have also stepped up their game, strengthening their Cybersecurity offerings.
Market Consolidation through M&As Continues
The Cybersecurity market is extremely fragmented and is ripe for consolidation. The last couple of years has seen some consolidation of the market, especially through acquisitions by larger platform players (wishing to provide an end-to-end solution) and private equity firms (who have a better view of the Cybersecurity start-up ecosystem). Cybersecurity providers continue to acquire niche providers to strengthen their end-to-end offering and respond to market requirements.
As organisations cope with remote working, network security, threat identification and identity and access management are becoming important. CyberArk acquired Identity as a Service provider Idaptive to work on an AI-based identity solution. The acquisition expands its identity management offerings across hybrid and multi-cloud environments. Quick Heal invested in Singapore-based Ray, a start-up specialising in next-gen wireless and network technology. This would benefit Quick Heal in building a safe, secure, and seamless digital experience for users. This investment also shows Quick Heal’s strategy of investing in disruptive technologies to maintain its market presence and to develop a full-fledged integrated solution beneficial for its users.
Another interesting deal was Venafi acquiring Jetstack. Jetstack’s open-source Kubernetes certificate manager controller – cert-manager – with a thriving developer community of over 200 contributors, has been used by many global organisations as the go-to tool for using certificates in the Kubernetes space. The community has provided feedback through design discussion, user experience reports, code and documentation contributions as well as serving as a source for free community support. The partnership will see Venafi’s Machine Identity Protection having cloud-native capabilities. The deal came a day after VMware announced its intent to acquire Octarine to extend VMware’s Intrinsic Security Capabilities for Containers and Kubernetes and integrate Octarine’s technology to VMware’s Carbon Black, a security company which VMware bought last year.
Cybersecurity vendors are not the only ones that are acquiring niche Cybersecurity providers. In the wake of a rapid increase in user base and a surge in traffic, that exposed it to cyber-attacks (including the ‘zoombombing’ incidents), Zoom acquired secure messaging service Keybase, a secure messaging and file-sharing service to enhance their security and to build end-to-end encryption capability to strengthen their overall security posture.
Governments actively working on their Cyber Standards
Governments are forging ahead with digital transformation, providing better citizen services and better protection of citizen data. This has been especially important in the way they have had to manage the COVID-19 crisis – introducing restrictions fast, keeping citizens in the loop and often accessing citizens’ health and location data to contain the disaster. Various security guidelines and initiatives were announced by governments across the globe, to ensure that citizen data was being managed and used securely and to instil trust in citizens so that they would be willing to share their data.
Singapore, following its Smart Nation initiative, introduced a set of enhanced data security measures for public sector. There have been a few high-profile data breaches (especially in the public healthcare sector) in the last couple of years and the Government rolled out a common security framework for public agencies and their officials making them all accountable to a common code of practice. Measures include clarifying the roles and responsibilities of public officers involved in managing data security, and mandating that top public sector leadership be accountable for creating a strong organisational data security regime. The Government has also empowered citizens to raise a flag against unauthorised data disclosures through a simple incident report form available on Singapore’s Smart Nation Website.
While governments will continue to strengthen their Cybersecurity standards, the truth is Cybersecurity breaches often happen because of employee actions – sometimes deliberate, but often out of unawareness of the risks. As remote working becomes a norm for more organisations, there is a need for greater awareness amongst employees and Cybersecurity caution should become part of the organisational culture.
Technology providers, including Cybersecurity vendors, continue to evolve their offerings and several innovations were reported in May. Futuristic initiatives such as these show that technology vendors are aware of the acute need to build AI-based cyber solutions to stay ahead of cybercriminals.
Samsung introduced a new secure element (SE) Cybersecurity chip to protect mobile devices against security threats. The chip received an Evaluation Assurance Level (EAL) 6+ certification from CC EAL – a technology security evaluation agency which certifies IT products security on a scale of EAL0 to EAL7. Further applications of the chip could include securing e-passports, crypto hardware wallets and mobile devices based on standalone hardware-level security. Samsung also introduced a new smartphone in which Samsung is using a chipset from SK Telecom with quantum-crypto technology. This involves Quantum Random Number Generator (QRNG) to enhance the security of applications and services instead of using normal random number generators. The technology uses LED and CMOS sensor to capture quantum randomness and produce unpredictable strings and patterns which are difficult to hack. This is in line with what we are seeing in the findings of an Ecosystm business pulse study to gauge how organisations are prioritising their IT investments to adapt to the New Normal. 36% of organisations in the Asia Pacific region invested significantly in Mobile Security is a response to the COVID-19 crisis.
The same study reveals that nearly 40% of organisations in the region have also increased investments in Threat Analysis & Intelligence. At the Southern Methodist University in Texas, engineers at Darwin Deason Institute for Cybersecurity have created a software to detect and prevent ransomware threats before they can occur. Their detection method known as sensor-based ransomware detection can even spot new ransomware attacks and terminates the encryption process without relying on the signature of past infections. The university has filed a patent for this technique with the US Patent and Trademark Office.
Microsoft and Intel are working on a project called STAMINA (static malware-as-image network analysis). The project involves a new deep learning approach that converts malware into grayscale images to scan the text and structural patterns specific to malware. This works by converting a file’s binary form into a stream of raw pixel data (1D) which is later converted into a photo (2D) to feed into image analysis algorithms based on a pre-trained deep neural network to scan and classify images as clean or infected.
Click below for more data on organisations’ Cybersecurity priorities and investments
Last month, the Infocomm Media Development Authority (IMDA) announced that Singtel and JVCo (formed by Starhub and M1) has won the 5G Call for Proposal. They will be required to provide coverage for at least half of Singapore by end-2022, scaling up to nationwide coverage by end 2025. While Singtel and JVCo will be allocated radio frequency spectrum to deploy nationwide 5G networks, other mobile operators, including MVNOs, can access these network services through a wholesale arrangement. The networks will also be supplemented by localised mmWave deployments that will provide high capacity 5G hotspots.
In October 2019, IMDA and the National Research Foundation had set aside $40 million to support 5G trials in strategic sectors such as maritime, aviation, smart estates, consumer applications, Industry 4.0 and government applications. Ecosystm Principal Advisor, Jannat Maqbool says, “Reach, performance and robustness of connectivity and devices have long held back the ability to scale with the IoT as well as successful deployment of some solutions altogether. The integration of 5G with IoT has the potential to change that immensely. However, and possibly even more importantly, 5G will see the emergence of a true ‘Internet’, defined as ‘interconnected networks using standardised communication protocols’, made up of ‘things’ enabling never-before contemplated innovation – supporting economic development and community well-being.”
“While 5G offers enormous potential to produce economic and social benefits, to reach that potential we need to evaluate from a strategic perspective what it could mean for industries, employers and communities – then we need to invest in the infrastructure, innovation and associated development required to leverage the technology.”
Singapore’s Industry 4.0 Transformation
The Government is also focused on getting the industry ready for the transformation that 5G will bring. Last week, Singapore announced its first Industry 4.0 trial, where IMDA collaborates with IBM, M1 and Samsung to design, develop, test and benchmark 5G-enabled Industry 4.0 solutions that can be applied across various industries. The trials will begin at IBM’s facility in Singapore and involve open source infrastructure solutions from Red Hat to test Industry 4.0 use cases.
The project will test 5G-enabled use cases for Manufacturing, focusing on areas such as automated visual inspection using image recognition and video analytics, equipment monitoring and predictive maintenance, and the use of AR in increasing productivity and quality. The focus is also on leveraging 5G to reduce the cost of processing, by shifting the load from the edge device to centralised systems.
Ecosystm Principal Advisor, Kaushik Ghatak says, “For some time now, the Singapore Manufacturing industry has been in the quest for higher productivity in order to regain its foothold as a destination of choice for global manufacturing outsourcing. The 5G Industry 4.0 trial is a great initiative to fast-track identification and adoption of the right use cases in Manufacturing, in the areas of automation, visibility, analytics, as well as for opening new revenue streams through servitisation of smart products.”
5G will see increased collaboration in the Tech industry
With the advent of 5G, the market will see more collaboration between government agencies, telecom providers and cloud platform providers and network equipment providers. Governments globally have invested in 5G and so have the network and communications equipment providers. However, telecom providers are unsure of how to monetise 5G and cater to the shift in their customer profile from consumers to enterprises. IBM and Samsung had already announced the launch of a joint platform in late 2019. Collaborations such as these will be key to widespread 5G deployment and uptake.
Talking about the benefits of collaborative efforts such as this, Maqbool says, “Robustness and security built into 5G deployment from the outset is essential to enable the applications and innovation that many are promising the technology will deliver, including the ability to self-scale, automate fault management and support edge processing.”
It is interesting that the solutions developed will be featured at IBM’s Industry 4.0 Studio 5G Solutions Showcase, and that IBM and Samsung will evaluate successful solutions developed during the project for possible use in their operations in a broad range of markets and sectors. “Availability of proven use cases at IBM’s Solutions Showcase centre would benefit local manufactures greatly; in terms of easy access to right skills and proven technology architectures,” says Ghatak. “This initiative is a huge step towards realising the promise of the cyber physical world. The collaboration between the leaders in communications, equipment and software will ensure that the use case development is truly cutting edge.”
Checkout insights from the Ecosystm IoT Study.Click on the link below to Access 👇