Microsoft and the Cyber Security Agency of Singapore (CSA) collaborate to promote stronger cybersecurity posture and build a resilient, digitally inclusive Singapore
Microsoft today announced security solutions and guidance to reduce complexity and make it easier for Singapore SMEs to address certification requirements of the Cyber Essentials mark by CSA.
As an Advocate Partner in the SG Cyber Safe Partnership Programme by CSA, Microsoft, through private-public collaboration, aims to help Singapore companies put in place good cyber hygiene practices to protect their operations, data, and customers against common cyber-attacks in an increasingly challenging cyber threat landscape.
The Microsoft Cloud solutions include Microsoft 365 Business Premium and Microsoft Defender for Cloud. They also come with guidance and resources including a Microsoft Cyber Awareness Kit, access to free, self-paced online training, and a free Secure Score Benchmarking checklist.
Microsoft runs on Trust
The launch of Microsoft solutions and resources for SMEs to address certification requirements of the Cyber Essentials mark comes at a time when Microsoft Security continues to see a rise in sophisticated and expansive cyber-attacks. This trend is identified in the Microsoft Cyber Signals report, which analyses 24 trillion security signals daily, combined with intelligence tracked through the monitoring of over 40 nation-state groups and over 140 threat groups.
“In the last year, Microsoft has blocked over 25.6 billion Azure AD brute force authentication attacks and intercepted 35.7 billion phishing emails with Microsoft Defender for Office 365,” said Richard Koh, Chief Technology Officer, Microsoft Singapore. “With digital identities and sophisticated email phishing being key cybersecurity battlegrounds, Microsoft Security differentiates itself with the ability to protect business data, emails, identities, devices, and infrastructure. This ease of access to a strong cybersecurity posture will complement CSA’s work to certify businesses that elevate their position as a trusted and digitally resilient partner to their customers.”
The Cyber Essentials mark is part of CSA’s new cybersecurity certification programme to recognise enterprises that have adopted and implemented good cybersecurity practices. It recognises enterprises that have put in place cyber hygiene measures that protect them from common cyber-attacks. The certification programme also comprises the Cyber Trust mark, which is a mark of distinction to recognise enterprises with comprehensive cybersecurity measures and practices.
“Cybersecurity is a collective responsibility that requires the government and the industry to work closely together. The Government alone cannot reach out to all businesses to encourage them to strengthen their cyber resilience. Private-public collaboration is therefore key to ensuring that businesses stay cyber-secure as they improve their cybersecurity awareness, shift attitudes, and adopt good cybersecurity measures on their digitalisation journeys. We encourage enterprises to leverage resources from CSA and our industry partners like Microsoft, as they apply for certification under the Cyber Essentials or Cyber Trust marks,” said Ms Veronica Tan, Director (Safer Cyberspace Division), CSA.
Getting certified for the Cyber Essentials mark by CSA
To achieve the Cyber Essentials mark by CSA, SMEs will have to meet measures across assets (people, hardware, software, and data), secure and protect its access controls and security configurations against malicious software, and stay constantly updated, backed-up and ready to respond to cyber threats.
For SMEs that use on-premises Exchange Servers and Office software, but need file-sharing, co-editing and up-to-date software and security enhancements, the Microsoft 365 Business Premium bundle is recommended. It comes with Microsoft Defender for Office for file and email protection, and Microsoft Defender for Endpoint, which protects laptops, smartphones, and other endpoint devices. The solution also comes with Intune and Azure AD Premium to help SMEs meet certification requirements for the Cyber Essentials mark.
SMEs which own infrastructure on Microsoft Azure, including applications servers or virtual machines, can adopt Microsoft Defender for Cloud with Intune as a stand-alone Azure service to meet certification requirements for the Cyber Essentials mark.
Toku, a cloud communication provider that helps businesses improve customer engagement and build better customer experiences in Asia Pacific, uses Microsoft Defender for Cloud and Intune. It plans to apply for the Cyber Essentials mark. “Toku understands the benefits of taking a Zero Trust approach to security to ensure our business and customer data is safe. It is also why we made a strategic decision to adopt Microsoft Security as an easily integrated, cost-effective and compliant solution for our needs,” said Eddie Vanderloot, Vice President, Cyber Security at Toku.
Toppan Forms (TFS), a one-stop print solutions provider and business outsourcing partner, believes that the Cyber Essentials certification from CSA will be a mark of distinction to assure customers that it has implemented good cyber security measures. It intends to apply for the Cyber Essentials mark.
“Having started as a security printer, we have now grown to offer total print and information management solutions. Our customers trust us to protect their personally identifiable information, intellectual property and data when we work with them. This makes security critical to our resilience as a business,” said Maurice Lim, IT Manager, Security & Systems Control Group, Toppan Forms. “As a cloud-based service on Azure with built-in artificial intelligence, Microsoft gives us the confidence to flexibly implement controls and secure data across all endpoints and networked devices as we stop attacks, scale our security resources, improve our defences and create a stronger security posture for our business.”
Microsoft and its partners will provide a one-stop professional service for SMEs to build up basic data protection and security capabilities. Microsoft will work with SMEs and advise on suitable cybersecurity and data protection measures, including anti-virus and anti-malware, data encryption and backup solutions. This takes into account the differing profiles of SMEs, including their operational needs and exposure to security risk.
The certification process will be undertaken by certification bodies that have been appointed by CSA. The current certification bodies include BSI Group Singapore, Bureau Veritas Quality Assurance, EPI Certification, exida Asia Pacific, Guardian Independent Certification, ISOCert, SOCOTEC Certification Singapore and TÜV SÜD PSB.
Security, a team sport
While the solutions will help SMEs achieve certification for the Cyber Essentials mark, Microsoft encourages SMEs to take a step further to educate their workforce on the importance of good cybersecurity measures, and will also offer learning paths to certification for security compliance and identity fundamentals.
In Singapore, Microsoft Security certifications from companies as well as individuals have doubled over the last 12 months, and interest in certifications is expected to continue in the coming year.
Richard adds, “Security is a team sport, and it is not one that the government, SMEs, or Microsoft can play at and win alone. Through deep partnerships with our customers and with agencies like CSA, our combined efforts will empower Singapore and local SMEs to achieve more in this challenging cyber threat landscape.”
To start the journey to get the Cyber Essentials mark and certification, register for the Microsoft Security Event at 10am on 14 April 2022 or visit https://aka.ms/GetMicrosoftSecurity for more information.