Cyber attacks have been on the rise in Singapore since 2017, following the breaches of SingHealth, Sephora, AXA Insurance, Uber and Red Cross, alongside the leaking of Singapore HIV data and security scares at the Ministry of Defence and Singapore Armed Forces.Once a global problem, the city-state has become a hotbed for hackers due to the wealth of riches on offer, with Prime Minister Lee Hsien Loong also on the target list.In light of such breaches, Huang Shao Fei, president of Cybersecurity Chapter at the Singapore Computer Society, assesses the security threats set to impact the city-state in 2020. \u201cThe most dangerous concerns in the market today are supply-chain cyber security threats,\u201d Huang observed. \u201cThis is in addition to unconventional, chain-linked threats that do not depend on one single attack vector. In particular, supply-chain threats include Tier 2 and Tier 3 suppliers and sub-contractors that could compromise security, with organisations being the last one to find out they\u2019ve been compromised.\u201dSince launching in 1967, SCS has evolved into a leading digital media professional society in Singapore, housing more than 33,000 members through 16 specialist divisions. Alongside holding responsibilities for the cyber security chapter in the city-state, Huang is also the chief information security officer (CISO or CSO) of the Land Transport Authority of Singapore (LTA). This is in addition to concurrently holding the position of director for Cybersecurity and Data Science, as well as overseeing IT governance and strategy.In occupying dual executive roles, Huang is well-placed to assess the state of cyber security in Singapore, as well as how to leverage emerging technologies to combat rising threat levels.\u201cMachine learning, while relatively nascent at this stage, has great potential in detecting supply-chain and non-conventional threats,\u201d he assessed. \u201cAlso, blockchain technology has the potential to mitigate some supply-chain risks. \u2026 But I do not pursue technology for technology\u2019s sake. Rather, the litmus test of any potential security investment lies in whether it delivers value to the organisation\u2019s mission and priorities, in addition to a robust cost-benefit assessment (CBA) performed together with relevant stakeholders in the organisation. \u2026 Secondly, it is important to have a comprehensive cyber security strategy encompassing all parts of the organisation, backed by a risk assessment framework to aid investment decisions.\u201dThe average cost of a cyber security attack for organisations in Singapore stands at approximately S$1.7 million per breach, with the city-state housing the highest estimated costs stemming from a breach across Asia Pacific, ahead of markets such as Australia, Hong Kong, India, Indonesia, Malaysia, New Zealand and Thailand.According to McAfee Cyber Resilience Report findings \u2014 which surveyed 480 cyber security decision-makers in the region \u2014 estimated costs from respondents in Singapore were more than double that of the next highest country in Asia Pacific, identified as Indonesia with financial implications at roughly S$785,000 per breach.In response, 92 per cent of Singaporean organisations revealed plans to invest more in cyber security in 2020, with plans in place to leverage external expertise such as solution providers (68 percent), system integrators (58 percent), vendors (57 percent) and consulting firms (52 percent).\u201cThe biggest challenges for CISOs lie in managing expectations from the executive board and establishing a cyber security program with limited budgets to meet those expectations,\u201d Huang added. \u201cThe role of the CISO is no longer a functional one and will include that of a security architect, backed by deep, technical knowledge and skills.\u201dHuang\u2019s journey as CISO\u201cI started coding, disassembling and hacking computer games on an IBM XT when I was about 11 years old,\u201d recalled Huang, speaking to CSO ASEAN. \u201cLater, I grew out of playing computer games and my security interests shifted towards computer networks and systems. There was no going back after that, I was going to make my hobby my career.\u201dHuang studied Mechanical Engineering at the University of Tokyo under a scholarship awarded by the Singapore and Japan Governments. Upon graduating in 1998 and the subsequent completion of his national service in the Singapore Army, Huang started his career as a policy executive in the Ministry of Home Affairs.\u201cIt was sheer luck on my part that I discovered there was a job opening in the Ministry of Defence for a new IT security role,\u201d he recalled. \u201cDuring those days, IT security jobs were rare and such opportunities were closely-guarded and need-to-know.\u201cSeveral years later, I joined the Infocomm Development Authority and as a mechanical engineer by training with a passion for IT security, I eventually joined the Land Transport Authority as the organisation\u2019s work resonated and aligned with my professional and personal objectives.\u201dSpecific to SCS, Huang has helped nurture and develop \u201cwin-win partnerships\u201d with industry, academia and the start-up community in Singapore, as well as developing initiatives capable of growing the nation\u2019s cyber security ecosystem.The challenges of security staffingOne such initiative is the Cybersecurity Career Mentoring Programme jointly developed by SCS and Cyber Security Agency (CSA), which aims to help young aspiring professionals and tertiary students in their cybersecurity career discovery journey.\u201cThe most difficult roles to fill are those that require industry-specific domain knowledge, such as cyber security professionals with engineering experience or knowledge of rail systems or of automotive platforms,\u201d he said.\u201cAdditionally, it is challenging to fill cyber security roles that require deep technical skills such as cyber forensic investigators, threat-hunting specialists and security operations centre (SOC) analysts.At the higher level of the cyber security career spectrum, Huang also acknowledged the difficulty in recruiting CISOs at director level, especially in roles which demand substantial years of relevant industry experience and alignment with the organisational culture.