The cyber threat landscape

Be Safe Online is a handbook to help organisations enhance their cyber defence capabilities and digital risk management, so as to better protect themselves against the increasing frequency and sophistication of cyber-attacks.

Increasingly SMEs are being attacked and used as conduits to attack large companies, organisations or even governments.

Cyber-attackers range from criminals who steal online identities or corporate information for financial gain, hackers who break into systems just to show off their skills, to even nation states.

Business risks arising from cyber incidents are wide ranging – from lawsuits and regulatory penalties due to theft of sensitive information, to loss of customer trust and damage to company reputations. Chief executives and senior managers can be blamed for serious cyber incidents.

The most effective cyber defences will be those that concentrate resources on protecting their most valuable assets.

Why cyber defence?

“If you know the enemy and know yourself, you need not fear the result of a hundred battles” – Sun Tzu.

Behind every cyber threat is a person or persons, whether they are casual hackers or more sophisticated groups. As such, a purely compliance approach to cybersecurity will not be effective, as perpetrators keep up-to-date with the latest cybersecurity policies made available on the Internet to constantly find new ways to bypass security protections to gain entry into networks.

Hence, a cyber defence strategy needs to be nimble and comprehensive, which would begin with an assessment of the threats against an organisation. A simple starting point is to identify an organisation’s key cyber assets, and the potential threats and risks to those assets. Thereafter an organisation decides on the appropriate tools and controls to mitigate the risks to these assets.

This approach aims to create a business environment that reduces soft-spots (vulnerabilities) in IT networks and infrastructure as much as possible. Through continuous vigilance and authentication safeguards, organisations can quickly detect, outwit cyber-attackers and create a safer and secure environment for businesses, employees and customers.

Why these 6 essentials?

“The whole is greater than the sum of its parts” – Aristotle.

The Cyber Security Agency of Singapore (CSA) advocates establishing cyber defence through an “integrated defence-in-depth” – which entails setting up multiple layers of defence in a well-integrated manner.

This achieves synergy and creates a multiplier-effect on organisations’ cybersecurity effectiveness.

The integration of cybersecurity measures can also give rise to cost-savings whilst maintaining effective cybersecurity. In order to simplify how organisations, especially SMEs, can defend themselves, CSA has identified 13 integrated cybersecurity measures, of which the top 6 are termed ‘Essentials’.

Based on CSA’s view of today’s cyber threat landscape, the 6 Essentials are sufficiently effective in protecting any organisation against targeted attacks. Why? They help the organisation achieve a 20/20 vision, which allows defenders to thwart attackers. CSA also recognises that there is no silver bullet solution, thus the measures are designed to ensure coexistence.

To access the full publication, visit:

About Cyber Security Agency of Singapore (CSA)

The Cyber Security Agency of Singapore (CSA) provides dedicated and centralised oversight of national cybersecurity functions, and works with sector leads to protect Singapore’s critical services. It also engages with various industries, and stakeholders to heighten cybersecurity awareness as well as to ensure the holistic development of Singapore’s cybersecurity landscape. The Agency is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. Information on CSA is available at