The roles and responsibilities of a security incident response manager and his/her team needs to be clearly understood, with all members “empowered” enough to know what to do when a cyber-security incident strikes, said a senior of a cyber-security firm on Nov 13.

These recommendations were made by Singapore’s Comissioner of Cybersecurity and Cyber Security Agency chief David Koh, rounding up the scheduled hearings for the Committee of Inquiry (COI) looking into the SingHealth data breach.

Neither is cyber security just a “technical issue”, nor is it a problem that only IT personnel handle, he added.

Cyber security should instead be viewed as a risk management issue that is built in “as a key feature, rather than slapped on as an afterthought”.“As with all high-level business risks, it should be managed at the appropriate level of leadership,” Mr Koh told the four-member Committee of Inquiry (COI) convened to investigate the data breach.

In what was Singapore’s worst cyber attack, the personal data of 1.5 million patients and the outpatient prescription information of 160,000 people, including Prime Minister Lee Hsien Loong, was stolen by hackers in June.

Mr Koh noted that the healthcare sector has a large scale of operations, with 60,000 endpoints, 6,000 servers and three terabytes of Internet traffic passing through its networks daily.

“Safeguarding such a large attack surface presents a huge challenge,” said Mr Koh, adding that there was no need for a “sweeping indictment” of the healthcare sector’s cyber-security measures.