Joyce Teo

Cybersecurity Code-of-Practice (CCoP) 2.0: Complying with InsiderSecurity

Why choose InsiderSecurity for CCoP 2.0

InsiderSecurity products are built for compliance

  • Ease of use, especially useful for small IT teams
  • Automated review of account activity saves hours in monitoring
  • Built-in workflow that support governance and audits

Do you also know:

  • InsiderSecurity is used and trusted by Singapore CII today
  • InsiderSecurity is IMDA accredited
  • InsiderSecurity is an award-winning Singaporean technology company that has its engineering and technical support teams in Singapore

What is Cybersecurity Code-of-Practice (CCoP) 2.0?

The Cybersecurity Code-of-Practice (CCoP) 2.0 refers to the Cybersecurity Code of Practice for Critical Information Infrastructure 2.0, which is an updated version of the CCOP 1.0 released in 2018. The CCoP 2.0 published on 4 July 2022. It specifies the minimum cybersecurity requirements that organizations operating Critical Information Infrastructure (CII) must implement to ensure the security and resilience of their IT or OT system and/or network infrastructure, including physical devices and systems, software platforms, and applications of the CII.

The primary objective of CCoP 2.0 is to enhance the defensive capabilities of organisations against the sophisticated tactics, techniques, and procedures (TTPs) employed by cyber attackers. It seeks to impede their progress of attacks and improve the agility to tackle emerging risks in domains such as cloud, AI, and 5G. Additionally, it facilitates coordinated defenses between the government and private sectors to promptly identify, discover, and respond to cybersecurity attacks and threats.

Whom will CCoP 2.0 affect?

The designated CII sectors, which are responsible for the continuous delivery of essential services in Singapore, are Government, Energy, Water, Healthcare, Banking & Finance, Transport (encompassing Land, Maritime, and Aviation), Media, Infocomm, and Security & Emergency Services.

How does InsiderSecurity meet CCOP 2.0?

InsiderSecurity helps to meet key CCoP 2.0 requirements that are challenging and tedious to comply with. As a leader in automated analytics, InsiderSecurity’s solutions are especially useful for smaller IT teams. InsiderSecurity solutions are used in Singapore CII today. 

InsiderSecurity meets CCOP2.0 in the below two areas: 

  • Database security
    InsiderSecurity’s simplified database monitoring flags out data access anomalies. InsiderSecurity saves manpower in monitoring.
  • Monitor for anomalies in user behaviour patterns
    InsiderSecurity’s automated log analysis flags out anomalies in behaviour patterns and detects early signs of breach. With InsiderSecurity, the user does not have to manually review high volume log events or alerts. InsiderSecurity makes sense of the logs and saves manpower in monitoring.

Which CCOP2.0 requirements are addressed by InsiderSecurity?

CCoP 2.0 Requirements Clause InsiderSecurity
5.2 Account Management 5.2.1(d) Establish mechanisms and processes to monitor the activities of each account, including behavioural patterns, for any anomalies and to trigger an alert for investigation when any anomaly is detected; Yes
5.13 Database Security 5.13.4 The CIIO shall monitor databases in a CII for anomalous activities and trigger an alert for investigation when any anomaly is detected. Yes
5.13.5 The CIIO shall monitor for bulk queries that exceed a predetermined threshold of data to be retrieved and trigger an alert for investigation when any such bulk query is detected. Yes
6.1 Logging 6.1.1 The CIIO shall generate, collect and store logs of the following: Yes
(a) All access and attempts to access the CII and the activities during such access, including application and database activities, and access to data in the CII; Yes
6.2 Monitoring and Detection 6.2.1 The CIIO shall establish and implement mechanisms and processes for the purposes of: Yes
(a) Monitoring and detecting all cybersecurity events in respect of the CII; Yes
(b) Collecting and storing records of all such cybersecurity events (including, where available, logs relating to the cybersecurity event); Yes
(c) Analysing all such cybersecurity events, including correlating between cybersecurity events, and determining whether there is or has been any cybersecurity incident; and Yes
6.2.2 For the purposes of monitoring and detecting cybersecurity events, the mechanisms and processes established by the CIIO shall include: Yes
(b) Establishing the normal day-to-day operational activities and network traffic in the CII, and using this as a baseline against which the CIIO is to monitor for deviations and anomalous activities; and Yes
(c) Ensuring that alerts for further investigation are triggered for all deviations and anomalous activities that are detected. Yes

CSA has also provided more clarification via their Responses to Feedback Received dated July 2022. The below compliance table outlines how InsiderSecurity meets the CSA responses on CCoP 2.0:

CSA responses on CCoP 2.0InsiderSecurity
11.4 The CIIO is expected to monitor the behavioural patterns of user accounts within the CII environment and to trigger an alert if a CIIO detects suspicious behaviour patterns or behaviour patterns that deviate from the expected baseline.Yes
11.12 The intent of the clause is to facilitate early detection of any unauthorised access and malicious activities performed by the privileged accounts. The CIIO should log privileged account related activities such as login attempts, configuration changes etc.Yes
11.41. The CIIO should log and monitor all application access and activities to detect any unauthorised access or malicious activities to the application. Following the feedback, CSA has revised the clause to provide clarity.Yes
12.15. Examples of the components of the threat hunting include having data to baseline normal traffic to find outliners, develop hypothesis based on tools and framework, and investigate and analyse potential threats to discover any new malicious patterns in the data and uncover threat actor’s TTPs.Yes

What are the InsiderSecurity products that meet CCOP2.0?

InsiderSecurity’s Database Activity Monitor (DAM) discovers data access anomalies early before there is serious data loss. Some of its key features are:

  • Easy Deployment and Reduce Operation Cost
    By leveraging on machine learning and AI, Database Activity Monitor does not require the user to configure complex, error-prone database rules. Database Activity Monitor works practically out-of-the-box.
  • Automated monitoring for suspicious data activity
    Automatically detect suspicious database administrator activities, data theft and unusual network activities in the databases.
  • Save manpower
    With smart algorithms making sense of events 24/7, customers only need to review high-risk accounts and activities instead of long, complex reports.
  • Built for compliance
    Features for IT governance and support for audit.

InsiderSecurity’s Automated UEBA flags out anomalies in behaviour patterns and detects early signs of breach. Some of its key features are:

  • Stop Internal Threats
    Continuous, automated monitoring of all user behaviours to uncover suspicious user activities early, before there is any serious data loss
  • Automated Threat Detection
    Detect automatically and save on manpower.
  • Advanced Sensors
    Provide visibility needed to catch Advanced Persistent Threats (APTs)
  • Built for compliance
    Features for IT governance and support for audit.

About InsiderSecurity

InsiderSecurity is a Singapore-based cybersecurity technology company that has garnered industry recognition and awards. Founded by a team of cybersecurity experts, InsiderSecurity provides cutting-edge user behavior analytics to detect internal cyber threats early.

InsiderSecurity is a two-time winner on CSA Cybersecurity Innovation Day, in 2020 and 2022, and has also been listed in the ASEAN 40 under 40 for its groundbreaking cybersecurity innovations. InsiderSecurity is the only company accredited by Singapore Government in the area of User and Entity Behavior Analytics. This means that InsiderSecurity met IMDA’s high standards for deployment in enterprises and government agencies.

InsiderSecurity solutions are used by large enterprises and government agencies today.

Complying CCoP2.0 with InsiderSecurity

For more information on how InsiderSecurity can help you meet your compliance and security needs

Contact Now

Malware in the Cloud: Challenges and Best Practices

Ask any CISO about the top three risks to his or her enterprise, and you can be sure that malware will be on that list.  

Malware as a cybersecurity threat has evolved over the years from a nuisance to a devastating multi-billion-dollar industry that can bring governments and companies to their knees. The Colonial Pipeline ransomware attack in 2021 was just a taste of things to come, and attackers have further refined their attempts to weaponize malware. Recent events like the Russia-Ukraine conflict provide them with more avenues for ransomware and state-sponsored attacks, with the government of Costa Rica being forced to declare a state of national emergency after ransomware devastated its infrastructure.  

Attackers go where the money is, and the top two technology trends of the last few years have been the rapid adoption of Cloud Computing and Artificial Intelligence. Cloud adoption is expected to reach $1.55 Trillion by 2030, which is a staggering amount, and attackers have not been slow to see its potential. 

How malware can compromise the cloud

Along with the increased adoption by companies, attackers have also started using the cloud to be more scalable and efficient in their operations. There have already been reports of SaaS models cropping up offering cybercrime hosted on the cloud. Just like businesses, attackers are now utilizing the speed and agility of the cloud to supercharge their operations, which extends to malware as well.  

Malware can use cloud computing in one of two ways: 

  • As a delivery platform: By using the power and storage of the cloud, attackers can automate and streamline their operations to be faster, more cost-effective, and thus more dangerous. The cloud can be used as a delivery vehicle for malware and an amplifier, with attacks like DDOS benefiting from the cloud resources they can access.   
  • As a target: Cloud infrastructure can become the target of the malware itself, with misconfigured infrastructure services and storage like S3, Dropbox, etc. being a prime target of attackers. There are many ways of doing this:  
  • Misconfigurations: Despite cloud security maturing year by year, there are still reports of simple misconfigurations having devastating effects, like the recent S3 bucket that exposed over 69 million documents and 12TB+ of production data!  
  • Malicious Cloud apps: Most cybersecurity teams are unaware of the permissions they have granted to SaaS applications within their environments, nor do they verify their origin. Attackers can gain a foothold into a tenant by tricking users into installing a malicious cloud app or using a compromised account to install a cloud app that acts as a backdoor. 
  • As part of a supply chain attack: Many companies use the cloud for their code repositories and keep critical workloads on-prem in a hybrid computing model. Attackers can compromise the cloud repos and inject malicious templates as a jumping pad into the customer’s environment.  

How to combat cloud malware

Protecting against cloud malware is not all that different from safeguarding against on-prem attacks. Along with investing in a proper anti-malware solution, you should follow these best practices to secure your environment:  

  • Strengthen your access control, as the more locked down your permissions are, the more difficult it will be for cloud malware to take control of your infrastructure. Best practices like principle of least privilege, multi-factor authentication, and role-based access control are all essential practices for securing your cloud.  
  • Implement a process to audit the permissions given to SaaS applications within your environment. What level of permissions do these applications have, and are they verified? Is there an approval process present before a SaaS application can connect to your cloud? 
  • Make sure you have a backup method so that you can recover from malware disruptions. This can be a different media or a separate account or subscription. 
  • Implement a governance model that segregates your production cloud environment from less secure accounts like development or sandbox. You should be using a different cloud account or subscription for running your production and development workloads. The best practice is to segregate them and implement guardrails on what developers can do, even with elevated access.  This will ensure that even if malware can compromise privileged access within a development cloud account, it cannot laterally move onto your production workloads.  
  • Implement behavioral analytics to detect malicious activity within the cloud. In large cloud environments, there are millions of events happening at any given time, which is beyond the scope of human security analysts or SIEM solutions to analyze. Using tools like InsiderSecurity’s Cloud Security Monitor can help you detect suspicious cloud activities and prevent cloud data from being misused by malicious or compromised users. Our software will help you identify any malicious activity before it can infect your environment and your users.  

The future of malware  

Malware is an evolving threat, and cybersecurity professionals must keep pace or risk being attacked. Teams must upskill themselves to take advantage of cloud security controls and their speed/automation in stopping such threats. One of the biggest mistakes cybersecurity teams make is to “copy-paste” their on-prem controls to the cloud and not take advantage of its security tooling. The cloud is now in the cross-hairs of cybercriminals both as a target and as a platform, and cybersecurity teams need to take steps to secure their cloud footprint before it is targeted. 

Uber Data Breach

Insights from the Uber Breach: Ways to Prevent Similar Attacks 

Uber Technologies disclosed it was investigating a cybersecurity incident after reports that hackers had breached the company’s network. An in-depth analysis of the attack reveals how the attack occurred and ways organizations can prevent similar incidents in the future. The security industry, however, is still abuzz following this incident, with experts concerned about how an allegedly 17-year-old attacker hacked Uber’s IT infrastructure and acquired sensitive data.  

Experts at InsiderSecurity dissected the attack and came up with hackers’ progression along Uber’s killchain, starting from the initial access, discovery, lateral movement, and data exfiltration. This breach is a reminder that threats are always present and evolving, hence we must do our utmost to learn and adapt to the ever-changing threat landscape. Therefore, based on the Uber incident details, we provide a list of effective strategies organizations can use to identify and mitigate similar incidents in the future.  

What and How Did the Attack Happen? 

  1. Initial Access 
    The hackers accessed Uber’s IT environment after accessing the company’s VPN infrastructure credentials. We got this information from Uber’s September 19 security update that names Lapsus$ as the potential threat actor.  
    “An Uber EXT contractor had their account compromised by an attacker,” reads Uber’s security update. “It is likely that the attacker purchased the contractor’s Uber corporate password on the dark web after the contractor’s device had been infected with malware, exposing those credentials.” 
    It’s important to note that Uber has implemented multifactor access control for its systems. However, according to their update, the attacker successfully logged in after the contractor accepted one of the many attempted two-factor login approval requests.  
  1. Discovery  
    The contractor whose credentials were stolen did not have privileged access to critical systems. Nevertheless, the contractor had access to a network share. This access is authorized for most internal users. Furthermore, even with restricted access, the cyber actor located a PowerShell script containing hard-corded privileged credentials for Thycotic, the target’s Privileged Access Management (PAM) solution. The PAM user credentials granted access to Uber’s secret services, such as DA, DUO, AWS, GSuite, and Onelogin.  
  1. Privilege Escalation and Access to Critical Systems   
    The hacker stole the admin credentials needed for elevated permission to different critical systems and tools. This attack is unique and worthy of attention as it shows how credential theft can lead to a breach of multiple systems. For instance, the attacker in Uber’s case accessed Slack, Google Workspace Admin, AWS accounts, HackerOne admin, SentinelOne EDR, vSphere, and financial dashboard.  
    Besides, the hacker posted a message to a company-wide Slack channel and reconfigured OpenDNS to display a graphic image on internal sites.  
  1. Data Exfiltration  
    Uber divulged that the cyber actor accessed the company’s bugs and vulnerabilities reports, but the security team had remediated the bugs. However, the hacker stole crucial information from the Slack business messaging app.   
    An excerpt from the company’s security update reads, “it does appear that the attacker downloaded some internal Slack messages as well as accessed or downloaded information from an internal tool our finance team uses to manage some invoices.”  
    Uber responded by identifying and blocking compromised accounts to ensure the attacker had no further access to systems. In some cases, the company required a password reset to restore accounts. Uber also disabled affected tools, rotated keys to reset access to internal servers, locked down the codebase, and required employees to re-authenticate to regain access.  

Lessons from the Breach and Ways to Mitigate Similar Attacks  

Uber’s security incident involved both human users and systems. Therefore, it’s worth pointing out that a single technology solution could not avoid such a breach. Instead, cybersecurity professionals and companies require a set of controls and training to mitigate similar attacks in the future.  

  1. Strengthen Security Configuration  
    As pointed out above, Uber had MFA in place for user access. That is to say; multifactor authentication is not a silver bullet in today’s cybersecurity landscape. Today, hackers have developed various methods to circumvent access control mechanisms, including MFA.
    A crucial step towards safeguarding your systems and information is to get rid of embedded credentials. Additionally, it is vital to remove standing access to sensitive infrastructure and cloud interfaces, which in turn can limit lateral movement.  
  1. Implement Cloud Security Monitor (CSM) 
    Organizations can enhance security by implementing a CSM solution that provides a clear view of their systems and networks for visibility of any unusual activity or behavior. For instance, InsiderSecurity’s CSM is a simple-to-use SaaS for enterprises to monitor their data security in cloud services like Microsoft 365. CSM provides automated monitoring of cloud user logs. The solution uses award-winning automated cybersecurity analytics and machine learning, allowing you to discover threats early before serious data loss.  
  1. Social Engineering is Still a Serious Threat  
    The fact remains that end users are an organization’s biggest security risk. According to Dark Reading’s 2021 Strategic Security Survey, 48% of participants still perceive users breaking security policies as the biggest risk, while 15% believe social engineering attacks still cannot be anticipated or prevented by current technology. As staff members and other authorized users still remain the gatekeepers of your company data, it is essential to train them to detect and report social engineering attacks like phishing to avoid credential theft.  
  1. Detect Login Anomalies from Privileged Accounts   
    Certainly, privileged accounts remain attractive targets for cyber attackers due to their access to sensitive information and systems.  In fact, data breaches and compromised privileged accounts go hand-in-hand. Therefore, you should secure your vital secrets and privileged credentials before extending the same to other data and information. Companies can monitor account use through continuous visibility and reporting that ties activities to specific users. Keep an open mind and look at admin accounts’ events from all angles to detect indicators of compromise.  
  1. Detect and Investigate Excessive Downloads  
    Excessive downloads can be categorized as risky because it indicates an insider or a compromised user who is trying to exfiltrate data. Implementing automated activity monitoring across the entire IT environment to identify unusual file download activity. For example, if a user is seen to have downloaded a large amount of data outside of their expected download behavior, an alert will be triggered. This behaviour can be learned via machine learning algorithms that capture the user’s profile within the environment.  
  1. Detect Suspicious Email Transport Rule Activities and Other Privileged Activities 
    There are legitimate scenarios for using mailbox rules that either forward or delete all emails that matches certain criteria. However, attackers are also known to add suspicious email transport rules in victims’ mailboxes so that any new email received will be forwarded elsewhere, typically to an attacker’s email account. For example, a hacker might want to collect financial data from a company. In this case, they create an inbox rule on a compromised user mailbox to forward all emails containing finance and accounting keywords in the subject or the message body to an external mailbox.  
    Malicious inbox rules are widely common in phishing campaigns and business email compromise, making it important to monitor them consistently. 
    Certainly, unexpected rule changes could be a sign of a compromised email account. Therefore, it is important to verify with the user if the mailbox rules were added intentionally in the case of updated email transport rules. 

Avoid Attacks with InsiderSecurity  

An analysis of recent incidents reveals there is no foolproof against modern frequent and sophisticated data breaches. Fortunately, implementing layered and robust security measures along with training of employees as well as the use of cloud security solutions to monitor and report anomalous activities can help mitigate attacks. Unfortunately, some firms lack the resources and expertise to implement such controls. To make matters worse, they might not know if they are breached until months later, when it is too late.  

InsiderSecurity offers advanced cybersecurity solutions and expertise needed to help your company to find cyber threats before there is any serious data loss. We offer a range of solutions, including the Cloud Security Monitor for ensuring data security in your cloud services and Automated UEBA for securing on-premise and cloud IT infrastructure.  

5 Effective Ways to Prevent Data Breaches

In Singapore’s Cybersecurity Awareness Month in Oct, various data breaches impacting organizations large and small were reported. High-profile incidents included Australian telcos Optus and Telstra, eight Shangri-La hotels around Asia, health insurance provider Medibank, online retailers MyDeal and Vinomofo .

In late September 2022, Optus, Australia’s second largest telco is breached. It has been revealed that 2.1 million personal identification numbers have been stolen with 30,000 of its current and former employee details leaked as well. In early October, Telstra had 18.8 million of its accounts stolen. There was another data breach earlier last week in Australia’s biggest health insurance provider Medibank, which led to 200GB worth of confidential data being stolen. Another major cybersecurity incident occurred at MyDeal just a day after the Medibank data breach. MyDeal has confirmed that the data of around 2.2 million customers has been breached.

With today’s sophisticated hackers, no business is safe from data breaches. Small and medium-sized enterprises (SMEs) often have leaner cybersecurity teams and budgets and lack effective cyber security strategies. Cyber criminals are aware of the fact that SMEs are often easier targets. It is a misconception that SMEs are spared from cyber criminals.

So how can you stop this from happening to your company? In this article, we will discuss five solidly proven ways to prevent cyber disaster from occurring at your organisation.  

1. Beware Shadow IT

Gartner refers to shadow IT as “IT devices, software and services outside the ownership or control of IT organizations”. Training the users on the risk of shadow IT and having the IT team be able to support the needs of the business is extremely important. Gone were the days which IT folks can ask users to wait weeks or months to get a service up, because most people would simply use google to find out if the service was available for them to use online. It would be a major plus point if these services are free, but in our current modern world that values data more then any other thing, are free services truly free?

2. Automate certificate services

Certificates are used everywhere, in your websites, on your email, when you do a VPN or when your administrators log into a web portal to perform actions on hardware devices. We see a trend of maturity where larger organisations create a central Public Key Infrastructure(PKI) service to centralise control over all certificate usage. This central PKI service issues certificate for the entire organisation and provides the gateway devices the ability to block any self-signed services reducing the risk that was previously mentioned. The next step would then be the automation of not just the certificates request via self-service but the renewal of these certificates as well. Netrust is a well-known Singapore Certificate Authority that would be able to help with this.

3. Uncover the internal threats early 

User and Entity Behaviour Analytics (UEBA) has emerged as the most effective approach to comprehensively detect a far wider range of real-time suspicious activities and unknown threats in the enterprise. 
InsiderSecurity’s Automated UEBA applies algorithms, scenario analytics and advanced machine learning rather than rules or signatures to provide crucial visibility and risk score of suspicious activity. It reduces response time to cyber attacks. Based on advanced analytics of user behavior, our automated UEBA provides increased security coverage with minimal investment for security experts in SMEs.
For example, consider this attack scenario. There is a zero-day vulnerability in your systems, which is not yet known to the public but is already being actively exploited by attackers. InsiderSecurity’s Automated UEBA is able to uncover such an attack by monitoring for the suspicious account and network activity in the systems and alert you early.

Unusual activity of an insider/ a hijacked account detected by the InsiderSecurity UEBA solution before data breaches
Figure 1: Unusual activity by an insider/ a hijacked account — detected by the InsiderSecurity UEBA solution

4. Secure the database server

Database Activity Monitor is a critical aspect of minimizing your company’s risks and protecting not only your data but also company’s reputation. For organizations with sensitive databases, InsiderSecurity’s Database Activity Monitor automatically discovers suspicious data access and data theft early. This leverages on InsiderSecurity’s AI-driven cybersecurity analytics. Database Activity Monitor works out-of-the-box as users do not need to configure complex rules. Furthermore, Database Activity Monitor helps meet data protection regulations such as PDPA and GDPR. 
After attackers or rogue insiders gained initial access in a victim’s infrastructure, they will move laterally around the internal IT systems and attempt to access high-value data stored in the enterprise’s databases. InsiderSecurity’s Database Activity Monitor can discover such database access early before there is serious data loss.

Data theft detected by the InsiderSecurity DAM solution before the data breaches becoming publicly known
Figure 2: Data theft— detected by the InsiderSecurity DAM solution

5. Ensure data security in cloud services

To safeguard against the ever-evolving cloud threats, consider implementing InsiderSecurity’s Cloud Security Monitor (CSM) for managing cloud access and securing the cloud workspace. It is a simple-to-use SaaS to monitor data security in cloud services. CSM detects suspicious data access and new and emerging threats with behavioral analytics. It applies machine-built timelines to decrease response times and improve analyst productivity by automating incident investigation. CSM also monitors for compromised Microsoft 365 accounts and discovers documents shared to the public by accident. 
Attackers are known to do this: after compromising an on-premise network, the attackers are able to steal the cloud credentials to access the victim’s cloud infrastructure and gain access to sensitive documents in OneDrive or SharePoint. With InsiderSecurity’s Cloud Security Monitor, such threat behaviour can be detected early to mitigate further damage.

Suspicious data access detected by the InsiderSecurity CSM before data breaches
Figure 3: Suspicious data access— detected by the InsiderSecurity CSM


In the past 10 years, the number of data breaches has increased significantly. Protecting the business from these threats is essential. Protect your company by implementing the approaches described above. 

Clearly understanding the possible danger from shadow IT and the benefits of certificate automation are vital for ensuring the proper security of your organization’s critical assets. Netrust is a well-known Certificate Authority that provide such certificate services, please reach out to Netrust Pte Ltd at or visit if you would like to find out more.

The other key is to be able to detect the breach early. Detecting the breach early enables a company to minimize or prevent data loss altogether and avoid a cyber disaster. InsiderSecurity’s award-winning solutions help you to do this.

InsiderSecurity awarded at CSA’s Cybersecurity Innovation Day 2022

InsiderSecurity is pleased to receive an award at Cyber Security Agency of Singapore’ Cybersecurity Innovation Day 2022 (Aug 31, 2022).

InsiderSecurity’s CEO Jonathan Phua is honored to receive the award from Singapore’s Senior Minister of State Dr Janil Puthucheary.

The Cybercall award recognises innovative cybersecurity companies that provide solutions to solve pressing cybersecurity challenges today.

InsiderSecurity won the award for its development of an innovative cloud security solution named Cloud Security X (CSX). This solution builds upon InsiderSecurity’s expertise in advanced cybersecurity analytics and in uncovering cyber threats early, especially for threats that would otherwise go undetected.

ion Day

Two-time winner in Cybersecurity Security Agency of Singapore (CSA)’s Cybersecurity Innovation Day

This is the second year that InsiderSecurity won an award at CSA’s Cybersecurity Innovation Day. The first award was in 2020.

Established by Singaporean cybersecurity experts in 2015, InsiderSecurity builds advanced cybersecurity products that are used by many large enterprises, government agencies and SMEs. InsiderSecurity is the only company that is accredited by Singapore’s IMDA in the field of cybersecurity behaviour analytics. Our innovative AI-based solutions provide early-warning of internal threats inside business infrastructures before there is any serious data loss. This technology is useful for early detection for supply chain attacks, such as Kaseya and SolarWinds cyber attack.

InsiderSecurity awarded at CSA’s Cybersecurity Innovation Day 2022