Bits, Bytes, And Battles For Cybersecurity In Singapore

A social media scam incident which happened to Bryan Koh’s mother-in-law brought home his mission at GovTech: protecting systems, citizens, and their trust in government services.

When Bryan Koh’s mother-in-law fell victim to a scam on social media, the dangers of cyber threats hit close to home. The scammers did not just steal her money, they went further, impersonating her to deceive her friends.

What should have been a safe and familiar platform became a tool for exploitation. “It was traumatic for her,” Bryan recounts. The incident was a stark reminder that no one is immune to cybercrime.

In his previous role as head of GovTech’s Government IT Security Incident Response (GITSIR) team, Bryan is no stranger to the relentless battle against digital threats. While his role did not directly involve scam prevention, his mission was clear: to protect Singapore’s government systems, services, and the trust that citizens place in them.

(L-R) GovTechies Andre Ng (Anti-Scam Products Team), Bryan Koh, Chloe Lim (Anti-Scam Products Team), and host Alicia Lee (Design Practice) on the set of GovTech Decoded.

Bryan’s path to cybersecurity was not linear. After earning an engineering degree, he started his career as an engineer before pivoting to cybersecurity about a decade ago. “I have worked in roles like security operations, incident response, governance, and consulting,” he says. Bryan recently moved on from his role leading the GITSIR team to Deputy Director of Cybersecurity Policy Plans and Strategy at GovTech, which he joined in 2021.

During his time leading the GITSIR team, Bryan was responsible for both proactive and reactive cybersecurity efforts. “It can be intense, especially during an active incident,” he said, “but it’s never dull.” The team monitors government systems 24/7 and investigates incidents to safeguard the systems.

Cybersecurity has come a long way since he entered the field. “Back then, it was more about checking compliance boxes than addressing real risks. Today, the mindset has transitioned from ‘are we compliant?’ to ‘are we ready for an attack?’”

Bryan giving Minister for Digital Development and Information, Josephine Teo, a tour of GovTech’s Government Cyber Security Operations Centre (GCSOC).

Today’s threats are more sophisticated than ever. Bryan cites zero-day vulnerabilities as one of the biggest challenges. These exploits target unknown flaws in software, allowing attackers to get past the defences.

“Threat actors often operate in a ‘low and slow’ manner, making it harder to detect their activities initially,” he said. Staying ahead of such attacks requires meticulous attention to detail and staying informed about the latest techniques.

The growing reliance on digital services has also expanded the attack surface. “With more government services online, the potential opportunities for cyberattacks have increased significantly,” Bryan points out. The stakes are high. A single breach could have far-reaching implications for both the government and its citizens.

“In our line of work, we are always racing against time to uncover the weaknesses exploited and footprint of the threat actors, so that effective eradication and remediation could be performed in time,” he recalls.

Andre, Bryan, Chloe and Alicia play a game spotting scams on GovTech Decoded Ep 2.

For Bryan, the fight against cybercrime is not just professional; it is deeply personal. His mother-in-law’s experience with a Facebook scam brought home the importance of cybersecurity on an individual level.

“While my work doesn’t directly deal with scams, it reinforces how critical it is to protect systems that people rely on every day,” he says. Ensuring that government services remain secure is not just about safeguarding infrastructure; it is about protecting the people who depend on it.

What keeps Bryan motivated in the face of ever-evolving threats? “Every time we resolve an incident, we are making a difference,” he says. “At the end of the day, my job is more than protecting systems; we are protecting people, services, and the trust that citizens place in our government,” he adds.

His experiences have also taught him invaluable lessons about resilience and teamwork. “When you’re in a high-stakes environment, trusting your team and working together is crucial. You can’t afford to go at it alone,” he says.

Stay Curious

For those interested in a cybersecurity career, Bryan’s advice is simple: stay curious. “Start by keeping up with cybersecurity news and participating in hands-on exercises or labs,” he recommends. He also highlights programmes like the Cybersecurity Development Programme (CSDP) by the Cyber Security Agency of Singapore, which helps develop cybersecurity talent in the public sector.

“It’s a challenging field, yet interesting and meaningful,” he concludes.

Practical Cybersecurity Tips for All

Bryan believes that even tech novices can take simple steps to improve their digital security. Here are his top tips:

If You Lose Your Phone or Laptop

Use the “Find” feature to locate your device.
If it’s unrecoverable, block your SIM, wipe the device remotely, and disable account access from a secure device.

Securing Internet of Things (IoT) Devices (e.g. CCTVs)

Configure devices properly and stay alert to announced vulnerabilities.
Address issues promptly to reduce risks.

His advice underscores that cybersecurity is not just for experts. It is something everyone can and should take seriously.

For more insights, catch Bryan and his colleagues on GovTech Decoded as they unpack scam tactics and discuss Singapore’s cybersecurity strategies: https://go.gov.sg/govtechdecoded-psd!