ST Engineering is a major defence and government contractor providing cyber security related products and services. It holds significant information assets such as proprietary technology, processes and patents. Any breach of cybersecurity defences could potentially result in the theft of such assets leading to a substantial loss of reputation for the organisation. It might also undermine the competitiveness of the organisation and expose us to potential litigation. Breach of cybersecurity defences can also result in wilful destruction and damage of information assets, and to critical information infrastructure. If we are unable to recover such assets or infrastructure, it can impede our ability to undertake the normal course of our day-to-day business.
The Group implements and enforces strict IT controls to reduce our risk exposure. In addition to the IT governance framework, we have multiple layers of cyber security defence infrastructure to detect, prevent and alert us of possible cyber attacks, whether these ultimately result in a breach or not. We also operate a Security Operations Centre that performs proactive monitoring of cyber security threats in real-time to ensure total visibility of threat levels across the organisation at any point in time.
We conduct regular cybersecurity awareness exercises to improve the situational awareness of our employees and reduce the likelihood that they become the weak link in our defences against cyber attacks. Besides regular reviews of our IT controls, policies governance framework and infrastructure to ensure that they continue to be relevant to the evolving cyber security threat landscape, we work with internal and external auditors to regularly conduct end-to-end audits to ensure compliance with controls, policies and governance framework as well as identify weaknesses in systems or procedures.
Business Continuity Plans are in place to ensure that complete recovery of information systems and assets is possible in the event of damage or loss. Each business unit is also required to conduct annual exercises to ensure that the plans are and continue to be relevant and serve their intended purposes.