Singapore businesses strengthen cyber defenses amid escalating threats

Cecil Su, director of cybersecurity at BDO Advisory, identifies the unique threats and recommends strategies to protect Singapore’s digital ecosystem.

With the escalating complexity and frequency of cyber threats, businesses in Singapore are faced with the challenge of strengthening their cyber defenses.

“What we can observe in the current state of cybersecurity here in Singapore is that it has demonstrated a strong commitment to cybersecurity recognising its critical role in safeguarding national interests, businesses and individuals,” Cecil Su, director of cybersecurity at BDO Advisory, told the Singapore Business Review in a recent interview.

He said entities like the Cybersecurity Agency of Singapore (CSA) and the Monetary Authority of Singapore (MAS) play vital roles in implementing various initiatives and frameworks to enhance cybersecurity resilience and build a trusted digital environment across sectors.

However, despite Singapore’s progress, Su noted: “Certainly, just like in most ASEAN (Association of Southeast Asian Nations) nations, there are still some noteworthy emerging threats and vulnerabilities being observed here in Singapore.” He enumerated them as follows:
 

• Advanced Persistent Threats (APTs) – Sophisticated threat actors employing targeted and persistent attacks to gain unauthorised access, steal sensitive data, or disrupt operations.
• Cloud Security Risks – Vulnerabilities like misconfigurations, insecure APIs, and insufficient data protection measures can lead to data breaches and unauthorised access.
• Social Engineering and Phishing Attacks – Cybercriminals exploit human vulnerabilities through social engineering techniques and phishing attacks.
• Supply Chain Attacks – Cyberattacks targeting third and fourth-party vendors and suppliers.

To address these unique threats, Su said businesses in Singapore must adopt specific strategies. Su highlighted the following as areas that require unique approaches:

• Advanced Persistent Threats (APTs) – Businesses operating in sectors like finance, transportation, energy, and telecommunications should implement comprehensive security measures that include advanced threat detection, incident response planning, and robust network segmentation.
• Financial Cybercrimes and Fraud – Organisations in the banking, FinTech, and E-commerce sectors should employ strong authentication mechanisms, friction protocols, transaction monitoring systems, and anti-money laundering (AML) measures to mitigate risks associated with financial cybercrimes.
• Supply Chain Attacks – Due to Singapore's interconnected business ecosystem and reliance on global supply chains, businesses should implement rigorous supply chain processes, conduct regular security assessments of their partners, and establish robust incident response plans.
• Insider Threats – Strict access controls, continuous monitoring of user activities, and regular security awareness training programs are crucial to mitigate the impact of malicious insiders and unintentional data breaches caused by employee negligence.
• Data Privacy and Protection – Compliance with Singapore’s Personal Data Protection Act (PDPA) is vital. Implementing privacy protections such as encryption, access controls, regular audits, privacy by design approach, and privacy impact assessments can help prevent data breaches and associated risks.

Expressing confidence in these recommendations, Su said: “Singapore can actually maintain its cybersecurity resilience and protect its digital ecosystem for the benefits of its citizens, businesses and national security.”

Still, he emphasised that fostering collaboration, investing in education and training, and staying vigilant go a long way in protecting the digital ecosystem.

For small and medium-sized enterprises (SMEs) with limited resources, Su also has a recommendation that aligns their strategies with their resources.

“For SMEs with limited resources, it is crucial to adopt focus strategies that prioritise cybersecurity within their capabilities,” he said. Among the possible strategies are:

• Conduct a risk-based approach – Prioritise cybersecurity measures based on specific risks and potential impact on critical assets and data.
• Establish a strong cybersecurity policy – Develop guidelines and best practices for employees, regularly communicate and train them on cybersecurity awareness.
• Implement user-friendly security solutions – Choose solutions that balance security and usability to seamlessly integrate into existing workflows.
• Regularly update software and systems – Patch vulnerabilities and disable unnecessary services to reduce the risk of attacks.
• Secure network and endpoint devices – Utilise firewalls, intrusion detection systems, antivirus software, encryption, and endpoint protection solutions.
• Regularly backup and encrypt data – Ensure secure storage of critical business data, preferably off-site or in the cloud.

The BDO Advisory executive stressed that striking a balance between implementing strong cybersecurity measures and ensuring business functionality and user experience is not adversely affected is the goal.

Su suggested a risk-based approach, implementing user-friendly security solutions, providing training and education, regularly reviewing security measures, fostering a culture of security, and staying updated on industry best practices.

“Prioritise cybersecurity measures based on the specific risks and potential impact on the most critical assets and sensitive data,” he said.

In the end, Su said that by fostering collaboration, investing in education and training, and staying vigilant to evolving cyber threats, Singapore can maintain its cybersecurity resilience and protect its digital ecosystem for the benefit of its citizens, businesses, and national security.