Singapore’s attractiveness as a global tech and finance hub has made it a prime target for cyber adversaries. The numbers are stark: ransomware attacks surged 154 per cent in 2023 alone, hitting government agencies, critical infrastructure, finance, healthcare and retail sectors. No industry has been spared.
The threat reached unprecedented levels in July 2025 when Coordinating Minister for National Security K. Shanmugam took the unusual step of publicly naming UNC3886—a cyber espionage group capable of destabilising national security. This rare public warning signals the relentless sophistication of threats Singapore faces daily.
The reality is sobering: most breaches don’t begin with dramatic cyber warfare but with mundane human errors—employees missing red flags or making preventable mistakes. For organisations deploying advanced technology, this underscores a critical vulnerability: cyber defences are only as strong as the weakest team member.
Executive-level awareness: Beyond traditional training
James Lim, co-founder and CEO of the Centre For Cybersecurity Institute (CFCI), has witnessed cyber threats evolve across aviation, humanitarian aid and utilities sectors. His approach moves beyond conventional awareness training to immerse executives in authentic attack scenarios, demonstrating real vulnerabilities within their own systems.
These sessions provide direct evidence of organisational risk. In one demonstration, CFCI extracted a CEO’s login credentials from a public leak database and successfully accessed the company’s enterprise environment within minutes. Another exercise exposed sensitive files from multiple organisations through a live Wi-Fi hack in a shared office space.
IMAGE: CFCI
Critical infrastructure under attack
Recent incidents involving FortiManager, a centralised firewall management solution, illustrate the blurred line between IT infrastructure and cybersecurity risks. When accessible via public internet, FortiManager creates significant attack surfaces for adversaries.
Lim explained that attackers exploited vulnerabilities to gain unauthorised access, alter configurations and establish backdoors. Through deep enterprise integration, they transitioned to internal firewalls and executed lateral movement to virtual servers and endpoints. After harvesting credentials and escalating privileges to domain administrator level, attackers exfiltrated sensitive data while maintaining persistence through trusted platforms like GitHub and Google Drive.
The AI-powered threat evolution
AI is fundamentally transforming the cyber threat landscape. AI-generated phishing content now features unprecedented linguistic accuracy and context-awareness, making traditional red flags increasingly unreliable. Adversaries collect voice data through silent scam calls to create AI-powered deepfakes, while widespread digital media provides rich training data for synthetic content creation.
Autonomous AI agents now simulate business interactions, retrieve data and trigger alerts with sophistication matching or exceeding average user awareness. These systems conduct AI-powered reconnaissance to map corporate structures and organisational behaviours, dramatically improving attack success rates.
The human factor remains paramount. Executives witnessed firsthand at CFCI’s training sessions how seasoned professionals fall victim to convincing phishing emails mimicking urgent CFO payment requests or sophisticated AI-generated deepfake voice calls. These scenarios underscore the need for robust internal protocols at every organisational level.
The convergence of AI and cybersecurity is reshaping professional roles. Security operations centre analysts, incident responders and threat intelligence specialists must now build fluency across data engineering, system architecture and model management, while maintaining vigilance against AI-generated manipulation.
Internal vulnerability landscape
Lim said that Singapore enterprises face recurring internal vulnerabilities that create systemic risk:
- Inactive accounts from former employees retaining desktop or email access
- Shared folders with persistent third-party access rights
- Unpatched systems due to policy gaps or insufficient asset management
- Exposure through third-party and supply chain vulnerabilities
- Shadow IT including unauthorised software, hardware or cloud services
These vulnerabilities, while seemingly routine, provide adversaries with initial access points that can escalate into major breaches.
Strategic recommendations for leadership
Immediate actions:
- Implement comprehensive access reviews, particularly for departed employees
- Establish zero-trust protocols for sensitive data handling
- Deploy AI-enhanced monitoring while maintaining human verification for critical decisions
- Conduct regular vulnerability assessments across all third-party integrations
Long-term strategic initiatives:
- Invest in cross-functional training that bridges cybersecurity and AI competencies
- Develop incident response capabilities that account for AI-generated threats
- Establish continuous monitoring of AI and threat intelligence developments
- Create organisational cultures where cybersecurity awareness extends beyond IT departments
Verification Protocols:
- Given the sophistication of AI-generated content, organisations must always verify information with original sources or trusted contacts before acting on potentially sensitive requests, regardless of apparent authenticity
The bottom line
For Singapore’s business leaders, the cyber threat landscape represents both immediate operational risk and strategic competitive concern. State-linked adversaries actively target the operational backbone of the country’s economy and infrastructure, while AI-powered attacks are becoming more sophisticated and harder to detect.
The strength of organisational cyber defences depends on collective preparedness, not just technology, but culture and continuous leadership engagement. As top Singapore firms continue reporting security incidents through supply chain vulnerabilities, the imperative is clear: ensure every team member at every level is equipped for an evolving threat landscape that shows no signs of slowing.
