Commentary: Singapore's journey from cybersecurity to cybermaturity

SINGAPORE: Seven years ago, Singaporeans were shocked when a cyberattack resulted in the theft of personal data belonging to about 1.5 million SingHealth patients, including then Prime Minister Lee Hsien Loong.
Yet, 2018 seems almost like a different age when it comes to cyberthreats.
Last June, a ransomware attack on a service provider to the United Kingdom's National Health Service disrupted operations in some hospitals, resulting in thousands of postponed surgeries and appointments. The hackers published almost 400GB of patient data on the dark web subsequently.
In February the same year, a ransomware attack in the United States compromised the data of about 190 million people and disrupted insurance processing that left patients the choice of delaying treatment if they could not pay out of pocket.
Halfway through 2025, there is no end in sight for the proliferation of this type of attack. A wave of attacks against prominent British retailers began in late April, with Marks & Spencer losing £1 billion (US$1.35 billion) in market value and another £300 million in lost profit expected.
In the 10 years since Singapore's Cyber Security Agency (CSA) was set up in April 2015, technology has evolved considerably, and with it has come an expansion of the threat surface.
Enterprises are increasingly moving to the cloud, where attackers now exploit weak identity and access management. Malicious actors have also taken to scams, fuelled by AI-generated content and deepfakes. Some target software supply chains or phish employees; others engage in hacktivism.
By sheer scale and scope, the lines between cybercrime and cyberthreats to national security have blurred.
NOT JUST REACTING
Singapore has not confined itself to reacting to an evolving threat environment.
It has shored up defences and increased awareness, within government and the private sector, through the creation of Singapore's first Cybersecurity Strategy, the Cybersecurity Act and the Safe Cyberspace Masterplan. These ensure that organisations, particularly in the private sector, have the incentives and tools to implement cybersecurity measures and manage risks before any attacks occur.
Amid the increasing use of AI in cyberattacks, CSA launched in 2024 a comprehensive framework for organisations to manage cybersecurity risks throughout the AI system lifecycle. Its SG Cyber Safe programme offers resources such as toolkits and certification schemes like Cyber Trust marks to guide businesses in implementing cybersecurity measures.
Cyber diplomacy is also a key aspect, since malicious cyber activity and cybercrime knows no borders. Protecting the digital sovereignty of our country is just as important as safeguarding physical boundaries.
Singapore recognises that having a seat at the table to discuss on the dos and don'ts of state cyber activity, is critical for a small state.
When, in 2018, the United Nations Group of Government Experts (GGE) was undermined by disagreements between rival blocs, Singapore led ASEAN states to adopt the GGE's voluntary norms of state behaviour in cyberspace. This took place during the Singapore International Cyber Week, which has itself become the key node for regional cyber discussions.
Singapore's Ambassador to the United Nations, Burhan Gafoor, has garnered praise for his chairing of the UN's Open-Ended Working Group on cybersecurity and information technology.
Singapore has also been a responsible stakeholder when it comes to cyber capacity building, establishing the ASEAN-Singapore Cybersecurity Centre of Excellence in 2019.
REALISTIC APPRAISAL OF THE ROAD AHEAD
In considering strategies Singapore can pursue, we should not be under any illusions about what can be done.
Some cyber practitioners have pushed for 'attributing' cyberattacks, believing that calling out malicious conduct may prevent recurrences. For example, US lawmakers have blamed the Salt Typhoon attacks on US telecommunications infrastructure on Chinese groups.
While large states with well-resourced cyber offensive capabilities may take this view, Singapore's position is somewhat different.
Observers would have noticed that there was no official attribution of the actor behind the cyberattacks against the Ministry of Foreign Affairs in 2014, nor on SingHealth in 2018. In the latter case, it was made known that a state-backed advanced persistent threat was most likely responsible, but this is as far as the authorities went.
This is a space where the threat actors can cover their tracks through technical means, and even our close partners may probe our cyber defences or attempt to exfiltrate valuable information (especially if they feel they can get away with it without being caught).
In any case, a small state cannot afford to take the aggressive posture that others do, threatening retaliatory measures in response to every incident.
One major challenge is also in identifying and grooming the next generation of cyber defenders, when there is already currently a shortage of cybersecurity professionals in Singapore as is the case globally.
FROM SECURITY TO RESILIENCE
What more can be done?
Cybermaturity requires a mindset shift that recognises cybersecurity as a critical national and personal priority.
With CSA as the overall guide, more agencies will need, increasingly, to have skin in the game when it comes to covering digital threats. This process has already started.
When one falls victim to online scams or ransomware, one generally thinks to call the police, not the CSA. Under the Online Criminal Harms Act (OCHA) that came into effect last year, the Ministry of Home Affairs has the powers to deal with online content which facilitate malicious cyber activities. Technological solutions to counter the malicious use of deepfakes are also something that the SPF is working on, with the Home Team Science and Technology Agency.
Beyond policies and frameworks, real resilience requires deeper public investment: a cultural change, greater individual responsibility and baseline awareness.
CSA surveys consistently show a troubling gap: There is widespread acknowledgement of the importance of cybersecurity, but considerably fewer believe they are personally at risk. Awareness is also low in key areas such as Internet of Things (IoT) security, even as more invest in smart homes.
Silos make us vulnerable to threat actors who are using new tools with increasing sophistication and devolution. For the next leg of our cyber journey, it's worth bearing in mind how CSA CEO David Koh sees it: We need to 'assume breach'. This principle encourages not simply vigilance, but the ability to ensure continuity in a compromised environment.
This is the digital future we will have to live with – one brimming with promise, and also peril.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

CNA

17 hours ago

• CNA

AT&T's $177 million data breach settlement wins US court approval

WASHINGTON :A U.S. judge granted preliminary approval on Friday to a $177 million settlement that resolves lawsuits against AT&T over breaches in 2024 that exposed personal information belonging to tens of millions of the telecom giant's customers. U.S. District Judge Ada Brown in Dallas said in a ruling that the class-action settlement was fair and reasonable. The deal resolves claims over data breaches that AT&T announced in May and July last year. Depending on which breach is involved, AT&T has agreed to pay up to $2,500 or $5,000 to customers who suffered losses that are "fairly traceable" to the incidents. After payments are made for direct losses, the remaining funds will be distributed to customers whose personal information was accessed. AT&T did not immediately comment. One of the incidents resulted in the illegal downloading of about 109 million customer accounts at the U.S. wireless company. AT&T disclosed that its call logs were copied from its workspace on a Snowflake cloud platform covering about six months of customer call and text data from 2022 from nearly all its customers. In March 2024, AT&T said it was investigating a data set released on the "dark web" and said its preliminary analysis showed it affected approximately 7.6 million current account holders and 65.4 million former account holders. The company said the data set appeared to be from 2019 or earlier. The Federal Communications Commission is also investigating. In September, AT&T agreed to pay $13 million to resolve an FCC investigation over a data breach of a cloud vendor in January 2023 that impacted 8.9 million AT&T wireless customers. The FCC said the data exposed in 2023 covered customers from 2015 through 2017 that should have been deleted in 2017 or 2018.

CNA

19 hours ago

• CNA

Weak muscles may increase risk of diabetes among midlife women: NUH study

Weak muscles and high levels of internal fats can significantly raise the risk of diabetes among middle-aged Singapore women, even if they are slim. This is according to a long-term study by NUH, which also recommends a simple blood test to gauge muscle strength. The study hopes the findings can eventually be accepted as a form of muscle strength management for midlife women. Professor Yong Eu Leong, Head and Emeritus Consultant of the Division of Benign Gynaecology at NUH's Department of Obstetrics and Gynaecology and lead of the Integrated Women's Health Programme, discusses women's health. He talks about how muscle strength, visceral fat, diabetes and menopause all correlate with one another.

Independent Singapore

19 hours ago

• Independent Singapore

Where NUS and NTU outshine Oxbridge in global rankings

One in three students at the National University of Singapore (NUS) and Nanyang Technological University (NTU) is a foreigner. The attraction is clear: NUS ranks fourth globally—behind only the Massachusetts Institute of Technology (MIT), Stanford, and Carnegie Mellon—in computer science and information systems in the 2025 QS World University Rankings By Subject. In electrical and electronic engineering, both NUS and NTU share the fourth spot with Harvard, trailing just MIT, Stanford, and the University of California, Berkeley, according to the same source. Either or both of the universities excel in other fields as well, including law, medicine, and architecture. With their strong showing in the 2026 QS World University Rankings, could NUS and NTU be seen as the Oxford and Cambridge of Asia? Sticklers may disagree, and not without reason. For one, NUS and NTU are located far closer together than the dreaming spires of Oxford are to Cambridge. More importantly, they cannot yet rival the rich Oxbridge tradition in the arts and humanities. Still, in many other fields, they are catching up—or have already overtaken—and that progress is clearly reflected in the rankings. NUS and NTU are ranked eighth and 12th respectively, just behind Oxford and Cambridge, which come in at fourth and sixth. The strong performance of Singapore's universities is no longer a novelty. This marks the third consecutive year NUS has held eighth place. NTU, which ranked 15th in 2025, has returned to 12th, a position it surpassed in 2018 and 2020 when it ranked 11th. Splitting the two Singapore institutions in this year's rankings is the University of Hong Kong at 11th. See also Singapore experts weigh in on the Covid-19 situation NUS is the only Asian university in the global top 10. The only other non-Anglo-American presence is ETH Zurich of Switzerland, in seventh. The broader Asia-Pacific region has a growing presence in the top 20: China's Peking University and Tsinghua University are ranked 14th and 17th, while Australia's University of Melbourne and the University of New South Wales are 19th and 20th. NUS, NTU: Areas of excellence The Singapore universities are no longer known solely for their engineering prowess. NUS ranks 10th globally in law—making it the only non-Anglo-American university in the top 10 for legal studies. NTU stands at 82nd. In medicine, NUS ranks 18th—the highest for any Asian university—while NTU is 84th. NTU, however, shines in communication and media studies, coming in fourth behind the University of Amsterdam, Harvard, and the University of Texas at Austin. NUS ranks 14th in this field. While Oxford and Cambridge still reign supreme in the arts and humanities, NUS is gaining ground. It ranks second globally in art history, eighth in linguistics, ninth in architecture, 15th in English language and literature, and 17th in history. See also SATIRE: Pokemon GO releases sad news for its Singapore fans This academic success is underpinned by scale and diversity. With over 33,000 students, NUS has the second-largest student body among the top 10 universities—trailing only University College London, which has over 45,000 students. NTU has more than 25,000 students. International students and staff International students and staff contribute significantly to the success of both institutions. Foreigners make up 36% of the student body at NUS and 33% at NTU. The faculty is even more international, with 65% of staff at both universities coming from overseas. In comparison, Harvard has around 24,300 students, including 6,700 international students, and over 4,400 faculty and staff, only 27% of whom are international. Oxford has over 22,000 students, more than 9,000 of them from abroad, and 6,500 faculty and staff, with 44% from overseas. The international students and staff carry weight in the QS World University Rankings. QS applies the following weightage when ranking universities: Academic reputation: 30% Citations per faculty: 20% Employer reputation: 15% Employment outcomes: 5% Faculty-student ratio: 10% International faculty ratio: 5% International research network: 5% International student ratio: 5% International student diversity: 0% See also SP overcharges bill, claims they 'overestimated' $1500 There's an old story about Benjamin Jowett, the 19th-century Master of Balliol College, Oxford, who once declared, 'I am the Master of this College; what I don't know isn't knowledge.' Today, such a claim would be inconceivable. From NUS to NTU, Oxford to Harvard, the global groves of academe are constantly striving for the next breakthrough, the next frontier of knowledge. Top 20 in QS World University Rankings 2026: Massachusetts Institute of Technology (MIT) Imperial College London Stanford University University of Oxford Harvard University University of Cambridge ETH Zurich National University of Singapore University College London California Institute of Technology (Caltech) University of Hong Kong Nanyang Technological University University of Chicago Peking University University of Pennsylvania Cornell University Tsinghua University University of California, Berkeley University of Melbourne University of New South Wales