Recent incidents involving cyber espionage groups such as UNC3886 highlight how advanced and persistent cyberthreats have become – particularly for critical infrastructure operators. 

Do you think enterprise leaders today need to rethink their network and infrastructure design? Why?

Cheah: Yes.  Recent developments in Singapore’s telecommunications sector highlight a broader shift: critical infrastructure is no longer an occasional target — it is a standing intelligence objective. The threat landscape has fundamentally shifted. Today’s adversaries are persistent, well‑resourced and patient, prioritizing long‑term access over immediate disruption.

In this environment, legacy or static network architectures are no longer fit for the purpose. Enterprise infrastructure must be designed to be resilient, adaptive and intelligence-driven, with cybersecurity embedded from the outset. It should also be flexible enough – resilience is not static – as security postures must evolve continuously to keep pace with constantly adapting adversaries.

Equally important is the move towards predictive, intelligence-led defense models. These enable organizations to detect subtle, long-dwell behaviors characteristic of advanced persistent threats, allowing for earlier detection and more proactive response before operations or national services are impacted.

State-sponsored threat actors are on the rise, especially targeting critical infrastructure. What are some key considerations for infrastructure modernization to address zero-day vulnerabilities and evolving threats like UNC3886?

Cheah: The first and most critical consideration is that infrastructure modernization must be secure by design, ensuring resilience is embedded across both technology architecture, operational processes and governance models.

At the state and ecosystem level, enhanced public-private operational integration is essential. Recent cyberthreats have highlighted the value of standing coordination frameworks that can be deployed rapidly and at scale. Institutionalizing these mechanisms, rather than relying on reactive collaboration, will be increasingly critical as attacks grow more frequent, sophisticated and covert. This includes shared threat intelligence, coordinated eviction efforts and aligned response thresholds across operators.

Another key priority is establishing consistent baseline security standards across the entire infrastructure ecosystem, not just individual operators. Advanced threat actors often exploit vulnerabilities in widely deployed platforms. Rigorous lifecycle management, timely patching and robust security requirements throughout the telecommunications and critical infrastructure supply chains can significantly raise the cost and complexity for attackers, while reinforcing overall systemic resilience and trust in national infrastructure.

Other than financial and trust losses, what are some hidden costs of inaction?

Cheah: Operational disruption is a major concern, as attacks on critical infrastructure can interrupt essential services or impact supply chains. Compromised access to customer data or service outages can lead to the disruption of communications and trigger cascading effects across other critical sectors, including finance, healthcare, transportation and public services.

Inaction can also impede innovation. Organizations may delay digital transformation or adoption of new technologies due to concerns about cyber exposure, ultimately affecting competitiveness and long-term growth.

Moreover, inaction signals vulnerabilities to threat actors, increasing the likelihood of more frequent and sophisticated attacks. This can lead to stricter regulatory scrutiny, expanded reporting requirements and greater accountability – particularly for organizations operating complex, hybrid environments. While such measures are necessary to protect systemic stability, they also introduce higher compliance costs, operational burden, and diversion of resources away from strategic priorities. 

From your experience with governments and enterprises in the Asia Pacific region, what are some best practices and strategies to safeguard critical infrastructure and prevent systemic disruption?

Cheah: Safeguarding critical infrastructure requires a multi-dimensional approach that addresses both present-day threats and future adversaries. Effective cybersecurity needs to span structural, operational and strategic dimensions and be treated as a core business priority rather than just an IT function.

A critical starting point is extending visibility beyond traditional endpoints. Advanced threat actors increasingly target network appliances, virtualisation layers and cloud-adjacent infrastructure that lie outside the reach of conventional endpoint security. Organizations must deploy deep telemetry and behavioral monitoring across networks, cloud environments, and infrastructure layers – not just servers and user devices.

Equally important is the principle of “assume breach” at design. Segmenting and isolating mission-critical systems significantly limits potential impact. This approach should extend across OSS/BSS platforms, management planes and interconnects, especially as networks continue to virtualize and modernize. This ensures incidents remain containable rather than systemic. 

Organizations must also adopt continuous validation of controls. Against sophisticated and adaptive adversaries, static audits are insufficient. Regular large-scale simulations, ongoing testing and iterative refinement of response playbooks should become standard operational practice.

Finally, cybersecurity is an ecosystem challenge. Threat actors exploit shared platforms and technologies, making intelligence sharing across operators, vendors and government agencies a force multiplier for collective defense.

Taken together, these practices form a comprehensive framework for protecting critical infrastructure. Organizations that embed cybersecurity into architectural and executive decision-making are far better positioned to maintain continuity, sovereignty and trust in an era of persistent state-sponsored threats.