Strengthening Singapore’s – and Asia Pacific’s – cyber defenses against escalating APT threats to critical infrastructure.
Singapore is confronting an increasingly hostile cyberthreat landscape. Coordinating Minister for National Security K Shanmugam recently confirmed that the nation is actively responding to a “highly sophisticated threat actor” targeting its critical infrastructure. This isn’t an isolated incident — it’s part of a broader, sustained campaign by advanced persistent threat (APT) groups.
Today’s APT campaigns are smarter, faster, and more evasive. Asia-Pacific (APAC) accounts for the largest share (42%) of recorded exploitation attempts. Threat actors can leverage artificial intelligence, automation, and zero-day exploits to breach systems with surgical precision.
These actors are no longer content with reconnaissance. They’re embedding themselves deep within critical infrastructure, laying the groundwork for potential future disruption at a scale we’ve never seen before. The result is a threat environment that is dynamic, complex, and unforgiving.
This shift is a wake-up call for organizations across Singapore, especially those operating in critical infrastructure sectors such as energy, transport, finance, and healthcare. The stakes are high: a successful breach could compromise sensitive national data, disrupt essential services, and erode public trust.
Targeting humans: the new frontline
Unlike opportunistic cybercriminals, APT actors are patient, well-funded, and strategic. Often backed by nation-states or sophisticated criminal networks, they use spear-phishing, credential harvesting, and lateral movement to maintain persistence within target environments.
Proofpoint’s latest Human Factor 2025 Report reveals a striking trend:
- 25% of all state-sponsored phishing campaigns now begin with “benign” emails designed to build trust.
- 90% of these messages feign interest in collaboration or engagement.
For example, North Korean actor TA427 uses journalist personas to probe sensitive geopolitical issues, while Iran’s TA453 employs similar tactics in Middle Eastern affairs. These campaigns are increasingly psychological, exploiting human curiosity and trust rather than technical vulnerabilities.
Singapore’s strategic role as a regional financial hub makes it a high-value target. As our systems become more interconnected, our risk surface expands. The recent alert from the Cyber Security Agency of Singapore (CSA) regarding rising threats to critical information infrastructure (CII) underscores the urgency for a coordinated and resilient cyber defense posture.
Raising the bar: beyond compliance
To defend effectively against APTs, organizations must go beyond checkbox compliance. Owners of Singapore’s Critical Information Infrastructure (CII) across 11 sectors will soon be required to report incidents suspected to be caused by APTs. While alignment with CSA’s Cybersecurity Code of Practice is foundational, true resilience demands a proactive, layered approach:
- Human-centric security
People are the first line of defense — and the most targeted. Deploy a modern AI-powered human-centric platform to protect the human layer, which includes behavioral and intent-based detection and flags or blocks anomalies that may indicate compromise. These AI models continuously learn from real-world threats, customer deployments, collaboration platforms, cloud and on-premises data stores.
This layer of protection helps organizations identify threats that bypass traditional security controls. Combined with regular awareness training, it builds a resilient security culture where employees are empowered to act as active defenders. - Real-time threat intelligence
Staying ahead of adversaries requires insight into their tactics, techniques, and infrastructure. Intelligence platforms must translate global threat activity into actionable local context. - Incident response preparedness
Breaches are inevitable, but delays are not. A rehearsed, cross-functional incident response plan can limit disruption and accelerate recovery. - Third-party risk management
APT actors increasingly exploit supply chain vulnerabilities. Continuous monitoring of vendor and partner risk profiles is now a baseline requirement.
Cybersecurity as a strategic imperative
APT activity is not a passing wave, and it represents a long-term shift in the threat landscape. As adversaries grow more agile and resourceful, Singapore’s defences must become equally dynamic. Cybersecurity must be elevated from IT issue to board-level priority — from compliance to core strategy.
The time to act is now. Singapore’s future as a secure, trusted digital nation depends on it.