Cybersecurity News in Asia

APT threats: Prevention is better than cure

By JP Yu, VP, Southeast Asia and Korea, Proofpoint | Wednesday, August 13, 2025, 2:55 PM Asia/Singapore

Strengthening Singapore’s – and Asia Pacific’s – cyber defenses against escalating APT threats to critical infrastructure.

Singapore is confronting an increasingly hostile cyberthreat landscape. Coordinating Minister for National Security K Shanmugam recently confirmed that the nation is actively responding to a “highly sophisticated threat actor” targeting its critical infrastructure. This isn’t an isolated incident — it’s part of a broader, sustained campaign by advanced persistent threat (APT) groups.

Today’s APT campaigns are smarter, faster, and more evasive. Asia-Pacific (APAC) accounts for the largest share (42%) of recorded exploitation attempts. Threat actors can leverage artificial intelligence, automation, and zero-day exploits to breach systems with surgical precision.

These actors are no longer content with reconnaissance. They’re embedding themselves deep within critical infrastructure, laying the groundwork for potential future disruption at a scale we’ve never seen before. The result is a threat environment that is dynamic, complex, and unforgiving.

This shift is a wake-up call for organizations across Singapore, especially those operating in critical infrastructure sectors such as energy, transport, finance, and healthcare. The stakes are high: a successful breach could compromise sensitive national data, disrupt essential services, and erode public trust.

Targeting humans: the new frontline

Unlike opportunistic cybercriminals, APT actors are patient, well-funded, and strategic. Often backed by nation-states or sophisticated criminal networks, they use spear-phishing, credential harvesting, and lateral movement to maintain persistence within target environments.

Proofpoint’s latest Human Factor 2025 Report reveals a striking trend:

25% of all state-sponsored phishing campaigns now begin with “benign” emails designed to build trust.
90% of these messages feign interest in collaboration or engagement.

For example, North Korean actor TA427 uses journalist personas to probe sensitive geopolitical issues, while Iran’s TA453 employs similar tactics in Middle Eastern affairs. These campaigns are increasingly psychological, exploiting human curiosity and trust rather than technical vulnerabilities.

Singapore’s strategic role as a regional financial hub makes it a high-value target. As our systems become more interconnected, our risk surface expands. The recent alert from the Cyber Security Agency of Singapore (CSA) regarding rising threats to critical information infrastructure (CII) underscores the urgency for a coordinated and resilient cyber defense posture.

Raising the bar: beyond compliance

To defend effectively against APTs, organizations must go beyond checkbox compliance. Owners of Singapore’s Critical Information Infrastructure (CII) across 11 sectors will soon be required to report incidents suspected to be caused by APTs. While alignment with CSA’s Cybersecurity Code of Practice is foundational, true resilience demands a proactive, layered approach:

Human-centric security
People are the first line of defense — and the most targeted. Deploy a modern AI-powered human-centric platform to protect the human layer, which includes behavioral and intent-based detection and flags or blocks anomalies that may indicate compromise. These AI models continuously learn from real-world threats, customer deployments, collaboration platforms, cloud and on-premises data stores.
This layer of protection helps organizations identify threats that bypass traditional security controls. Combined with regular awareness training, it builds a resilient security culture where employees are empowered to act as active defenders.
Real-time threat intelligence
Staying ahead of adversaries requires insight into their tactics, techniques, and infrastructure. Intelligence platforms must translate global threat activity into actionable local context.
Incident response preparedness
Breaches are inevitable, but delays are not. A rehearsed, cross-functional incident response plan can limit disruption and accelerate recovery.
Third-party risk management
APT actors increasingly exploit supply chain vulnerabilities. Continuous monitoring of vendor and partner risk profiles is now a baseline requirement.

Cybersecurity as a strategic imperative

APT activity is not a passing wave, and it represents a long-term shift in the threat landscape. As adversaries grow more agile and resourceful, Singapore’s defences must become equally dynamic. Cybersecurity must be elevated from IT issue to board-level priority — from compliance to core strategy.

The time to act is now. Singapore’s future as a secure, trusted digital nation depends on it.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
2024 Insider Threat Report: Trends, Challenges, and Solutions
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
AI-Powered Cyber Ops: Redefining Cloud Security for 2025
The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
Data Management in the Age of Cloud and AI
In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper

Middle-sidebar-banner

Case Studies

Cyber protection for medical clinics in Singapore
As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
India’s WazirX strengthens governance and digital asset security
Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
Bangladesh LGED modernizes communication while addressing data security concerns
To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more
What AI worries keep members of the Association of Certified Fraud Examiners sleepless?
This case study examines how many anti-fraud professionals reported feeling underprepared to counter rising AI-driven …Read more

Bottom sidebar

Other News

Tencent Cloud Unveils AI-Powered Gaming Solutions at GDC 2026, Transforming Connection, Creation, and Security for the Future of Games
Friday, March 13, 2026
The Latest GVoice Brings Revolutionary …Read More »
TXOne Networks Showcases TXOne Complete at S4x26, Advancing the Full OT Security Journey for Channel Partners
Thursday, March 12, 2026
The operations-first OT security partner …Read More »
Globe Teleservices Announces Partnership with Myanma Posts and Telecommunications to Enhance Secure Messaging and Customer Experience
Thursday, March 12, 2026
SINGAPORE, March 11, 2026 /PRNewswire/ …Read More »
Coremail Shares Insights on Strengthening Enterprise Email Security Amid Evolving Threats
Thursday, March 12, 2026
BANGKOK, March 11, 2026 /PRNewswire/ …Read More »
Cohesity Strengthens Data Protection and Security to Advance Enterprise AI Resilience
Thursday, March 12, 2026
SINGAPORE, March 11, 2026 /PRNewswire/ …Read More »

Cybersecurity News in Asia

Featured

Beyond firewalls – addressing cybersecurity blind spots

Featured

Where are financial fraud and AML regulations heading in S E Asia?

Featured

How AI is reshaping dating in Asia