Geographically speaking, Singapore is as close to the middle of the earth as it gets: just one degree off the equator.  So, it is fitting that, as a global financial and technological destination, Singapore thrives on interconnectedness. However, this digital landscape also exposes Singapore to a growing array of cyber threats.

For example, in 2022, there were 132 ransomware attacks reported in Singapore – a fourfold increase since 2019.  And part of a notable jump in overall cyber threats in Q2 of 2022. And most recently, the attack on law firm Shook Lin & Bok, led to the firm (allegedly) paying a $18.9mn Bitcoin ransom. Against this arsenal of threats, Singapore has begun to embrace the innovative technology of artificial intelligence (AI), creating a high stakes race to stay one step ahead of malicious actors.

The ransomware threat

Ransomware and data breaches have a notorious history in Singapore. Attacks have targeted critical infrastructure, spanning Singapore’s Ministry of Defence (MINDEF) where a breach resulted in the personal data of 850 national service members and employees being stolen. In 2018, the personal data of 1.5 million SingHealth patients were compromised. This was followed by the 2023 healthcare service outage, as a result of a Denial-of-Service (DoS) attack.

Against this backdrop, a 2023 survey from the Singapore Cybersecurity Agency (CSA) reported that 84% of organisations had encountered a ransomware attack. Of these, 99% said that they suffered negative effects on their operations such as business disruptions, data loss, and reputational damage.

And the threat is growing. Contemporary reports suggest that the rise of “Ransomware-as-a-Service” (RaaS) models, are a particular risk to Singapore. With one of the highest internet penetration rates in the world (99 percent), Singaporean businesses are unusually exposed to online threats.

This seriousness has been reflected in the partnership between Singapore and the United Kingdom, as co-chairs of the Counter Ransomware Initiative (CRI) – an international effort to ‘publicly denounce ransomware and strongly discourage paying ransomware demands’.

But ransomware is not the only threat in town. In a recent keynote address, David Koh, chief executive of the CSA, reflected that few users appreciate the security risks of cloud and have the expertise to implement the complex security controls needed to safeguard virtual networks and data.

Consequently, the Singaporean government has developed a range of programmes to improve the cyber readiness of enterprises, including standards to assess a cyber hygiene.

Following on from these initiatives, the CSA recently announced a public consultation exercise around technical guidelines to secure artificial intelligence (AI) systems – and has called for industry involvement.

AI: The double-edged sword

Artificial intelligence is both a cause and cure for cybersecurity woes. Attackers can leverage AI to automate attacks, craft more convincing phishing emails, and bypass security measures.

But AI can be a powerful defensive measure. AI-driven solutions can analyse vast amounts of data to identify patterns and anomalies indicative of an attack. Machine learning algorithms can be used to detect and block malicious activity.

Such automated threat detection and analysis makes AI a superb tool to complement existing security measures, but not to replace them.  And of course, AI must be placed alongside increased cybersecurity awareness, and a complete data security strategy.

But even with such caveats, it is clear that AI is set to play a key part in the cybersecurity of Singapore.  The CSA has already begun to collaborate with industry partners and the broader cybersecurity community, including agreements with Google, Microsoft and NTT, to formalise the exchange of threat intelligence to improve AI-driven countermeasures to threats.

This itself builds on the Singaporean development of an AI governance testing framework that evaluates AI deployment against objective technical trials and process checks.

One way of injecting generative AI into the defensive cybersecurity landscape is via new investment in solutions such as network detection and response (NDR).  As a leader in this field, Gatewatcher has developed GAIA, a generative AI assistant, designed to accelerate the detection, qualification and analysis of cybersecurity incidents within SOC teams.

For these teams, generative AI improves the defensive posture by making it easier to implement security policies,  Response is enhanced by greater accuracy of security alerts and remediation is made better by faster decision-making and actions being taken quicker.

NDR systems leverage AI to bolster cybersecurity by better anomaly detection and automated threat analysis and incident response. Beyond this, AI can continuously scan the network for hidden threats, freeing up security analysts to focus on strategic tasks. Because the cybersecurity landscape in Singapore is evolving so rapidly, enterprises must stay vigilant and adapt defences.  This will make the power of AI a vital issue.

As the AI-driven evolution of both ransomware threats and NDR solutions show, the existing cybersecurity battle has intensified, but by investing in key technologies now Singapore can maintain its position as a thriving – and secure – digital hub.