Cybersecurity 2025

SINGAPORE Trends and Developments Contributed by: Sheena Jacob, Jaya Malhotra, Sherman Poon and Andre Choo, CMS

CrowdStrike outage in July 2024. The incident affected several businesses and caused a vari - ety of service disruptions, including significant delays affecting more than 100 flights at Changi airport. While the outage was reported to be the result of an innocuous software update and most affected services recovered in a day, its effects were far-reaching and caused wide-spread chaos. The resulting harms placed a spotlight on the importance of cyber-resilience across all segments of Singapore’s infrastructure, since threat actors targeting cyber-infrastructure may attempt to cripple critical functions which can cause catastrophic downstream effects. Organisations must continually assess their cybersecurity frameworks and develop robust contingency plans and remediation frameworks to safeguard the continuity of business opera - tions and remedy the cause of cyber-incidents as quickly as possible. The government is com - mitted to working with private organisations, providing key support and guidance for organi - sations to build up their cyber-resilience. Such government initiatives include SingCERT’s advi - sory on building digital resiliency, the practical resources and financial assistance offered by the Ministry of Digital Development and Information to encourage robust IT practices and the CSA’s cybersecurity toolkits. Introduction of MAS Notices on cyber considerations The Monetary Authority of Singapore (MAS) has also released notices and guidelines promot - ing responsible cyber-management, including Notices on Cyber Hygiene and Notices on Tech - nology Risk Management. The Notices on Cyber Hygiene outline manda - tory requirements for entities and individuals providing financial services, such as operators of

designated payment services, merchant banks and insurance agents. With a focus on cyber hygiene, the Notices require compliance with best practices like the application of appropri - ate security patches, the enactment and imple - mentation of adequate security standards, the implementation of malware protection and the execution of multi-factor authentication. Similarly, the Notices on Technology Risk Man - agement oblige financial service providers to make all reasonable efforts to maintain high availability for their critical systems, such that the maximum unscheduled downtime for each criti - cal system does not exceed a total of four hours within any period of 12 months. The service pro - vider must establish a recovery time objective not exceeding four hours for each critical system and must notify MAS within an hour of the discov - ery of an IT security incident which significantly impacts the provider’s operations or services. With the heightened risks of cybersecurity threats to Singapore’s financial infrastructure, the identification of and strict adherence to best practices will enable entities to adapt to and better manage emerging risks. Given the impor - tance of safeguarding Singapore’s reputation as a financial hub, it is imperative that all stake - holders work cohesively to maintain the trust of customers and investors. Considerations Regarding the Use of AI Increase in AI-powered cyber-attacks Threat actors are increasingly harnessing AI to enhance the sophistication and effectiveness of their cyber-attacks. By utilising machine learning algorithms, scammers and hackers can auto - mate the discovery of system vulnerabilities, bypass security measures, and launch more targeted attacks, AI tools can be used to craft highly personalised phishing emails or elaborate

249 CHAMBERS.COM

Powered by