Cybersecurity 2025

SINGAPORE Trends and Developments Contributed by: Sheena Jacob, Jaya Malhotra, Sherman Poon and Andre Choo, CMS

deepfakes that are more likely to deceive victims and cause significant losses. For example, an employee of a multinational company operat - ing in Hong Kong was duped into transferring approximately USD25.5 million to scammers, when he was misled after taking part in a video call that criminals set up using deepfakes of sev - eral members of staff, including the company’s chief financial officer. Additionally, attackers may exploit AI to launch brute-force attacks on passwords or encryption protocols, cracking them by rapidly predicting potential combinations at a much faster rate. As AI technology continues to evolve, attack - ers employing AI are staying one step ahead of traditional cybersecurity defences, making it increasingly difficult for organisations to detect and defend against threats. This underscores the need for organisations to implement stronger defence mechanisms, such as harnessing AI in the protective measures to counter AI-enhanced threats. Encouraging Robust Cybersecurity of AI Systems As Singapore invests more heavily in AI initiatives and develops its AI capabilities, the increasing reliance on AI systems across multiple sectors might incentivise threat actors to attack AI sys - tems directly or use the AI systems as a spring - board to launch their offensives. The CSA has published the Guidelines on Securing Artificial Intelligence Systems (the “Guidelines”) to pro - vide systems owners with a useful framework through which to plan the cybersecurity of their AI systems. The Guidelines warn against defensive meas - ures focusing on overly siloed aspects of the lifecycle of an AI system (the “AI lifecycle”), with such an approach being insufficient to establish

a holistic defensive framework against threat actors. Instead, the Guidelines provide key considerations to bear in mind when systems owners establish security frameworks. The key considerations are derived from the following five stages spanning the AI lifecycle. • Planning and design: potential systems own - ers should not adopt AI systems without first obtaining an understanding of the risks of doing so, and the choice to adopt an AI sys - tem must be followed by raising awareness and competency amongst all personnel. • Development: to prevent the distortion of an AI system’s operation, systems owners should secure the supply chain feeding their AI system and implement processes to iden - tify, track and protect AI-related assets from threat actors. • Deployment: when rolling out AI systems into their organisations, systems owners should take steps to safeguard the propriety of their AI system. • Operations and maintenance: once AI sys - tems have been rolled out, systems owners should continually monitor the functions and operations of their systems to ensure that the inputs to and outputs from the AI systems are safeguarded. • End of life: system owners should comply with all legal regulations and industry stand - ards/practices when decommissioning their AI systems, such as destroying or disposing of data repositories from which their AI mod - els were trained or operated. While AI presents a new frontier of opportuni - ties for entities, threat actors may be inclined to direct their threats towards AI systems. Singa - pore is quickly establishing itself as a global AI heavyweight, but as AI adoption rates increase, so should organisations secure their AI systems

250 CHAMBERS.COM

Powered by