Innovation and security in Singapore’s financial sector

The critical role of the banking sector has made cybersecurity a focal point in recent years. In Singapore, the financial services sector saw 346 ransomware incidents in 2023, according to QBE’s whitepaper, “Cyber Threats to the Financial Services Industry,” making it one of the most targeted industries. But the question is — do they know who they’re up against?

Banks are becoming increasingly modernised, turning to open banking and enhancing their hybrid-cloud environments, but they are not alone. Cybercriminals’ tactics are also evolving, creating an ongoing arms race between security teams and threats. And with banks housing a plethora of sensitive payment data, having access to high-profile information, and playing a critical role in the country’s operations, ransomware actors continue to target this sector with attacks, hoping a big payout could be on the table.

A shift in the landscape

The financial sector has undergone a digital revolution in the last decade. As financial processes move online and the world becomes increasingly cashless, banks are embracing the cloud for more internal and customer-facing processes. It’s a no-brainer: The cloud offers scalability, efficiency, and more flexible digital banking options for customers. And with young fintech challengers quick to offer open banking, traditional financial services organisations that are slow to digitise may lose out to competition.

- Advertisement -

According to Statista’s projections, the total transaction value of digital payments in Singapore is expected to surge to US$43.40 billion by 2028, demonstrating the increasing reliance on digital payment methods. Rapid migrations and a new hybrid-cloud environment require far more than traditional on-premises security tools, leaving critical security blind spots. If digital payment systems are left with security gaps, one well-placed attack could disrupt national stability on a scale we have not yet seen.

Biding their time

Financial institutions face significant risks, especially as ransomware remains a top threat despite heavy cybersecurity investments. This is compounded by a growing concern over ransomware as a service (RaaS), which allows cybercriminals to “subscribe” to ransomware tools from other hackers to infiltrate corporate networks. This exposes organisations to a range of tactics, from phishing to exploiting software vulnerabilities. These hackers persist on networks for months, moving laterally to collect intelligence and locate sensitive data stores. Further actions, such as launching malware, stealing data, or destroying a server, can then cause maximum damage.

As hybrid cloud environments grow more complex, workloads and data become more widespread, broadening the attack surface of any organisation. For financial institutions, identifying and illuminating potential blind spots must be a priority before, during, and after every cloud migration. Moreover, security teams must reconfigure their tool stacks to achieve sufficient visibility into the cloud. Traditional on-premises security tools often rely heavily on data from logs, traces, and event files, making them vulnerable to today’s more sophisticated threat actors. Logs are mutable, meaning criminals can manipulate these records to cover their tracks and successfully evade detection. The only way for security teams to expose hidden threats is by gaining complete visibility of all traffic on their networks, including East-West traffic in both on-premises and cloud environments.

Hiding in plain sight

Threat actors also exploit a common security strategy — encryption. The Monetary Authority of Singapore (MAS) has recently raised concerns about quantum computing’s potential to break traditional encryption. Additionally, encrypted traffic can hide malicious activities within a network, preventing security tools from detecting suspicious behaviour or data exfiltration.

Two-thirds of security leaders in Singapore, according to Gigamon’s study “Hybrid Cloud Security: Closing the Cybersecurity Preparedness Gap,” acknowledge that encrypted traffic is less likely to be inspected, often bypassing scrutiny due to the high costs and complexities of decryption. In fact, 62% admit they haven’t tackled decryption as they consider it time-consuming and costly — the highest rate globally, surpassing the worldwide average of 53%. But in doing so, security teams are leaving their networks vulnerable to attacks, running the risk of only discovering a breach when it’s too late and stolen data is already on the dark web.

Financial institutions cannot afford to fall behind today’s cybercriminals. No organisation can defend against a threat that they don’t know is in their network, so achieving deep observability over all networks — including encrypted data, any traffic, and data flow between devices — is the only way to protect against unforeseen attacks and disruption.