Singapore, a prominent business hub with advanced digital infrastructure, is facing an escalating wave of sophisticated and targeted cyber threats, with identity theft emerging as a significant concern for both organizations and individuals. The fast transition to digital services has increased this attack surface. This expansion has exposed an entirely new set of vulnerabilities that malicious actors are quick to exploit. Gerry Sillars, Semperis’ Vice President for Asia Pacific and Japan, implores Singapore to not rest on its laurels. He wants to see a more proactive cybersecurity strategy to counter these looming threats, saying compromised identities are the new frontier for ransomware and other malicious attacks.

Singapore’s advanced digital infrastructure combined with its prominence as a core regional and global business hub have made it a prime target for cybercriminals. We know this because the nation has rapidly adopted digital services. This speed of transition has inadvertently granted cybercriminals a large attack surface with numerous potential entry points. Though these digital assets and services improve convenience and efficiency, they create new vulnerabilities that can be exploited.

That human factor is still our most important cyber security weakness. Cybercriminals often take advantage of taxpayers by social engineering or phishing them. They use these misleading tactics to gain entry to valuable data and networks. The potential for identity theft has never been higher. Singpass accounts are now being sold on underground hacker forums, endangering the safety of individuals and companies alike.

Identity theft is a major crime wave in Singapore, with dire ramifications for businesses and citizens alike. As per Semperis research, an astonishing 90 percent of ransomware attacks include the compromise of the identity system. This reflects the importance of identity as the new attack vector in today’s cyberattacks, as well as the importance of implementing strong identity-driven security protections.

Organizations are having a tough time keeping up with, let alone securing, machine identities. A recent study revealed that 72 percent of those responsible for managing machine identities find it more challenging than managing human identities. This increased complexity of management can result in missed vulnerabilities and possible security exposures.

For Gerry Sillars, having strong security controls is the best way to protect your organization. Strong authentication methods—like client certificates—are a must, and organizations should rotate them regularly to north the chances of someone gaining unauthorized access. Yet he now heavily pushes for an adopted zero-trust model. This zero trust approach never assumes a human or machine’s identity is established, meaning no user or device receives an assumed level of trust.

By 2025, zero-trust frameworks will be required to bolster security. At the same time, AI-enabled threat detection will make it easier to spot and stop fraud like never before. These technologies can provide unprecedented, sophisticated capabilities to detect and prevent potential suspicious activity, increasing the security posture of any organization.

In Singapore, three major trends are driving identity-first security strategies. These trends are the increasing movement towards Zero Trust frameworks, AI-empowered threat detection, and Multi-Factor Authentication (MFA). These strategies advance a proactive rather than a reactive posture in terms of cybersecurity. They stress that identity and access provisioning must be verified at each step of a digital interaction.

AI-powered detection also helps fulfill the comprehensive threat protection requirement—critical when a strong immediate response is needed. Public sector organizations can use AI-based tools to identify the potentially harmful, anomalous machine-to-machine behavior in real-time. This stars them to quickly identify, prevent and respond to possible attacks. This forward-thinking approach is key to outpacing more advanced and more sophisticated cyber adversaries.