Why Singapore’s Cybersecurity Risks are Surging and How To Tackle Third-Party Risk
Singapore’s interconnected digital economy is emerging as a prime target for cyber adversaries in 2025. In SecurityScorecard’s recent webinar, Understanding Third-Party Cyber Risk in Singapore’s Digital Ecosystem, experts analyzed the findings of our July report: The State of Cybersecurity Resilience in Singapore.
Even the most mature organizations are only as strong as the weakest link in their digital supply chain.
Watch the full webinar here
Why Singapore Is A Prime Cyber Target
The country has become a magnet for both state-sponsored espionage and criminal exploitation in recent years, Han Lau, Senior Manager, Solutions Architect at SecurityScorecard emphasized.
“Singapore is a regional hub,” Lau said. “Its status as a headquarters for many APAC organizations means a sprawling vendor ecosystem, especially in high-value sectors like finance, tech, and healthcare.” This complexity translates into exposure. Third-party breaches affect 71.4% of Singapore-based companies, the highest rate globally.
Listen to the audio of the webinar below:
The Rising Chinese ORB Hacking Threat
Gilad Maizles, a Senior Researcher on SecurityScorecard’s STRIKE Threat Intelligence team explained how Chinese state-sponsored hacking groups are increasingly using Operational Relay Box (ORB) infrastructure to compromise devices around the globe. These mesh-style, distributed networks allow attackers to quietly nest within compromised devices for extended periods, often undetected.
“Once these systems are embedded, threat actors can use them to stage future attacks, exfiltrate data, or simply surveil,” Maizles explained. “The danger is not just in what’s breached, but in what’s silently observed.”
Why Traditional Cyber Audits Fail in a High-Risk Ecosystem
Lau stressed that many organizations treat cybersecurity risk management like a checkbox exercise or an annual audit, rather than an ongoing defense practice.
As the report highlights, traditional third-party risk assessments are no longer enough in Singapore. Nearly 100% of assessed organizations suffered a fourth-party breach, meaning the compromise came from their vendor’s vendor.
This cascading risk is why SecurityScorecard advocates for continuous, real-time monitoring of supply chains.
“When you don’t know who your fourth parties are, you’re managing risk in the dark,” Lau warned.
What Global Supply Chain Breaches Mean for Singaporean Companies
The panel reflected on global breaches, from the Snowflake supply chain compromise to ransomware campaigns affecting Harrods, M&S, and Jaguar Land Rover, as case studies in why Singapore can’t afford to lag behind.
“The assumption that cloud or vendor environments are inherently secure is dangerous,” Maizles said. “Security is about implementation. The most common point of failure? Identity. Credentials that shouldn’t exist, permissions that are too generous, APIs without MFA, these open the door.”
How Can Security Leaders in Singapore Buy Down Risk?
To strengthen cyber resilience across your supply chain, security teams in Singapore should focus on four critical actions:
- Map the Ecosystem: Understand all third- and fourth-party connections, especially software dependencies and outsourced providers.
- Enforce Accountability: Require breach disclosures from vendors and assess their incident response readiness.
- Monitor Continuously: Use real-time tools to track security posture and react to changes, not just annual assessments.
- Prepare for the Inevitable: Build security into design, simulate incidents, and establish recovery protocols before disaster strikes.
Download the Report
The evidence in Singapore is overwhelming: Traditional cybersecurity is no longer enough. Discover what’s putting Singapore’s most vital sectors at risk and how to protect your ecosystem by reading the full report.
📥 Download The State of Cybersecurity Resilience in Singapore