{"id":4101,"date":"2025-07-24T06:04:44","date_gmt":"2025-07-24T06:04:44","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4101"},"modified":"2025-07-24T06:04:44","modified_gmt":"2025-07-24T06:04:44","slug":"singapores-cybersecurity-paradox-top-firms-rated-a-yet-all-breached","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4101","title":{"rendered":"Singapore\u2019s cybersecurity paradox: Top firms rated A, yet all breached"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

All of Singapore\u2019s top companies have recently suffered cyberattacks through third-party breaches, despite achieving high cybersecurity ratings.<\/p>\n

According to a SecurityScorecard report<\/a>, 91% of Singapore\u2019s top 100 companies (by market capitalization) earned an A-grade rating,\u00a0yet every single one of them suffered supply chain breaches in the past year.<\/p>\n

\u201cEvery major company in Singapore is being impacted by risks they don\u2019t directly control,\u201d said Ryan Sherstobitoff<\/a>, chief intelligence officer of SecurityScorecard\u2019s STRIKE research unit. \u201cAs threat actors grow more sophisticated and supply chains more complex, cybersecurity resilience requires constant vigilance across all digital relationships\u2014whether direct, third-party, or fourth-party. The cost of delay is simply too high.\u201d<\/p>\n

The research found that only 5% of the companies suffered a direct breach in the last year, most commonly through malware.<\/p>\n

<\/a>The fourth-party problem nobody saw coming<\/h2>\n

SecurityScorecard\u2019s 2025 review found 100% of the top 100 firms having at least one compromised third-party provider in their digital supply chain. Despite Singapore boasting one of the lowest rates of poor internal cyber hygiene, just 4% had a C grade or below, these extended ecosystem breaches continue to hit hard.<\/p>\n

Fourth-party risks come from vendors used by an organization\u2019s suppliers, often unseen but just as critical. The MOVEit breach from 2023<\/a> made this clear, where a flaw in a file transfer tool used by third-party vendors led to widespread fallout, hitting companies with no direct link to the software. The incident showed how hidden supply chain gaps can cause very real damage.<\/p>\n

\u201cCyber resilience isn\u2019t a competitive edge anymore, it\u2019s a business imperative,\u201d Sherstobitoff said. \u201cAccountability won\u2019t be optional in 2025.\u201d<\/p>\n

Singapore\u2019s top performers in cybersecurity ratings, with 100% A grades, were Agriculture, Energy, and Healthcare, the report added. The Financial sector followed closely,\u00a0 with 90% rated A, outperforming Europe\u2019s 39%. Still, none of these A graders could actually avoid supply chain entanglements. The technology sector reported the highest direct breach rate of 40%, compared to an average of 5% across the board.<\/p>\n

The research accounted for a period from 24th June 2024 to 24th June 2025, examining the cyber performance of the top 100 publicly traded companies in Singapore, which, although not directly named in the report, likely includes major players like DBS Group Holdings, Sea Ltd, OCBC Bank, Singtel, and United Overseas Bank (UOB).<\/p>\n

<\/a>Singapore faces targeted threats<\/h2>\n

Beyond statistical exposure, Singapore is also facing targeted campaigns against its critical infrastructure. One such operation<\/a> <\/em>involves China-linked threat group UNC3886, recently observed<\/a> exploiting vulnerabilities in Juniper (Junos OS) routers to infiltrate telecom and service provider networks.<\/p>\n

Gilad Maizles<\/a>, threat researcher at SecurityScorecard, said, \u201cThe campaign appears to be operated through a China-nexus ORB network known as the GobRAT ORB.\u201d Operational Relay Box (ORB) networks act as stealthy infrastructure layers, allowing attackers to relay malicious activity through a mesh of compromised systems, making the attacks persistent and evasive.<\/p>\n

\u201cThe targeting of critical infrastructure in Singapore is a clear example of how China-aligned threat actors are shifting toward ORB-based infrastructure to obscure attribution and enable sustained access across high-value regional targets,\u201d Maizles explains. He also noted the parallels with Volt Typhoon, a similar espionage campaign aimed at US<\/a> infrastructure, suggesting a coordinated shift toward pre-positioning tactics. <\/p>\n

To address these systemic risks, SecurityScorecard report recommends a shift from reactive assessments to proactive resilience metrics and workflows. These include mitigating fourth-party exposure through third-party risk management<\/a> programs, integrating threat intelligence<\/a> across ecosystems, mapping vendor risks and sketching supply chain incident response workflows, and implementing secure-by-design and hardening critical infrastructure through multi-factor authentication<\/a> and patch management<\/a>.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

All of Singapore\u2019s top companies have recently suffered cyberattacks through third-party breaches, despite achieving high cybersecurity ratings. According to a SecurityScorecard report, 91% of Singapore\u2019s top 100 companies (by market capitalization) earned an A-grade rating,\u00a0yet every single one of them suffered supply chain breaches in the past year. \u201cEvery major company in Singapore is being […]<\/p>\n","protected":false},"author":0,"featured_media":4089,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4101","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4101"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4101"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4101\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4089"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}