BylinesCyber Crime & ForensicIdentity & AccessThreat Detection & Defense

Driving Innovation and Security in the Future of Finance in Singapore

Ian Farquhar, Security Chief Technology Officer, Gigamon

Security of Finance in SingaporeThe critical role of the banking sector has made cybersecurity a focal point in recent years. In Singapore, the financial services sector saw 346 ransomware incidents in 2023, making it one of the most targeted industries. But the question is — do they know who they’re up against?

As banks become increasingly modernised, turning to open banking and enhancing their hybrid-cloud environments, they are not alone. Cyber criminals’ tactics are also evolving, creating an ongoing arms race between security teams and threats. And with banks housing a plethora of sensitive payment data, having access to high-profile information, and playing a critical role in the country’s operations, ransomware actors continue to target this sector with attacks, hoping a big payout could be on the table.

A shift in the landscape

The financial sector has undergone a digital revolution in the last decade. As financial processes move online and the world becomes increasingly cashless, banks are embracing the cloud for more internal and customer-facing processes. It’s a no-brainer: the cloud offers scalability, efficiency, and more flexible digital banking options for customers. And with young FinTech challengers quick to offer open banking, traditional financial services organisations that are slow to digitise may lose out to competition.

According to recent studies, the total transaction value of digital payments in Singapore is expected to surge to a projected total amount of US$43.40 bn by 2028, demonstrating the increasing reliance on digital payment methods. Rapid migrations and a new, hybrid cloud environment requires far more than traditional on-premises security tools, leaving critical security blind spots. If digital payment systems are left with security gaps, one well-placed attack could disrupt national stability on a scale we have not yet seen.

Biding their time

Financial institutions face significant risks, especially as ransomware remains a top threat despite heavy cybersecurity investments. This is compounded by a growing concern over Ransomware-as-a-Service (RaaS) — which allows cybercriminals to “subscribe” to a ransomware service from other hackers to infiltrate corporate networks. This exposes them up to a range of tactics from phishing and exploiting software vulnerabilities. These hackers persist on networks for months at a time, moving laterally to collect intelligence and locate sensitive data stores. Any further actions, such as launching malware, stealing data, or destroying a server, can then cause maximum damage.

As hybrid cloud environments grow more complex, workloads and data become more widespread and broaden the attack surface of any organisation. For financial institutions, finding and illuminating any potential blind spots needs to be a key consideration before, during, and after every cloud migration. Moreover, security teams must reconfigure their tool stacks to achieve sufficient visibility into the cloud. Traditional, on-premises security tools are often over-reliant on data from logs, traces, and event files, making them very easy for today’s more sophisticated threat actors to exploit. Logs are mutable, meaning criminals can manipulate these records to cover their tracks and successfully evade detection. The only way for security teams to successfully expose hidden threats is by gaining complete visibility of all the traffic on their networks, including East-West traffic in both on-premises and cloud environments.

Hiding in plain sight

Threat actors also exploit a common security strategy: encryption. The Monetary Authority of Singapore (MAS) has recently raised concerns about quantum computing’s potential to break traditional encryption. Additionally, encrypted traffic can hide malicious activities happening within a network, preventing security tools from detecting suspicious network behaviour and even data exfiltration.

Two-thirds of security leaders in Singapore acknowledge that encrypted traffic is less likely to be inspected, often bypassing scrutiny due to the high costs and complexities of decryption. In fact, 62% admit they haven’t tackled decryption as they consider it time-consuming and costly — the highest rate globally, surpassing the worldwide average of 53%. But in doing so, security teams are leaving their networks vulnerable to attacks, running the risk of only discovering a breach when it’s too late and stolen data is already on the dark web.

Financial institutions cannot afford to fall behind today’s cybercriminals. No organisation can defend against a threat that they don’t know is in their network, so achieving deep observability over all networks — including encrypted data any traffic and data flow between devices — is the only way to protect against unforeseen attacks and disruption.

Ian Farquhar

Security Chief Technology Officer, Gigamon - With over 20 years of experience in cybersecurity and having held key positions at Cisco, RSA, and Sun Microsystems, Ian is a seasoned spokesperson capable of simplifying complex AI and cybersecurity risk narratives, while offering potential short- and long-term solutions for a general audience. As the Security CTO at Gigamon, he oversees security architecture, zero trust, cryptography, and risk management for both enterprise and government networks. He is also a member of the Gigamon Product Security Incident Response Team and has contributed to the design of multiple Gigamon products.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *