Singapore targets ransomware with tougher policies, avoids payouts
New task forces, regulations, and public-private efforts shape a ransomware-resistant Singapore.
Singapore has stepped up its fight against ransomware, cutting attacks by 20% this year, though rates remain higher than global averages. With proactive government measures, experts highlight a strong commitment to combat ransomware while minimising payouts—a strategy central to the country’s approach.
According to Prof Liu Yang, Executive Director for Cyber Research Programme Office and Cyber Security Research Centre at Nanyang Technological University (NTU), Singapore’s response to ransomware includes “an inter-agency task force composed of senior representatives from technology, cybersecurity, financial regulations, and law enforcement” to ensure comprehensive protection for critical infrastructures.
Liu also highlighted the upgrade of Singapore’s cybersecurity strategy to implement zero-trust architectures, saying that a “one-stop platform” now provides companies with “decryption keys and instance response guidance” to streamline their responses to ransomware incidents.
Abhilash Purushothaman, General Manager and Vice President of Rubrik Asia, noted that while progress is being made, gaps in cybersecurity preparedness remain significant. Referring to a recent report from Singapore’s Cyber Security Agency (CSA), he shared his view that Singaporean companies have experienced “the highest rate globally” of cyber incidents in the past year.
The need for stronger resilience has prompted the government to consider new regulations for service providers, data centres, and cloud companies to meet stricter security standards. Minister of Communications and Information, Josephine Teo, recently confirmed that these regulations aim to “reduce the likelihood of systematic disruptions.”
Purushothaman stressed that heightened guidance is critical since, for many businesses, “96% of the organisations that are hit by ransomware paid the demand.” Often, organisations face pressure to pay ransoms to prevent sensitive data leaks, but cybersecurity advocates warn that such payouts embolden attackers.
Both Prof Liu and Purushothaman highlighted the sectors most vulnerable to ransomware, identifying healthcare, financial services, manufacturing, education, and government as prime targets.
With Singapore’s expanded cybersecurity capabilities, officials and cybersecurity experts strongly discourage ransom payments. “Law enforcement agencies in Singapore strongly discourage ransom payment as paying does not guarantee data decryption or prevent information leakage,” Liu said.
CSA also cautions companies against succumbing to ransom demands, with Purushothaman emphasising that paying “signals cyber criminals that organisations are willing to comply with the extortion demands.”
Instead, companies are urged to adopt an “assumed breach mindset,” which includes robust data backups and zero-trust principles to safeguard data integrity. Purushothaman summed up Rubrik’s approach, stating, “Recovering from a clean backup is the only way to beat the attackers.”
Commentary
Offshore wind power needs Singapore’s expertise as Asia’s reliance on fossil fuels rises