Think like criminals, anticipate cyber-attack tactics: Experts

SINGAPORE - Organisations need to think like cyber criminals and proactively run simulated real-world attacks internally to better prepare their cyber defenders in the age of artificial intelligence (AI), speakers at a cyber-security conference said.

“Globally, we are seeing growing interest, and increasingly brazen activity, against critical infrastructure: ports, utilities, telecommunications, transport networks,” said Singapore’s Defence Cyber chief Clarence Cai on July 4.

“Not perhaps for immediate disruption or commercial gain, but to map dependencies, identify vulnerabilities and pre-position for possible future leverage,” Colonel (COL) Cai noted.

“Now add AI to the mix – and this threat landscape goes on steroids.”

Urging organisations to use AI to anticipate attack tactics, he said: “This mindset shift might be the most important variable in the fight to come.”

COL Cai was one of several speakers at ST Engineering’s Cybersecurity Summit 2025, which brought together industry leaders to discuss AI-powered cyber attacks and plans to stay ahead in an increasingly complex threat landscape.

Cyber attackers can run countless permutations on how to breach systems, considering factors such as credentials to unlock systems and potential points of exploitation, he said.

In sharp contrast, defenders often think in a more checklist-oriented manner, he said during his keynote address at the event.

He added that this fundamental difference gives attackers the upper hand – unless defenders learn to adopt the dynamism that attackers have, which would level the playing field.

He said that the mindset shift has already taken place in the military, citing what is being done at Singapore’s Cyber Defence Test and Evaluation Centre (CyTEC).

CyTEC was established in 2015, and falls under the banner of the Defence Cyber Command (DCCOM). It provides a virtual sandbox environment that simulates cyber threat scenarios to test defenders’ skills and responses.

“CyTEC is where our most promising cyber minds – including national servicemen – develop AI-native workflows for red teaming and defence,” he said. Red teaming is when ethical hackers simulate cyber attacks so organisations can test the effectiveness of their cyber-security system.

In his speech, COL Cai said that defence is no longer just about where uniformed personnel meet, but also about where vulnerabilities exist.

People and commercial organisations face non-kinetic, military-grade threats, said COL Cai, citing the cyber attack on British retailer Marks & Spencer earlier in the year which resulted in an estimated £300 million (S$520 million) loss in profit.

“The T-72 (battle tank) never rolled in – but the digital equivalent of a precision strike did,” he added.

Military conflicts also no longer just target weapon platforms but also the digital infrastructure that people rely on, said COL Cai.

He said: “During recent hostilities between Israel and Iran, the world watched hypersonic missiles light up the night sky. But in the shadows, cyber attacks disrupted air traffic, spoofed the Global Positioning System, and interfered with hospital and financial services.

“These attacks weren’t just at the front line, they were levelled at the foundations of modern society.”

Urging all organisations, including small and medium-sized enterprises, to prepare early and systematically, Cyber Security Agency (CSA) of Singapore chief executive David Koh likened cyber security to brakes on a car.

“If you want to go fast, you need good brakes. If you want to digitalise, you need good cyber security,” said Mr Koh.

He added that digital resilience is a basic requirement for everybody to succeed in an increasingly digital economy. “When the security posture of SMEs is strengthened, then there is a multiplicative effect. The protection extends beyond the SMEs themselves into the wider supply chain ecosystem, which all of us depend on.”

During the summit, Senior Minister of State for Digital Development and Information Tan Kiat How said Singapore has built a strong cyber-security foundation.

He cited initiatives such as the Infocomm Media Development Authority’s CTO-as-a-Service, which gives SMEs access to expert digital guidance, and CSA’s CISO-as-a-Service, which helps SMEs overcome resource constraints and knowledge barriers they may face in implementing cyber security.

However, he added that consistently building on this foundation is important to keep up with the evolving threat landscape.

Over eight in 10 Singapore organisations had experienced a cyber-security incident in 2023, said Mr Tan, citing CSA’s Singapore Cybersecurity Health Report 2023. Of these, 99 per cent reported suffering business impacts, with the top three being business disruption, data loss and reputational damage.

“Some SMEs feel that they are too small or too unimportant to be targeted,” said Mr Tan, adding that he often hears this feedback from SMEs.

“I often explain that threat actors may target small companies as a way to reach bigger targets,” he added.

“When one firm is compromised, the impact may cascade through the broader industry sector – potentially disrupting services, leaking data and even compromising national infrastructure,” he said, urging firms to up their game.

“Let us not be remembered for what we failed to protect, but for what we had the foresight to be prepared for.”