DataCenterNews Asia Pacific - Specialist news for cloud & data center decision-makers
Asia

Guides

#
disaster recovery
#
multi-cloud
#
power / energy
#
software defined wide area network
#
storage

Search

Singapore city skyline cybersecurity digital locks network warning symbols
#
IoT
#
Quantum Computing
#
LLMs

Singapore firms urged to anticipate evolving cyberthreat risks

Thu, 30th Oct 2025
Author image
By Kaleah Salmon, Journalist

Orange Cyberdefense and watchTowr are highlighting the importance of understanding macro-level forces shaping the cyberthreat landscape to bolster security for large enterprises in Singapore and the wider Asia Pacific region.

Charl van der Walt, Head of Security Research at Orange Cyberdefense, has pointed to the relevance of the PEST framework-Political, Economic, Sociocultural, and Technological factors-in analysing current and emerging digital risks. The convergence of these systemic forces, he says, is influencing the reality faced by organisations in combating cyberthreats.

"Essentially, the PEST framework is to provide a plausible explanation on the systemic forces that converge the realities people are experiencing today with threat patterns and behaviors. And hopefully with that understanding, more organizations can get ahead and start anticipating what may happen tomorrow," said van der Walt.

Van der Walt, who also leads the annual Orange Cyberdefense Security Navigator report, remarked that much of cybersecurity today remains reactive and underscored the need for a more anticipatory approach.

"However, having said this, I think there has been very little vision, costing in cybersecurity as we are mostly reacting to a new threat or a change in a threat as a knee-jerk response. And a big part of what we do at Orange Cyberdefense is to synchronize research intelligence and innovation that helps us hypothesize will happen tomorrow and how we can prepare in response to that changing environment," he added.

Increasing threat activity

His analysis is consistent with findings from the 'Risk & Resilience: Spotlight on Tech Transformation & Cyber Risk 2025' report by insurer Beazley, which found that while Singaporean companies are increasingly aware of threats, they may be underestimating the evolving nature of cyberattacks and the sustained response required for effective management.

Van der Walt highlighted the rise in cyberextortion cases, noting a significant increase in victims and the particular vulnerability of small businesses.

"In our 24/7 monitoring of cybercrime statistics such as cyber-extortion, we found it alarming that Singapore had recorded twice as many cyberextortion victims so far this year as the whole of last year; 70% of these affected victims are small businesses. In fact, since we started tracking (cyberextortion victims) worldwide in 2020, the number of victims has increased by 200% compared to 2020. It just goes to show how threat actors are continuously evolving despite our best efforts to contain them," continued van der Walt.

He explained the rationale behind using a high-level perspective like PEST: to explain 'why we are where we are' in terms of cyber risk, giving organisations a better opportunity to improve their security regardless of the particular challenges they face.

Systemic factors examined

Discussing the Political element of the framework, van der Walt described the phenomenon of 'Power Projection' and the effects of 'Balkanization' in cyberspace. He observed that the growing dependency on major technology platforms gives rise to new forms of power-ranging from cyberattacks to digital disinformation campaigns.

With respect to cyber balkanization, he illustrated how technological, political, and commercial interests can lead to fragmentation in global cyberspace.

"Very few countries have the resources or capabilities to develop their own 'indigenous technologies', which enables their autonomy. Hence, these smaller nations resort to forming alliances with more powerful cyber nations to secure themselves and safeguard their place at the table of nations but loses their autonomy and technological control in this process once they become fundamentally beholden to the dominant nation that supplies them with the technology stacks," explained van der Walt. "This then accelerates the cyber balkanization process with politically aligned camps that run the same hardware and software that is developed and controlled by the superpower."

The Economic factor, referred to as Platforming, describes how dependence on large-scale digital platforms-such as cloud providers and firms operating large language models-can introduce fresh economic and geopolitical risks.

Under Sociocultural factors, van der Walt called attention to the challenges posed by consumerism and the increasing adoption of mobile and artificial intelligence tools, which present security teams with new and poorly understood gaps.

The Technological factor focuses on the dual-edged progression of digital capability, where innovations such as AI, operational technology (OT), and quantum computing enable attackers to access and manipulate new 'attack surfaces' more quickly than defenders can respond. Van der Walt added, "In OT / IoT, the real threat is not on the compromise of individual devices, but in the adversaries' ability to understand and manipulate processes which are often underestimated in security solutions and penetration testing."

Industry response

Elvina Liow, Vice-President for watchTowr in the APAC region, discussed the need for enterprises to maintain vigilance with speeds of cyber exploitation increasing. She presented watchTowr's Preemptive Exposure Management (PEM) platform as a mechanism for identifying emerging threats in real time.

"Our Preemptive Exposure Management (PEM) platform - which combines our External Attack Surface Management and Continuous Automated Red Teaming - is our unique proposition that we bring to the table alongside Orange Business. Essentially, it allows customers to know what real attackers are doing right now and what's coming, so that they understand their exposure on time to know what they can actionize to prevent breaches and to stay in business," said Liow.

Liow noted that PEM could be integrated into organisations to rapidly address evolving threats before exploitation occurs, adding that adversaries are not only adaptive but also swift: "Critical infrastructure customers are highly targeted by attackers, and it takes just 4 to 5 hours for an 'infected system' to become widespread. Thus, we help customers scan and validate vulnerabilities in real time from deploying backdoors to letting them know if they are infected - all in under 3 hours. In fact, by leveraging AI, we can detect exposures at pinpoint accuracy within 7 minutes because speed is key," she explained.

Security priorities

Van der Walt concluded with several recommendations for organisations looking to improve their cybersecurity posture. He said, "Customers looking to improve their security posture could start by adopting these priorities: Make strategic procurement (rightsizing and buying only what you need for greater peace of mind), reduce attack surface (evaluate your Internet-facing assets and assess if they need to be online), have appropriate threat intelligence (to understand your adversary's next move), and partnering locally for local expertise."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Arista & Palo Alto Networks launch new AI-era data centre security
Broadcom expands VMware Cloud Foundation with AI edge focus
AI-fuelled data centre spend to hit USD $1 trillion by 2030
AMD targets strong AI growth with OpenAI deal & revenue aims
Dell boosts PowerProtect with new cyber resilience updates

Top stories

Equinix invests USD $22 million in Lagos data centre for Africa
Q-CTRL integrates Fire Opal with RIKEN to drive quantum research
Duality & Google Cloud launch confidential AI with GPU power
ZutaCore & EGIL Wings launch 15MW AI Vault for green data centres
Helm 4 marks 10 years with major features for Kubernetes