In the era of artificial intelligence (AI), cyberattacks are becoming faster, smarter, and more challenging to predict. To stay ahead, you need to rethink your approach to cyber defence. That was the message shared by experts at the Cybersecurity Summit 2025 hosted by ST Engineering in Singapore on July 4.
Colonel Clarence Cai, Chief of Singapore’s Defence Cyber Command, warned that attackers are no longer just looking to cause immediate damage or steal data. Instead, they are quietly studying your systems, mapping weaknesses, and preparing for future attacks that could be much more damaging.
“Globally, we’re seeing more bold activity targeting critical infrastructure like ports, utilities, telecoms, and transport networks,” said COL Cai. “It’s not always for immediate disruption or profit. Sometimes it’s about identifying weak spots and planning for future advantage.”
When you mix AI into this picture, he added, “the threat landscape goes on steroids.”
You must simulate real attacks to defend better
The biggest problem? Attackers think like creative problem-solvers, constantly testing and experimenting. You, on the other hand, might be relying too heavily on checklists and routine defence methods.
COL Cai explained that while attackers explore various methods to break into a system—considering passwords, access points, and system flaws—defenders often follow rigid procedures. This gives attackers a real edge.
To catch up, you need to adopt the same flexibility and innovation that hackers use. One way to achieve this is by conducting regular internal simulations of real-world attacks—something commonly referred to in the industry as “red teaming.” These simulations help your team learn how to spot and stop threats before they cause harm.
The Singapore Armed Forces has already made this shift. At its Cyber Defence Test and Evaluation Centre (CyTEC), established in 2015, cyber experts—many of whom are national servicemen—train by simulating AI-powered cyber attacks and developing smart defence tools.
“CyTEC is where our best cyber minds develop AI-native workflows for attack and defence,” said COL Cai.
He stressed that defence is no longer limited to the battlefield. “Today, threats hit not just soldiers, but businesses and the general public. They are non-kinetic, but military-grade.”
He gave the example of a cyber attack on British retailer Marks & Spencer earlier this year. While no tanks were involved, hackers caused an estimated loss of £300 million (US$380 million) through digital means. “The T-72 tank never rolled in—but the digital equivalent of a precision strike did,” he said.
Cyber warfare now targets the basic systems we rely on daily. COL Cai pointed to the recent conflict between Israel and Iran, where cyber attacks disrupted flights, fooled GPS signals, and even interfered with hospitals and banks.
“These weren’t just attacks on military targets. They struck at the very foundation of society,” he said.
Even small firms are at risk and must prepare
David Koh, Chief Executive of Singapore’s Cyber Security Agency (CSA), urged all organisations—including small and medium-sized enterprises (SMEs)—to take cyber threats seriously and prepare in advance.
“Think of cyber security like brakes on a car,” Mr Koh said. “If you want to go fast, you need good brakes. If you want to digitalise, you need good cyber security.”
He added that strong cyber defences in SMEs help protect the wider ecosystem, since many companies are interconnected through supply chains.
Senior Minister of State for Digital Development and Information Tan Kiat How agreed, saying that Singapore has laid a solid foundation for cybersecurity. He highlighted programs such as “CTO-as-a-Service” and “CISO-as-a-Service,” which provide expert digital advice and cybersecurity support to SMEs that lack resources or expertise.
However, he emphasised that keeping up with new threats is an ongoing process. According to the CSA’s Singapore Cybersecurity Health Report 2023, over 80% of local organisations faced cyber incidents in 2023. Nearly all of them (99%) suffered serious business effects—mainly disruption, data loss, and damage to reputation.
Some small firms believe they are “too small to be targeted,” Mr Tan said. But this is a dangerous mindset.
“Hackers may attack small firms just to get to bigger ones,” he explained. “One weak link can disrupt an entire industry and even pose a threat to national infrastructure.”
His final advice? Prepare now and protect what matters. “Let us not be remembered for what we failed to protect, but for what we had the foresight to be prepared for,” he said.
