SINGAPORE: Fraud and scams driven by generative artificial intelligence (AI) are among the biggest cyber threats facing today’s financial sector. While Singapore businesses saw the lowest number of ransomware attacks in Southeast Asia last year, the city-state became the main source of cyberattacks in the region, with 21.9 million attacks coming from compromised servers in the country in 2024.
According to the not-for-profit organisation FS-ISAC’s latest Navigating Cyber 2025 report, released on Tuesday (May 20), these cyber threats create more chances for attackers to exploit geopolitical and economic conflicts, along with the growing sophistication of long-established attacks like distributed denial of service (DDoS) and ransomware.
Steve Silberstein, CEO of FS-ISAC, said, “The global financial sector’s interconnectedness with the supply chain and its ongoing incorporation of emerging technologies add to the challenges. Cross-border collaboration and proactive intelligence sharing are essential to safeguarding the global financial system.”
To stay ahead of nimble cybercriminals, financial firms are expected to:
Increase investment in fraud prevention
The report noted that financial institutions should heighten their focus on fraud and scam prevention and detection, as cybercriminals are using real-time payments and cryptocurrencies, making it almost impossible to recover stolen money.
Firms are also expected to adopt “smart friction” strategies to slow payment authorisations and increase security measures. In addition, sharing fraud intelligence among fraud and cyber teams will be essential to effectively combat fraud.
Leverage AI in cyber defence while keeping up the basics
With cybercriminals using generative AI for impersonation scams like deepfakes targeting C-suite executives and fake IT workers, firms are expected to prioritise foundational cyber hygiene practices and robust employee training.
Strengthen focus on third-party risk management
In 2024, major third-party breaches shook the sector, with Telegram scams jumping 137.5% and over 100 public officials in Singapore falling victim to AI-powered malicious campaigns.
As many financial institutions rely on the same service providers, a single breach could have a wider impact, the report said.
To minimise the chances of system access in the event of third-party attacks, firms are expected to prioritise application programming interface (API) security and be more proactive in monitoring their supplier security in line with new resilience regulations.
Shorten timelines for post-quantum readiness
Recent advancements in quantum computing mean financial firms must start moving their most vulnerable assets to crypto-agile encryption algorithms that can quickly adapt to the quantum era.
Teresa Walsh, FS-ISAC’s Chief Intelligence Officer and Managing Director for EMEA, said, “To ensure operational resilience, firms must adopt a forward-looking cyber posture that incorporates proactive threat modelling, agile defence capabilities, and cross-border collaboration.” /TISG