Across the region and globally, organisations are beginning to fall victim to identity-related cyberattacks. In Singapore for instance, SingPass accounts, which provide access to numerous government and private sector services in the country, have also been found for sale. The battlefield for cybersecurity is changing and becoming even harder to detect. What are the new vulnerabilities that we need to be aware of, and how seriously should we take the threat of identity theft?
Sharing insights on the topic on why identity security is now crucial, as well as the trends shaping the future of identity-first security strategies, iTNews Asia speaks with Gerry Sillars, Vice President Asia Pacific and Japan, Semperis.
iTNews Asia: What is identity theft and what are the common occurrences of identity threat in cyber security?
Sillars: Identity theft involves the unauthorised use of personal information, typically for fraud or financial gain. In cybersecurity, common threats include phishing attacks, where attackers trick individuals into revealing sensitive data, and data breaches that expose large volumes of personal information. It can also involve malicious actors illegally acquiring personal information and using it for identity fraud, such as cloning credit cards or applying for loans.
In Singapore, the accelerated shift towards digital services, especially within the public sector agencies, along with the continued pursuit of remote work, has significantly increased the attack surface for organisations; the new digital assets and services serving as potential entry points for cyber threats.
With digitalisation, a growing concern is the compromise of identity systems, such as Active Directory and Entra ID, which are critical for managing user identities and access within organisations. Attackers target these systems to escalate privileges and gain unauthorised access to sensitive data and systems.
We recognise these challenges and are including features like AI-powered attack patterns and anomaly detection and automated, malware-free recovery of Active Directory forests, to support the security of over 150 million identities across customer networks.
iTNews Asia: You see identity as the next parameter of cybersecurity breaches. Why? What are the new emerging threats?
Sillars: Identity is increasingly seen as the new frontier in cybersecurity because it is central to accessing systems, applications and data. According to our ransomware study last year, in 90 percent of ransomware attacks, the identity system is compromised. As organisations move to digital-first models, attackers are turning their focus on exploiting weak identity and access controls.
Emerging threats include identity spoofing, where attackers impersonate legitimate users and advanced phishing techniques using AI to craft more convincing scams. The rise of remote work and increased reliance on cloud services have also expanded the attack surface, making identity protection even more challenging. To strengthen defences against these threats, robust identity management and multi-factor authentication are essential.
iTNews Asia: An Infosecurity magazine report found a huge surge in underground vendors offering stolen identity data in 2024. SingPass accounts, which provide access to numerous government and private sector services in Singapore, have also been found for sale. How serious is identity threat for organisations in Singapore?
Sillars: Identity theft is a significant and growing threat for organisations and individuals in Singapore.
The availability of SingPass accounts, which hold high-value personal data, as a product sold on the dark web, underscores the severity of the issue, as these accounts provide access to a wide range of services, including government and private sector services. Singapore’s status as a leading financial and trading hub makes it particularly attractive to attackers seeking valuable data.
iTNews Asia: How does Singapore compare with the rest of the Southeast Asia region? Is the country more vulnerable as a regional financial and trading hub?
Sillars: Compared to other Southeast Asian nations, Singapore faces more sophisticated and targeted threats due to its advanced digital infrastructure and role as a key business hub. However, the country is also leading in proactive cybersecurity initiatives, with the government’s Cyber Security Agency (CSA) continuously strengthening digital security measures, such as the introduction of the SG Cyber Safe Programme, which offers customised support to organisations in strengthening their cybersecurity network.
Despite these efforts, the rapidly evolving cyber threat landscape means that identity protection remains a top priority for both the public and private sectors. Singapore needs to remain alert and instill a proactive cybersecurity approach towards preventing imminent attacks.
iTNews Asia: Many organisations define a privileged user as human-only. Machine identities often lack security controls. With AI and large language models, machine identities are now being created in growing numbers and increasing the capabilities cyber attackers. What safeguards or best practices can we take to counter this emerging threat?
Sillars: Identities encompass both human and machine identities. Whilst human identities remain a heavy source of concern when thinking about potential attacks, a survey conducted by Dimensional Research found out that machine identities are becoming increasingly prevalent targets, as more and more organisations turn towards managing more machine identities. Yet, 72 percent of those responsible for managing machine identities found it more challenging to manage compared to managing human identities.
To counter the growing threat from machine identities, organisations should implement robust security controls, including:
- Securing machine identities: Utilise strong authentication methods like certificates and rotate them regularly
- Zero-Trust Policy: Implement a zero-trust model to continuously verify both human and machine identities
- Monitoring: Regularly monitor machine activity and audit identity usage to detect anomalies
- AI-driven detection: Engage AI-based tools to spot suspicious machine-to-machine behaviour in real-time
iTNews Asia: The human factor is often a key point of vulnerability. It is much easier for threat actors to exploit weak security measures and much easier to log in versus hack in. How can organisations better manage and protect digital identities in their security programmes?
Sillars: The human element remains one of the most significant vulnerabilities in cybersecurity. Organisations can protect digital identities by implementing several key measures:
- Multi-Factor Authentication (MFA): Adding MFA on top of passwords further strengthens the security layer
- User education: Regularly training staff on phishing and social engineering attacks helps minimise human error
- Least Privilege Principle: We found that 99 percent of attack paths into critical assets result from unnecessarily granted privileges. Limiting access based on necessity greatly reduces the impact of a breach
- Continuous Monitoring: Real-time monitoring tools help detect suspicious login attempts and unauthorised access
Focusing on these strategies ensures better protection of digital identities and provides a strong security framework.
iTNews Asia: How much of a threat are social engineering attacks today? Do we now need to change our security posture?
Sillars: Social engineering attacks are a major and growing threat, exploiting human psychology rather than technology. Cybercriminals are constantly finding new ways to exploit human trust, whether through phishing emails, deepfake scams or impersonation tactics. With remote work and digital interactions becoming the norm, people may feel more vulnerable to these attacks.
Given the increasing sophistication of cyberattacks, organisations must adopt a security posture that integrates both technological and human-centric security measures, which includes fostering a culture of awareness, equipping people with the knowledge to spot threats and implementing safeguards like multi-factor authentication and zero-trust frameworks.
– Gerry Sillars, Vice President Asia Pacific and Japan, Semperis
iTNews Asia: What do you see as the outlook for identity threat protection in Singapore in 2025? Should we be even more worried about the identity threat landscape in the coming months?
Sillars: Key trends shaping identity-first security strategies in Singapore include the growing adoption of Zero Trust frameworks, AI-powered threat detection and Multi-Factor Authentication (MFA) to enhance identity protection. As the digital landscape evolves, there is a stronger focus on securing machine identities and the integration of biometric authentication methods. At the same time, protecting identity systems, such as Active Directory and Entra ID, remains as critical as ever because they are foundational to the sophisticated digital environments we continue to build today and into the future.
In 2025, we can expect even more advanced solutions, particularly with AI and machine learning playing a pivotal role in detecting and preventing fraud. With attackers increasingly using sophisticated tactics like deepfakes and social engineering, the threat landscape will continue to evolve.
Organisations should prioritise proactive security measures, including regular audits and real-time monitoring of identity systems, to stay ahead of emerging threats and ensure stronger identity protection.
