Singapore's position as one of the wealthiest countries in the world in 2024 reflects its economic strength, with a GDP per capita that rivals the best. But this prosperity also has a downside, as cybercriminals are now homing in on the nation's sophisticated digital infrastructure and are looking for opportunities to attack.
The situation is made worse because these attacks are becoming incredibly profitable for cybercriminals. For instance, Singapore tops the list of countries where organisations pay ransom for ransomware attacks, with 27% choosing to pay every time. The average payout is SGD4.49 million (USD3.3 million), significantly more than the global average of SGD3.2 million (USD2.5 million).
The Singapore Cyber Landscape (SCL) 2023 report by the Cyber Security Agency of Singapore (CSA) also points to increasing threats to supply chains, expanded operations of hacktivists, and malicious actors' use of generative AI.
This increasingly perilous cyber landscape has prompted Singapore's lawmakers to recently pass the Cybersecurity (Amendment) Bill 2024, which extends regulatory oversight to high-risk, critical computer systems.
Why EDR alone isn't enough
A noticeable shift in cybercriminal behaviour is that they rely less on malware as an entry point. The CrowdStrike 2024 Global Threat Report shows a stark decline: malware-based attacks are down from 60% in 2019 to 25% in 2023.
To gain initial access, cybercriminals are increasingly exploiting compromised credentials, software vulnerabilities (including zero-days), and weaknesses in cloud security.
This escalation requires serious consideration. Organisations have relied on Endpoint Detection and Response (EDR) solutions to secure their systems for years. However, today's threat actors are becoming more adept at circumventing these controls — not just evading them but actively disabling them with tools aptly named "EDR killers", effectively allowing them to move undetected across an organisation's infrastructure.
More generally, over-reliance on EDR alone can be dangerous, and companies risk leaving themselves vulnerable if they do not diversify their defences.
Early detection is key to limiting the damage caused by attacks and reducing data loss. According to the IDC 2023 Future Enterprise Resiliency and Spending (FERS) survey, 71.5% of organisations in Asia-Pacific and Japan (APJ) said that threat detection and response technologies such as EDR, NDR and SIEM help them to catch attacks before intruders could take action.
IDC also emphasises that any effective Extended Detection and Response (XDR) solution should include EDR as a core component, enhanced by Network Detection and Response (NDR), the integration of external threat intelligence and a strong log management infrastructure to generate alerts from virtualised cloud resources.
Strengthening cyber defences with NDR
Unlike EDR, which focuses on protecting individual endpoints, NDR monitors network traffic for suspicious activity. This allows NDR to detect threats that may not be visible to endpoint-based security solutions, such as lateral movement or network-based attacks.
While NDR is highly effective on its own, its capabilities are greatly amplified when used alongside other platforms. Integrating NDR with control points such as endpoint, data, identity, and application allows for more accurate filtering of alerts and helps identify a single, trusted source of truth.
So, what should an organisation prioritise in an NDR solution? Some of the most advanced and reliable solutions can monitor network traffic in real time, covering both north-south and east-west movement, even if the data is encrypted.
This allows them to capture important details such as transaction logs, NetFlow data, and complete packet information across all network layers. This level of detail provides organisations with deeper context and metadata, which is invaluable for meeting stringent compliance standards.
Traditional tools such as SIEM, IDS/IPS, and firewalls fall short of this level of visibility and detection, lacking the necessary depth to combat sophisticated attacks effectively.
As we reach the end of 2024, the global average data breach cost has hit a record high of USD 4.88 million, and the rise of "killer tools" designed to circumvent long-established EDR systems is only making matters worse.
For organisations in Singapore, this is a clear signal that they need to adapt, rethink their strategies, and take immediate action to strengthen their security posture before a costly incident occurs. By integrating solutions like NDR alongside EDR, they can develop operational resilience in the face of cunning threat actors and their ever-evolving tactics.