Singapore has recorded the world's highest rate of cyberattacks originating through external vendors or partners, known as third-party data breaches, revealing a serious vulnerability in its digital supply chain. According to the latest 'Global Third-Party Breach Report' released by cybersecurity firm SecurityScorecard, 71.4% of cyber incidents in Singapore occurred through external parties. This figure is more than double the global average of 35.5%.

Despite a relatively low number of overall data breaches, Singapore's high third-party breach rate suggests that the main route of cyberattacks is shifting from direct attacks to targeting third parties with weak security postures. In particular, this has raised a serious warning for the management of Singapore's digital supply chain, which has a highly interconnected economic structure.

The report notes that Singapore's high breach rate "appears alongside recorded Chinese cyber operations," suggesting a link to state-sponsored hacking attacks that exploit trusted access points such as suppliers, service providers, and software partners. Singapore's wealth, high level of digital maturity, and strategic importance as a financial and logistics hub are also analyzed as factors making it an attractive target.

In the face of complex vendor ecosystems and extensive cross-border data flows, attackers are increasingly favoring a strategy of targeting third parties with weaker security postures instead of direct attacks. SecurityScorecard warns that traditional slow and periodic vendor risk assessment methods are insufficient to capture rapidly evolving threats. It urges Singapore-based organizations to adopt real-time third-party threat detection and monitoring systems across cloud services, overseas subsidiaries, and key sectors such as finance and healthcare.

The findings of this report are released amid growing concerns about geopolitical cyber activities in the Asian region, particularly those related to Chinese cyber espionage.

Experts further point to the following factors as causes for Singapore's high third-party breach rate:

High Dependence on Outsourcing: Singapore has a strong tendency to outsource various tasks such as IT services and data processing to external companies to enhance efficiency. This increases the possibility of third-party security vulnerabilities spreading as risks throughout the entire system.
Strict Regulatory Environment: While Singapore implements relatively strict data protection regulations for major industries such as finance and telecommunications, these regulations may not always be effectively applied to third-party vendors.
Shifting Attacker Strategies: As direct attacks become more difficult, attackers are utilizing a detour strategy of first infiltrating third parties with insufficient security investment or lax access controls to reach their final targets.
The Singaporean government and businesses should recognize the importance of third-party risk management and actively work to prepare related countermeasures. In addition to adopting the real-time threat detection and monitoring systems suggested by SecurityScorecard, the following efforts are necessary:

Strong Contracts and Due Diligence: Clearly specify security requirements when contracting with third-party vendors and conduct thorough security due diligence before and after the contract.
Continuous Security Assessment: Continuously monitor the security status of third parties and conduct regular vulnerability checks, rather than relying on one-time assessments.
Enhanced Information Sharing and Cooperation: Share third-party threat information between companies and establish a joint response system between the government and businesses.
Security Awareness Training: Strengthen security awareness training not only for internal employees but also for employees of third-party vendors to prevent security incidents caused by human error.
For Singapore to maintain its standing as a world-class digital economic powerhouse, it must actively address the urgent issue of third-party data breaches.

[Copyright (c) Global Economic Times. All Rights Reserved.]