SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Ransomware
#
MFA
#
Physical Security

DBS & Bank of China Singapore hit by cyberattack

Wed, 9th Apr 2025
By William Oh, SVP, Head of Asia Pacific, BlueVoyant

The recent cyber incident involving DBS and Bank of China Singapore, where customer data has been reportedly extracted after a ransomware attack on a printing vendor, serves as a reminder for organisations to scrutinise their vendors and other third parties closely.

Digital supply chain attacks often infiltrate organisations through the weakest link. The data breach incident is only one addition to a growing list of significant cyberattacks in the region in recent years that likely originated from a third-party vendor. Organisations are often attacked through their wider digital networks, with more suppliers, service providers, and partners having more access to sensitive data now than ever before. Financial services organisations manage a range of sensitive data, all of which are highly valued on the dark web.

Many Singaporean organisations say they do not prioritise supply chain cyber risk management or are unaware of cyber security gaps in their supply chains. BlueVoyant research shows over a third (35%) of Singapore organisations said they have no way of knowing when a cyber security incident occurs within their supply chain and rely on self-reporting. In addition, the sheer size of organisation's supply chains is exacerbating the lack of visibility and control.

It is critically important that companies understand their extended digital supply chain, or the suppliers, vendors, and other third-parties that have direct or indirect access to their network. Organisations need to know who they are connected to and what access these third parties have. If a third party gets breached, this breach can then compromise the main organisation and result in data loss, ransomware, or business interruption. Organisations should incorporate the following strategies to better tackle supply chain cyber security risks:

  • Initiate a proactive visibility program at all levels of the organisation, including cross-departmental and senior stakeholder briefings, reporting, and collaboration.
  • Prioritise effective third-party cyber security risk management and collaboration to reduce breach risk.
  • Implement structured incentives and penalties for third parties to encourage compliance amongst those that fail to demonstrate sufficient hygiene, response, and remediation measures.
  • Monitor and evaluate all suppliers on a continuous basis.
  • Introduce tiered monitoring — from simple questionnaires to advanced continuous monitoring — offset against costs and aligned with vendor criticality. This will help to alleviate resource, technology and expertise challenges.
  • Ensure third-party cyber security risk management isn't siloed in IT or elsewhere.
  • Work closely with their third parties to close the remediation loop.
  • Triage and track all issues through every step to full remediation.

Companies can make it more challenging for attackers to gain access by regularly monitoring both internal networks and third parties, enforcing access control, and practicing good cyber hygiene, such as using multi-factor authentication.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Study shows Fastly boosts security with 235% ROI increase
Zscaler report urges shift from VPNs to Zero Trust
N-able launches new feature to boost vulnerability management
Gigamon appoints Lisa Harrup Mieuli as Chief Marketing Officer
EclecticIQ unveils Intelligence Center 3.5 to fight cybercrime
Top stories
Cloudflare enhances AI development with new MCP server
ConnectID & Caresquare partner to combat NDIS fraud
Microsoft April Patch Tuesday highlights zero-day risks
AI boosts Australian cyber defences against rising threats
AI amplifies cyber threat; non-human identities at risk