SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Singapore leads security shift from prevention to resilience

Wed, 15th Jul 2026 (Today)
David Shilovsky
DAVID SHILOVSKY Interview Editor

Organisations across Asia are rethinking their cybersecurity strategies, as frontier artificial intelligence models dramatically accelerate the speed of attacks, leaving traditional approaches focused on prevention increasingly ineffective.

The emergence of frontier AI represents a fundamental shift in how companies should approach cyber resilience. Enterprises should assume attackers will eventually gain access, and focus on containing the damage before it spreads, instead of aiming to repel every attack.

Singapore's Cyber Security Agency recently highlighted micro-segmentation and limiting lateral movement as key measures to defend against AI-enabled threats. Mitigating damage is the new paradigm in a world where 100 per cent prevention is no longer realistic.

Frontier AI is changing cybersecurity not because it introduces entirely new attack techniques, but because it dramatically compresses the time required for attackers to identify vulnerabilities, develop exploits and launch sophisticated attacks, according to Andrew Kay, Director, Systems Engineering APJ at Illumio.

"The issue is not that AI creates an entirely new attack technique," Kay said.

"The issue is frontier models are able to dramatically compress the time between finding that weakness or vulnerability, creating an exploit that is going to work, chaining multiple exploits together and then launching that attack."

That shift removes what has traditionally been a critical advantage for defenders: time.

Security teams have historically relied on patching vulnerabilities, responding to alerts and identifying known threats before attackers could exploit them. 

But now AI-powered adversaries are increasingly capable of automating much of that process, reducing the window organisations have to respond.

"The game we've been playing to date where attackers have been human and the defenders have had that breathing room to respond to that human nature… that game has just completely changed," Kay said.

As a result, companies need to move away from measuring cybersecurity success by the number of attacks prevented or alerts investigated.

Instead, they should be asking: how much damage can an attacker cause once they have already breached the network?

That shift places greater emphasis on architectural resilience - designing networks so attackers cannot easily move through them after compromising a single system.

Containing attacks 

Central to that strategy is preventing lateral movement.

Lateral movement describes the process by which attackers expand from an initially compromised endpoint to other systems within an organisation, allowing them to reach sensitive applications, deploy ransomware or steal valuable data.

Kay described it as the defining characteristic of almost every recent major cyber breach.

"It is the key step of every breach that you would have either heard about, or maybe even experienced yourself," he said.

Modern enterprise environments have made that problem significantly harder to manage.

Many companies now operate a mix of legacy infrastructure, virtualised data centres, public cloud services, operational technology  environments and traditional corporate IT systems. 

While these platforms improve operational flexibility, they also create thousands of interconnected pathways that attackers can exploit.

"The concern with frontier AI is not just that they're going to find a new way to get in or a faster way to get in," Kay said. 

"It's that they're finding and able to discover the ways to then spread once they are inside."

AI systems can rapidly identify trusted relationships between systems, discover previously overlooked pathways and automate movement across complex hybrid environments.

Stopping that movement is now one of the most effective ways businesses can reduce cyber risk.

Singapore leading in threat response

Singapore is among the leading markets in recognising the implications of AI-driven cyber threats.

"Singapore is ahead of the curve, not only within APAC, but across global markets as well," Kay said.

However, strong policy and regulation do not automatically translate into effective cybersecurity.

While governments and regulators across the region are increasingly recommending architectural resilience and breach containment, many organisations have yet to demonstrate they can effectively prevent lateral movement during a real incident.

Boards and executive teams need to evolve the questions they ask their security leaders.

Instead of focusing solely on incident counts or vulnerability patching metrics, firms should seek evidence that critical systems can remain operational during an attack.

Questions such as whether containment strategies have been tested through tabletop exercises and how long essential services could remain available following a breach are becoming increasingly important.

Secure-by-design becoming operational priority

Organisations across sensitive industries such as banking, government and critical infrastructure are increasingly adopting secure-by-design principles that assume compromise, instead of perfecting prevention.

Implementing that strategy typically begins with gaining visibility across an organisation's technology estate.

Once organisations have visibility into their environments, they can identify high-risk connections, receive recommendations on where risk is concentrated and begin reducing unnecessary communications between systems.

Kay advocates for a phased approach, not attempting large-scale transformation projects.

Initial measures may include blocking unnecessary remote administration protocols, file sharing and other network communications frequently exploited by ransomware operators.

Companies can then introduce increasingly granular segmentation, creating logical boundaries between business units, geographic regions or mission-critical applications.

For example, a multinational bank might isolate transaction processing systems from corporate IT networks.

A company operating across multiple markets in the APAC region, or beyond, could prevent a compromise in one regional office from spreading throughout the wider enterprise.

Those controls become increasingly valuable as AI enables attackers to automate reconnaissance and movement at speeds that exceed human response capabilities.

Resilience-based security

Broader industry momentum is also shifting towards resilience-based cybersecurity strategies.

Alongside the Singapore CSA, governments and organisations, including the Five Eyes intelligence partnership, have increasingly encouraged organisations to reduce attack surfaces and build resilient architectures, instead of relying on vulnerability management and incident response.

Research firm Gartner have also recently emphasised architectural approaches focused on limiting lateral movement and improving organisational resilience.

For Illumio, which has long focused on breach containment through network segmentation, the changing threat landscape represents validation of a strategy the company has promoted for more than a decade.

"The realisation that creating a secure-by-design or secure-by-default environment is a necessity now rather than something that's nice to have is dramatically changing," Kay said.

As frontier AI continues to reduce the time between vulnerability discovery and exploitation, organisations can no longer rely on preventing every single attack. Breaches are inevitable, and no system is 100 per cent bulletproof.