An Analysis of Advanced Threat Protection in Singapore’s Data Center Ecosystem
Executive Summary
The collaboration between Cohesity and Google Cloud, announced on February 6, 2026, introduces intelligence-driven malware analysis capabilities that address a critical vulnerability in Singapore’s digital infrastructure: undetected threats embedded in backup data. This development arrives at a pivotal moment for Singapore, which experienced a 21% increase in ransomware attacks and a 67% surge in infected infrastructure systems during 2024, according to the Cyber Security Agency of Singapore’s latest Cyber Landscape report.
For Singapore—a nation that accounts for 60% of Southeast Asia’s data center market and hosts over 100 data center facilities—the integration of Google Threat Intelligence and secure sandbox analysis capabilities directly into cyber resilience platforms represents a paradigm shift in how backup infrastructure functions within the broader security architecture. This analysis examines the strategic implications for Singapore’s manufacturing sector, financial services industry, critical infrastructure operators, and SME ecosystem.
Singapore’s Evolving Cyber Threat Landscape
Quantifying the Threat: 2024 Statistics
Singapore’s position as a major data center hub in Asia Pacific has rendered it an attractive target for sophisticated cyber threats. The Cyber Security Agency of Singapore’s 2024/2025 Cyber Landscape report documented concerning trends across multiple threat categories. Phishing attempts surged by 49%, reaching 6,100 reported cases, with 12% incorporating AI-generated content that enhanced their persuasiveness and credibility. The banking and financial services sector bore the brunt of these attacks, accounting for 56% of all spoofed industries.
Ransomware incidents increased by 21% to 159 reported cases, with multinational corporations and listed firms in the manufacturing sector emerging as prime targets. The professional services sector—encompassing consulting, legal, and accounting firms—experienced disproportionate targeting, particularly among small and medium enterprises. These attacks frequently employed double extortion tactics, wherein threat actors both encrypted data and exfiltrated sensitive information, leveraging the threat of public disclosure to compel ransom payment.
Perhaps most alarming was the 67% increase in infected infrastructure, with the number of compromised systems escalating from 70,200 in 2023 to 117,300 in 2024. The Cyber Security Agency attributed this proliferation primarily to botnet operations coordinating infected devices through centralized command and control infrastructure. Critically, analysis revealed that many infections involved antiquated malware strains that could have been remediated through existing patching protocols—a finding that underscores persistent deficiencies in fundamental cyber hygiene practices across organizations of all sizes.
Advanced Persistent Threats and State-Sponsored Activity
Beyond volume-based attacks, Singapore confronts sophisticated state-sponsored Advanced Persistent Threat operations. Coordinating Minister for National Security K Shanmugam publicly disclosed in July 2025 that Singapore faces ongoing attacks from UNC3886, a state-sponsored APT group active since at least late 2021. This group demonstrates advanced capabilities including living-off-the-land techniques that leverage legitimate system tools to evade detection, and exploitation of zero-day vulnerabilities unknown to security vendors.
The threat landscape extends beyond individual incidents to encompass supply chain vulnerabilities. The April 2025 ransomware attack on Toppan Next Tech, a vendor serving DBS Bank and Bank of China, resulted in the exfiltration of customer data affecting approximately 8,200 DBS clients and 3,000 Bank of China customers. This incident exemplifies how attackers increasingly target third-party vendors to bypass the security measures of larger, better-protected organizations—a tactic that poses particular challenges for Singapore’s interconnected business ecosystem.
Singapore’s Data Center Ecosystem and Backup Security Imperatives
Strategic Significance of Data Center Infrastructure
Singapore’s emergence as Asia’s premier data center hub stems from several converging factors: strategic geographical positioning at the crossroads of major fiber optic routes, political stability and robust rule of law, world-class telecommunications infrastructure, and pro-business regulatory environment. The nation accounts for 60% of Southeast Asia’s data center market and hosts facilities for global technology leaders including Amazon Web Services, Google, Facebook, Microsoft Azure, and numerous regional providers.
This concentration of data center infrastructure creates a target-rich environment for malicious actors seeking maximum impact from cyberattacks. According to Kaspersky Security Network findings, Singapore experienced over 21 million cyber attacks in 2024 originating from compromised servers within its borders, making it the region’s hotspot for malicious activities. Singapore ranked as the seventh most attacked country globally in Q4 2024 and notably emerged as the third-largest source of DDoS attack traffic—a concerning indicator of infected infrastructure being weaponized for distributed attacks.
Data centers consume approximately 7% of Singapore’s total electricity, a figure projected to reach 12% by 2030, underscoring both the scale of operations and their criticality to the national infrastructure. The Cybersecurity Act of 2018 established comprehensive frameworks concerning Critical Information Infrastructure within the data center industry, imposing mandatory cybersecurity incident reporting requirements and creating oversight mechanisms through the Commissioner of Cybersecurity.
The Backup Security Blind Spot
Traditional approaches to data protection have treated backup infrastructure primarily as a recovery mechanism rather than an integral component of the security architecture. This paradigm creates a dangerous blind spot: backup repositories can harbor malware that persists undetected through multiple backup cycles, potentially reinfecting systems during restoration operations. Moreover, backup data can reveal low-and-slow attack campaigns that evade real-time detection systems but leave forensic evidence in historical data snapshots.
The Personal Data Protection Act of 2012 mandates that organizations implement reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, or disposal of personal data. Backup systems containing personal data fall squarely within these requirements. Organizations found guilty of data breaches can face fines up to 10% of annual turnover or SGD 1 million—penalties that create substantial financial incentives for robust backup security protocols.
For Singapore’s data center operators and tenants, the imperative extends beyond regulatory compliance to business continuity and customer trust. Downtime resulting from malware-infected backups can cascade through interconnected business ecosystems, affecting not only the immediate victim but also downstream customers and partners. The 3-2-1-1-0 backup rule—three copies of data, on two different media types, with one copy offsite, one offline, and zero errors—provides a foundational framework, but implementation requires sophisticated threat detection capabilities to ensure the integrity of each backup copy.
Critical Impact on Singapore’s Manufacturing Sector
Manufacturing as Primary Target
Singapore’s manufacturing sector, which contributes over 20% of GDP, has emerged as the primary target for ransomware operations. According to the Ensign InfoSecurity Cyber Threat Landscape Report 2024, nearly 20% of cyber attacks observed in Singapore targeted manufacturing units in 2023, displacing financial services and insurance as the most susceptible sector. The SocradarThreat Landscape Report 2025 found that manufacturing accounts for 31.58% of ransomware attacks in Singapore—a concentration driven by several strategic factors.
First, manufacturing organizations possess high-value intellectual property including trade secrets, industrial designs, proprietary processes, and supplier relationships. This data commands premium prices in underground markets and provides competitive intelligence to rival firms or nation-state actors. Second, manufacturing operations typically involve continuous production processes where downtime translates directly to substantial financial losses, creating pressure to pay ransoms to restore operations quickly. Third, operational technology environments in manufacturing facilities often lag behind corporate IT systems in cybersecurity maturity, presenting softer targets for initial compromise.
The manufacturing subsector most affected by attacks is construction, which accounted for 142 of 532 manufacturing incidents in Q3 2025 according to Dragos OT security research. This pattern reflects the sector’s reliance on complex supply chains and interconnected project management systems. Wholesale trade follows at 12.87% of attacks, highlighting threat actor focus on industries crucial to logistics and inventory movement.
Operational Technology Vulnerabilities
Manufacturing environments present unique security challenges due to the convergence of information technology and operational technology systems. OT systems interact directly with physical machinery and automated industrial processes that are often involved in providing essential services. These systems were historically isolated from external networks, but digital transformation initiatives have increasingly connected them to corporate IT infrastructure and cloud platforms to enable remote monitoring, predictive maintenance, and real-time optimization.
Dragos research identified that many ransomware incidents affecting industrial organizations stemmed from weaknesses at the boundary between IT and OT systems, where ransomware operators exploit unsecured connections between corporate networks and operational environments. The launch of Singapore’s OT Cybersecurity Masterplan 2024 and the OTCEP Forum demonstrated governmental recognition of these vulnerabilities and commitment to bolstering cyber defense for critical industrial systems.
The Cohesity-Google Cloud collaboration addresses a specific gap in OT security: the potential for malware to persist in backup systems that support both IT and OT environments. Traditional backup approaches may capture infected system images without detecting embedded threats, creating scenarios where restoration operations reintroduce malware into operational environments. Google Private Scanning’s sandbox analysis capability enables behavioral analysis of suspicious files before restoration, revealing potential system changes, network activity, and registry modifications that could disrupt industrial control systems.
Technical Architecture: Intelligence-Driven Threat Detection
Embedded Google Threat Intelligence Integration
The Cohesity Data Cloud platform now incorporates contextual display of Google Threat Intelligence insights directly within the user interface, fundamentally altering the workflow for IT and security teams making recovery decisions. This integration surfaces detailed threat information including investigative learnings from Mandiant’s incident response expertise, indicators of compromise derived from global threat telemetry, reputation data on suspicious files and network artifacts, and actionable threat details that inform remediation strategies.
Unlike traditional approaches that require security teams to export suspicious files to external analysis platforms, the embedded integration eliminates context switching and manual handoffs between backup administrators and security operations centers. When suspicious files are identified during backup scanning operations, teams can immediately access Google Threat Intelligence data without leaving the Cohesity interface. This streamlined workflow reduces mean time to detection for backup-resident threats and enables faster, more confident recovery decisions.
The integration leverages Google’s frontline security expertise, which processes threat intelligence from billions of devices globally and incorporates insights from Mandiant’s incident response operations across diverse industries and geographies. For Singapore organizations, this provides access to threat intelligence that encompasses both region-specific attack patterns—such as APT campaigns targeting Southeast Asian infrastructure—and global ransomware operations that may pivot to Singapore targets.
Secure Sandbox Analysis via Google Private Scanning
The secure sandbox analysis capability, enabled through Google Private Scanning, represents a significant technical advancement in pre-restoration threat assessment. When suspicious files are identified in backup data, organizations can safely detonate them in an isolated sandbox environment that preserves data privacy and sovereignty—a critical consideration for Singapore organizations subject to data localization requirements and regulatory oversight.
The sandbox environment executes suspicious files while monitoring their behavior across multiple dimensions: file system modifications that could indicate data exfiltration or encryption operations; registry changes that might establish persistence mechanisms or alter security settings; network communications that reveal command-and-control infrastructure or data exfiltration channels; process creation and injection activities that could indicate lateral movement capabilities; and system-level changes such as service installations or scheduled task creation.
This behavioral analysis proves particularly valuable for detecting polymorphic malware and zero-day exploits that evade signature-based detection systems. Traditional security tools rely on known malware signatures and heuristic patterns, creating blind spots for novel threats or customized attack tools developed specifically for targeted operations. Sandbox detonation reveals actual payload behavior regardless of code obfuscation or signature evasion techniques employed by attackers.
The privacy-preserving architecture ensures that analysis occurs in a private scanning environment rather than shared infrastructure, addressing concerns about exposing sensitive backup data to third-party systems. For Singapore’s financial services firms handling customer financial data, healthcare organizations managing patient records, or government agencies protecting classified information, this architectural decision enables threat analysis without compromising data sovereignty or creating additional compliance risk.
Sector-Specific Strategic Implications
Financial Services and Banking
Singapore’s banking and financial services sector, which accounted for 56% of phishing attacks in 2024, operates under stringent regulatory oversight including the Monetary Authority of Singapore’s Technology Risk Management guidelines. These guidelines establish expectations around governance, backup integrity, disaster recovery, and testing protocols. The integration of Google Threat Intelligence into backup infrastructure directly supports compliance with TRM requirements for backup validation and restoration testing.
Financial institutions maintain extensive backup repositories containing transaction records, customer data, trading systems, and compliance documentation. A backup-resident threat that reinfects systems during restoration could compromise financial data, trigger regulatory reporting obligations, and erode customer trust. The ability to perform secure sandbox analysis before restoration enables financial institutions to verify backup integrity with greater confidence, reducing the risk of restoring compromised data into production environments.
The Toppan Next Tech incident, which affected DBS Bank and Bank of China customers, illustrated how third-party vulnerabilities can cascade through financial services supply chains. Cohesity FortKnox, the managed cyber vault solution now available on Google Cloud, addresses this risk by maintaining an isolated, air-gapped copy of critical enterprise data. This architecture ensures clean recovery even in scenarios where attackers compromise both primary systems and traditional backups through supply chain infiltration.
Professional Services Firms
Small and medium enterprises in professional services—including legal, consulting, and accounting firms—experienced disproportionate ransomware targeting in 2024. The April 2024 Akira ransomware attack on major law firm Shook Lin & Bok, which resulted in ransom payment of 21.07 bitcoins, exemplifies the vulnerability of professional services firms to sophisticated ransomware operations.
Professional services firms typically operate with limited IT security staff and budget constraints compared to large enterprises, yet they manage highly sensitive client data including legal documents, financial records, strategic consulting deliverables, and confidential communications. This combination of high-value data and resource constraints creates attractive targets for Ransomware-as-a-Service operations that democratize access to sophisticated attack capabilities.
The embedded threat intelligence and sandbox analysis capabilities reduce the expertise barrier for effective backup security. Rather than requiring dedicated security operations centers or threat intelligence analysts, professional services firms can leverage Google’s global threat intelligence directly within their backup management workflows. This democratization of enterprise-grade security capabilities proves particularly valuable for Singapore’s SME ecosystem, which comprises the majority of business establishments but often lacks resources for comprehensive security programs.
Critical Infrastructure Operators
Singapore’s Critical Information Infrastructure encompasses eleven sectors: aviation, banking and finance, energy, government, healthcare, infocomm, land transport, maritime, media, security and emergency services, and water. The Cybersecurity Act amendments in 2024 expanded regulatory powers to include Systems of Temporary Cybersecurity Concern, Entities of Special Cybersecurity Interest, and Foundational Digital Infrastructure—broadening the scope of mandated cybersecurity measures beyond traditional CII owners.
Critical infrastructure operators face sophisticated state-sponsored threats exemplified by UNC3886’s ongoing campaigns. These adversaries demonstrate advanced capabilities including living-off-the-land techniques and zero-day exploitation—tactics specifically designed to evade traditional security controls. Backup repositories containing system images, configuration data, and operational logs provide valuable forensic evidence for detecting such campaigns, but only if backup security systems can identify subtle indicators of compromise.
The integration of Mandiant’s incident response expertise into the threat intelligence layer proves particularly relevant for critical infrastructure defense. Mandiant’s frontline experience with APT investigations provides insights into attacker tactics, techniques, and procedures that may not surface in broader threat intelligence feeds. For critical infrastructure operators conducting the annual Exercise Cyber Star scenarios—which test response to APT attacks and multi-sector spillover effects—the enhanced backup security capabilities enable more realistic recovery testing under adversarial conditions.
Alignment with Singapore’s Cybersecurity Strategy 2021
Building Resilient Infrastructure
Singapore’s Cybersecurity Strategy 2021 establishes three strategic pillars: Building Resilient Infrastructure, Enabling a Safer Cyberspace, and Enhancing International Cooperation. The first pillar emphasizes strengthening the resilience of digital infrastructure through proactive defense measures, continuous monitoring, and rapid incident response capabilities. The Cohesity-Google Cloud collaboration directly supports this pillar by transforming backup infrastructure from passive recovery mechanisms into active components of the resilience architecture.
The Cybersecurity Code of Practice for Critical Information Infrastructure, revised in December 2022, mandates threat-based approaches that identify threat actors’ common tactics and techniques. The embedded Google Threat Intelligence integration operationalizes this requirement by providing real-time access to threat actor profiles, campaign patterns, and indicators of compromise derived from global incident response operations. This enables CII owners to align their backup security posture with actual threat actor behaviors rather than generic security checklists.
The OT Cybersecurity Masterplan 2024 specifically addresses operational technology environments that support physical control functions including IoT and industrial IoT devices. These environments have become new attack surfaces as demonstrated by attacks exploiting weaknesses at IT-OT boundaries. The secure sandbox capability enables OT operators to analyze suspicious files from industrial control systems without risking production environments—a critical capability for sectors like energy, water, and transportation where testing in live environments poses unacceptable safety risks.
Enhancing International Cooperation
Singapore’s role as a pioneering member of the Counter Ransomware Initiative, involving over 70 member countries, exemplifies the third strategic pillar of enhancing international cooperation. The CRI aims to build collective resilience against ransomware attacks and disrupt the ransomware criminal industry through coordinated action. Singapore will host the next CRI Summit on October 24, 2025, to drive discussions with international partners on addressing the global ransomware challenge.
The Cohesity-Google Cloud collaboration embodies international cooperation by bringing Google’s global threat intelligence platform—informed by incident response operations across diverse geographies and sectors—into Singapore organizations’ backup infrastructure. This enables Singaporean defenders to benefit from lessons learned in ransomware incidents globally, including attack patterns, ransomware family characteristics, and effective mitigation strategies. The bidirectional nature of threat intelligence sharing means that insights from Singapore incidents can inform global defensive efforts through the Google Threat Intelligence platform.
The September 2024 international operation against a global botnet, which remediated 2,700 infected devices in Singapore, demonstrated the value of cross-border cybersecurity cooperation. The integration of Google’s threat intelligence into backup platforms extends this cooperative model by enabling continuous intelligence sharing rather than episodic joint operations. Organizations can access threat intelligence derived from global investigations while contributing their own threat observations to the collective defense ecosystem.
Implementation Considerations for Singapore Organizations
Data Sovereignty and Regulatory Compliance
Singapore places significant importance on data sovereignty, with regulations often requiring that data be stored and processed within the country or under Singaporean legal jurisdiction. The Personal Data Protection Act establishes requirements for cross-border data transfers, mandating that organizations ensure receiving countries provide comparable standards of protection or obtain individual consent for transfers.
The Google Private Scanning architecture addresses these concerns through its private scanning environment design. Rather than transmitting backup data to shared cloud infrastructure for analysis, suspicious files undergo detonation in isolated environments that preserve data sovereignty. Organizations should verify the specific deployment architecture—whether analysis occurs within Google Cloud’s Singapore region or involves cross-border data processing—and ensure alignment with their regulatory obligations and risk tolerance.
Financial institutions subject to MAS supervision should evaluate the integration against Technology Risk Management requirements for outsourcing arrangements and cloud computing. The guidelines establish expectations for governance, operational resilience, and data protection when engaging third-party service providers. Organizations should conduct due diligence on Google Cloud’s security controls, incident response procedures, and contractual provisions for data handling and breach notification.
Integration with Existing Security Architecture
Effective deployment requires integration with existing security operations workflows, including security information and event management systems, security orchestration and automated response platforms, and incident response procedures. The embedded threat intelligence should feed into centralized security monitoring to provide comprehensive visibility across backup infrastructure, production systems, and network security controls.
Organizations should establish clear escalation procedures for suspicious files identified through Google Threat Intelligence or sandbox analysis. These procedures should define when to involve security operations centers, when to engage incident response teams, and when to notify regulatory authorities such as the Cyber Security Agency or the Personal Data Protection Commission. The goal is to ensure that backup security findings integrate seamlessly with broader threat detection and response processes rather than creating isolated security silos.
Testing protocols should validate not only the technical capability to restore clean backups but also the operational procedures for threat assessment and decision-making during recovery operations. Organizations should conduct tabletop exercises that simulate scenarios where backup scans reveal embedded malware, requiring teams to evaluate whether to proceed with restoration, how to sanitize affected systems, and what additional forensic analysis to conduct.
Skill Development and Talent Requirements
Singapore’s Cybersecurity Strategy 2021 identifies growing a robust cyber talent pipeline as a foundational enabler. The SG Cyber Talent initiatives and related programs aim to develop cybersecurity professionals with expertise across diverse domains. The integration of advanced threat intelligence into backup infrastructure creates new skill requirements at the intersection of data protection, threat analysis, and incident response.
Organizations should invest in training for backup administrators and IT operations teams to effectively interpret threat intelligence findings and sandbox analysis results. This includes understanding indicators of compromise, assessing threat actor motivations and capabilities, evaluating malware behavior patterns, and making risk-based decisions about restoration operations. The democratization of these capabilities through embedded interfaces reduces the technical barrier, but effective utilization still requires foundational security knowledge.
Collaboration between IT operations teams and security operations centers becomes increasingly important. Backup administrators traditionally focused on storage capacity, retention policies, and restoration procedures may now encounter sophisticated threat intelligence requiring security expertise to interpret. Organizations should establish clear communication channels and collaborative workflows that enable backup teams to leverage security team expertise when evaluating complex threats in backup data.
Future Outlook and Strategic Recommendations
Evolution of Backup Security Paradigm
The Cohesity-Google Cloud collaboration represents an inflection point in the evolution of backup infrastructure from passive recovery mechanism to active security component. This trajectory will likely accelerate as organizations recognize that backup repositories constitute both critical assets requiring protection and valuable intelligence sources for threat detection. Future developments may incorporate machine learning models trained on historical backup data to identify anomalous patterns indicative of low-and-slow attack campaigns, automated threat hunting capabilities that proactively search backup repositories for indicators of compromise, and integration with cyber deception technologies that use backup systems as sensors for adversary reconnaissance activities.
As artificial intelligence capabilities advance, both attackers and defenders will leverage these technologies more extensively. The Cyber Security Agency’s report noted that 12% of phishing emails in 2024 contained AI-generated content, and threat actors increasingly use AI for research, code troubleshooting, and payload development. Defense-side applications of AI in backup security may include automated malware variant detection that identifies polymorphic malware through behavioral similarity analysis, natural language processing of threat intelligence to extract actionable insights from incident reports and vulnerability disclosures, and predictive analytics that forecast attack vectors based on threat actor patterns and vulnerability trends.
Recommendations for Singapore Organizations
Organizations should conduct comprehensive assessments of their current backup security posture, evaluating whether backup systems incorporate threat detection capabilities, whether restoration procedures include malware analysis, and whether backup data undergoes regular integrity validation. This assessment should identify gaps between current capabilities and the threat landscape facing Singapore organizations.
Pilot implementations of enhanced backup security capabilities should begin with high-value systems and data repositories. Manufacturing organizations might prioritize operational technology backup systems containing industrial control configurations. Financial institutions might focus on systems processing customer transactions and financial data. Professional services firms might emphasize backup systems containing confidential client information. These pilot implementations provide opportunities to validate technical capabilities, refine operational procedures, and demonstrate value before broader deployment.
Investment in complementary security capabilities should accompany backup security enhancements. Organizations cannot rely solely on backup-layer security while neglecting fundamental cyber hygiene. The persistent challenge of unpatched systems—evidenced by the 67% increase in infected infrastructure involving old malware strains—requires sustained commitment to vulnerability management, security patch deployment, and configuration hardening. Backup security capabilities provide additional defense layers but cannot compensate for deficient primary security controls.
Participation in information sharing initiatives enables organizations to benefit from collective intelligence and contribute to community resilience. The Counter Ransomware Initiative, Singapore’s CRI Summit in October 2025, and sector-specific information sharing forums provide venues for exchanging threat intelligence, lessons learned from incidents, and effective security practices. Organizations that actively participate in these communities gain early warning of emerging threats and access to peer expertise for addressing complex security challenges.
Conclusion
The collaboration between Cohesity and Google Cloud introduces capabilities that address critical vulnerabilities in Singapore’s cyber resilience architecture. The integration of Google Threat Intelligence and secure sandbox analysis into backup infrastructure transforms how organizations detect and respond to threats embedded in historical data, closing a dangerous blind spot that ransomware operators and state-sponsored adversaries have increasingly exploited.
For Singapore—confronting a 21% increase in ransomware attacks, sophisticated state-sponsored APT operations, and a 67% surge in infected infrastructure—these capabilities arrive at a critical juncture. The nation’s position as Asia’s premier data center hub and its economic reliance on digital infrastructure create both opportunities and vulnerabilities. Enhanced backup security capabilities strengthen defense-in-depth strategies while supporting compliance with Singapore’s evolving regulatory framework for cybersecurity.
The manufacturing sector, professional services SMEs, financial institutions, and critical infrastructure operators each face distinct threat profiles and operational constraints. The democratization of enterprise-grade threat intelligence through embedded interfaces reduces barriers to adoption, enabling organizations across Singapore’s diverse economy to implement sophisticated security capabilities without requiring extensive security operations infrastructure.
Success requires more than technology deployment. Organizations must integrate backup security capabilities with existing security operations workflows, invest in skill development for personnel interpreting threat intelligence, conduct realistic testing of recovery procedures under adversarial conditions, and participate in information sharing communities that strengthen collective resilience. The Cyber Security Agency’s strategy emphasizing resilient infrastructure, safer cyberspace, and international cooperation provides the framework for these efforts.
As Singapore continues its digital transformation journey—advancing smart city initiatives, expanding IoT deployments, and integrating artificial intelligence across economic sectors—the attack surface will continue to grow. The evolution of backup infrastructure from recovery mechanism to active security component represents a necessary adaptation to this reality. Organizations that embrace this paradigm shift position themselves to detect threats others miss, recover with greater confidence, and contribute to Singapore’s vision of a trusted, resilient, and vibrant cyberspace where everyone can live and work online securely.