The recent disclosure by the Cyber Security Agency of Singapore regarding "Operation Cyber Guardian" revealed a sobering reality. For months, the networks of local operators Singtel, StarHub, M1, and SIMBA were systematically compromised by the threat group UNC3886.
Cyber incidents are typically measured by their visible disruption, such as a website going dark. If the dial tone remains, the danger is assumed to have passed, but this view is dangerously obsolete.
Telecommunications networks are critical national infrastructure, holding the keys to every transaction, conversation, and data packet that moves through the nation. With every major carrier implicated, the "safety shield" of the network layer effectively vanished. For businesses, this meant the very infrastructure they relied on had become a vector of vulnerability.
This breach serves as a strategic inflection point for Communication Service Providers (CSPs) and enterprise leaders. It exposes the vulnerabilities within the traditional connectivity we rely on, necessitating a re-evaluation of how we secure business communications against modern risks.
Redefining resilience in a hostile network
The most dangerous misconception in business is equating operational stability with security. Historically, cyber risks were modelled on "noisy" events, like ransomware that halted production lines or denial-of-service attacks that crashed platforms. However, the threat landscape has changed.
UNC3886 exploited "zero-day" vulnerabilities, which are flaws unknown even to software vendors to bypass firewalls and establish a quiet foothold. Their objective was not to shut down the network but rather to silently inhabit it, gathering intelligence and mapping the terrain.
What the incident highlights for enterprises in Singapore and across the region, is that resilience can no longer be defined solely by redundancy or uptime. It must be defined by the capacity to detect and contain quiet threats. If the underlying carrier network that we depend on can be compromised, the security measures that businesses layer on top is crucial.
- Martin Nygate, Founder & CEO, Velox Networks
We must assume the network is hostile and secure data accordingly. Rather than scrambling to plug leaks after a breach has already happened, encryption and identity checks should be built into communications from the start.
The dual vulnerability of legacy hardware and shadow communications
When confidence in infrastructure is shaken, or when corporate tools prove cumbersome, the workforce drifts toward convenience. This exposes the enterprise to two converging threats: the structural vulnerabilities of aging hardware and the regulatory opacity of "shadow" channels.
First, the continued reliance on on-premise PBX systems creates a false sense of security. Often retained for perceived control, these legacy architectures are frequent targets for toll fraud, where attackers exploit weak authentication during off-hours to accrue significant costs in illicit international dialing.
More fundamentally, traditional VoIP transmissions are rarely encrypted. In an era of persistent network intrusion, this allows adversaries to intercept proprietary voice data with ease, without leaving a physical trace.
The widespread migration of business dialogue to consumer apps like WhatsApp represents a significant governance failure. While these platforms offer agility, they strip the organisation of oversight. Sensitive client data and strategic decisions shared on unmonitored channels exist outside the auditable sphere of enterprise IT, rendering them invisible to compliance teams.
The implications are quantifiable. US regulators have already imposed fines exceeding US$2 billion on financial institutions for failing to preserve such "off-channel" communications. For firms in Singapore and the region, the liability is twofold: the direct financial exposure to fraud on unsecured lines and the regulatory risk of data sovereignty violations.
Bolster your defence with cloud-first security
The accelerated decommissioning of Singapore’s legacy copper lines and ISDN infrastructure presents a forced migration. Yet, viewing this merely as a logistical switch to Voice over IP (VoIP) obscures the strategic dividend. The transition is an opportunity to overhaul network architecture, moving from a passive reliance on physical wires to an active, defensible security posture.
Regardless of the deployment model, the UNC3886 incident confirms that the underlying network can no longer be trusted as a safe harbour. A modern defense strategy must rest on three pillars:
- First, identity assurance must replace perimeter defense. The traditional model of trusting users inside the network is obsolete. Securing communications requires a "Zero Trust" framework, enforcing multi-factor authentication (MFA) and strict access protocols. A compromised sales extension must not become a gateway for lateral movement across the enterprise.
- Second, network segmentation is essential. Voice traffic should be isolated from general data streams using Virtual LANs (VLANs) or encrypted tunnels. This compartmentalisation limits the "blast radius" of any intrusion, ensuring a breach in the broader data network cannot easily cascade into the telecommunications layer.
- Finally, security must be dynamic. This is where the switch to VoIP delivers its most critical advantage. Legacy hardware creates a "patch gap," the dangerous window between vulnerability discovery and manual repair.
Modern VoIP architectures close this gap by shifting telephony from hardware to software. This enables centralised, automated updates that address vulnerabilities in real-time and facilitates the seamless deployment of end-to-end encryption, which are capabilities that aging copper systems simply cannot support.
A mandate for collective vigilance
The "whole-of-government" response unleashed by Operation Cyber Guardian underscores the severity of the threat landscape. Yet, as Singapore’s Minister Josephine Teo - who leads the government’s efforts in strengthening the nation’s cyber defense - noted, the resilience of the country’s digital economy relies equally on the vigilance of the private sector.
For enterprise leaders, this incident serves as a critical reminder to safeguard their own operations against a sophisticated threat landscape. In an interconnected economy, a compromised network is a contagion.
By eliminating "shadow IT" and adopting encrypted cloud infrastructure, businesses can do more than contribute to national security. They also immunise themselves against reputational damage, financial fraud, and intellectual property theft.
Ultimately, businesses must look beyond the simple metric of uptime. The focus must shift to architectural integrity and total channel management to remove the vulnerabilities that invite breaches before they can occur.
Martin Nygate is the Founder & CEO of Velox Networks.
