As a digitally enabled university, Singapore Institute of Technology (SIT) relies extensively on information and communication technologies to support teaching, research, administration, and student services.
This reliance significantly enhances operational efficiency and learning innovation—but it also introduces a broad spectrum of technological threats that can disrupt academic continuity, compromise sensitive data, and damage institutional reputation.
Across Singapore’s education sector, cyber risks such as ransomware, phishing, and data breaches are increasing in frequency and sophistication, driven by digital transformation and emerging technologies like AI.
Universities are particularly attractive targets due to their open networks, large user populations, and valuable research and personal data. Therefore, identifying and understanding these technological threats is a critical step in SIT’s Crisis Risk Assessment (CRA) process.
|
Type of Threats / Crisis Scenarios (Technological) |
Description of Threats/ Crisis Scenarios |
Country Level |
Organisation Level (SIT Context) |
|
Cyberattack (Malware, Ransomware) |
Malicious software infects systems, encrypts data, and demands ransom. Ransomware is one of the most common attacks on educational institutions. |
Increasing ransomware attacks across Singapore and globally; the education sector is highly targeted |
Disruption to SIT’s Learning Management Systems (LMS), student portals, and research databases; possible suspension of classes and exams |
|
Phishing & Social Engineering |
Attackers impersonate trusted entities (e.g., IT support) to steal login credentials and sensitive data |
AI-enhanced phishing and scams are rising in Singapore |
Compromise of staff/student accounts, leading to unauthorised access to SIT systems (email, academic records, finance systems) |
|
Data Breach / Data Leakage |
Unauthorised access or exposure of sensitive personal, academic, or research data |
Past breaches in Singaporean education institutions resulted in the exposure of student data |
Exposure of SIT student records, research data, and intellectual property; regulatory penalties under PDPA |
|
Distributed Denial of Service (DDoS) |
Overwhelming systems with traffic to make services unavailable |
Cyberattacks such as DDoS are increasing globally and in Singapore |
SIT website, student portals, and online learning platforms become inaccessible during peak academic periods |
|
System / Network Failure |
Failure of the IT infrastructure due to hardware faults, software bugs, or overload |
Increasing reliance on digital systems increases systemic risk nationwide |
Disruption to campus-wide systems (Wi-Fi, e-learning platforms, library access, exam systems) |
|
Cloud Service / Third-Party Failure |
Outage or compromise of external service providers (cloud, SaaS, LMS vendors) |
Supply chain attacks target weaker vendors to reach larger organisations |
SIT operations were impacted due to reliance on third-party platforms (e.g., LMS downtime affecting teaching continuity) |
|
Insider Threat (Students / Staff) |
Authorised users misuse access intentionally or unintentionally |
Insider threats (including students) are significant in universities |
Unauthorised data access, grade manipulation, or accidental data leaks within SIT systems |
|
Cyber Espionage / Intellectual Property Theft |
Theft of research data, patents, or sensitive academic work |
Universities globally are targeted for research and intellectual property |
Loss of SIT research competitiveness, breach of industry partnerships, and reputational damage |
|
Unpatched Systems / Vulnerability Exploits |
Exploitation of outdated software or systems with known vulnerabilities |
Attackers exploit vulnerabilities faster than patches are deployed |
SIT systems are compromised due to delayed patching or legacy systems in labs and campus infrastructure |
|
IoT / Smart Campus Vulnerabilities |
Exploitation of connected devices (CCTV, access control, sensors) |
IoT vulnerabilities are increasingly targeted in education environments |
Physical security risks (e.g., access control failure), disruption to smart campus operations |
|
E-Learning Platform Compromise |
Attacks targeting online learning systems and virtual classrooms |
E-learning systems are inherently exposed due to internet dependency |
Interruption of lectures, manipulation of course content, or unauthorised access to virtual classrooms |
|
AI / GenAI-Driven Attacks |
Use of AI to automate phishing, deepfake impersonation, and cyberattacks |
GenAI increases the sophistication of attacks in the Singapore education sector |
Highly convincing fake communications targeting SIT leadership, staff, or students |
|
IT Security System Failure |
Failure of cybersecurity controls such as firewalls, endpoint protection, or monitoring systems |
The growing sophistication of threats challenges existing security frameworks |
Increased vulnerability window for SIT systems, leading to undetected breaches |
|
Identity Theft & Credential Compromise |
Unauthorised use of stolen identities to access systems |
Identity theft is a major information security threat |
Unauthorised access to SIT systems, financial fraud, or manipulation of academic records |
Technological threats are among the most critical and rapidly evolving risk categories for modern universities, such as the Singapore Institute of Technology.
The increasing digitalisation of teaching, administration, and research has expanded SIT’s attack surface, making it vulnerable not only to traditional IT failures but also to sophisticated cyberattacks, insider threats, and emerging AI-driven risks.
These threats can disrupt academic continuity, compromise sensitive data, and undermine stakeholder trust if not effectively managed.
To strengthen resilience, SIT must adopt a holistic technology risk management approach—combining robust cybersecurity controls, continuous monitoring, user awareness training, and strong governance aligned with national cybersecurity strategies.
Proactive identification of technological threats, as outlined in this chapter, provides the foundation for subsequent phases of Crisis Risk Assessment and ensures that SIT remains a secure, resilient, and future-ready institution in Singapore’s digital education landscape.
| eBook 3: Starting Your Crisis Management Implementation | |||
To learn more about the course and schedule, click the buttons below for the CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].
|
Please feel free to send us a note if you have any questions. |
||