Cybersecurity in Singapore’s schools: Threats, GenAI risks and the path to resilience

Digital transformation has changed the way Singapore’s schools teach, learn and operate — but it has also widened the attack surface for increasingly complex cyberthreats. Ransomware can disable classroom technology, GenAI-driven phishing can mimic trusted staff and data breaches can compromise student and institutional data and records. Meanwhile, unpatched systems are creating new entry points for attackers.

Getting to know these threats is the first step towards building a safer, more resilient education ecosystem.

Critical cyber risks confronting Singapore’s education ecosystem

Across the education sector, institutions are increasingly targeted by a range of nefarious cyberthreats:

• Ransomware remains the leading threat, encrypting critical systems and demanding payment for restoration. It causes extensive operational disruption.
• Social engineering campaigns manipulate the open communication culture of academic environments. For example, business email compromise attacks impersonate administrators or vendors, while spear‑phishing exploits academic calendars and institutional terminology.
• Quick response (QR) code phishing campaigns have become the fastest-growing type of email-based attack, accounting for nearly 20% of all phishing emails globally. These attacks embed QR code images linked to malicious content into the body of an email, and often entice unwitting users with seemingly genuine prompts, like a password reset or a multifactor authentication request.
• Data breaches and identity theft remain significant risks as institutions store vast amounts of personally identifiable information. Breaches can expose students’ academic records and health data, creating regulatory issues.
• Advanced persistent threats target educational research and intellectual property. Entities like Lazarus Group and Mustang Panda steal government-funded research, establishing persistent access for cyber espionage.

Other threats include distributed-denial-of-service attacks that overwhelm online platforms, insider threats that expose sensitive data, third‑party vulnerabilities (consider the Mobile Guardian incident) and unpatched or misconfigured systems that leave critical weaknesses.

• ALSO READ → In Singapore and beyond, AI is supercharging educational technology

The GenAI paradox: AI accelerates both innovation and cyber risk

GenAI is helping schools in meaningful, practical ways. It personalizes learning for students, supports multilingual learners and helps teachers create lessons, feedback and classroom materials. It also expands access to tutoring and accessibility tools, helping to keep students with diverse learning needs engaged and supported.

Furthermore, it boosts creativity, strengthens digital literacy and reduces teacher workload so faculty members can focus more on students and less on administrative tasks.

But while GenAI delivers significant operational and educational value, cybercriminals are using the same capabilities to increase the volume, speed and sophistication of their attacks and make them harder to detect using traditional security solutions.

How attackers are using GenAI

AI-powered attacks increasingly take the form of:

• GenAI phishing and spear-phishing
• AI-assisted malware development
• Automated reconnaissance and target identification
• Personalized ransomware demands designed to maximize payouts

Cybercriminals use GenAI to quickly synthesize information scraped from public websites, social media and leaked documents, enabling highly realistic microtargeted attacks that are extremely difficult to distinguish from legitimate internal communications.

• Deepfakes and impersonation risk: Some of the most extreme GenAI-assisted attacks involve deepfake audio or video. In these scenarios, a teacher, principal or HR representative appears to contact another employee or a student with a request for sensitive information as part of a routine activity.
• Accidental data leakage through GenAI: A growing but underappreciated risk is unintentional data exposure. When employees or students paste sensitive data — such as student records, confidential research notes or proprietary code — into public GenAI tools, that data is transmitted externally and may be retained or used for model training.

GenAI is not a traditional threat like ransomware or phishing. It’s an amplifier that makes existing human-centric attacks more effective and introduces entirely new, automated risks. Until the required controls are in place, properly configured and regularly monitored, the risks faced by educational institutions will continue to escalate.

The regulatory response

Global regulations on responsible AI use are evolving rapidly. The EU AI Act emphasizes transparency, accountability, fairness and human review, particularly for high-risk sectors like education. In Asia, the Monetary Authority of Singapore has strengthened its AI governance approach through updated AI model risk management guidelines — signaling that responsible AI adoption is becoming a compliance requirement, not just best practice.

• ALSO READ → Secure networking: Is your network ready to support AI workloads?

National and school‑level efforts to strengthen cybersafety for students

The Cyber Security Agency of Singapore (CSA) is leading the charge in safeguarding the nation’s digital environment, raising cybersecurity awareness and building resilience across communities. The CSA works in partnership with the education sector, sharing cybersecurity messages in assembly halls, classrooms and computer labs through the SG Cyber Safe Students Programme. Notable interventions include:

• Collaborating with Microsoft on workshops for primary and secondary school students that convey good cyber hygiene practices through gamification (using Microsoft’s Minecraft Education cybersecurity modules to teach cybersecurity messages through immersive and relatable scenarios in the Minecraft environment)
• Developing the “Be Cyber Safe” pop-up and drama skits, which are in demand and have received positive feedback from schools and partners
• Presenting talks to thousands of students, ranging from primary schools to institutes of higher learning, on topics such as the importance of cybersecurity, common cyberthreats and tips to stay safe online
• Working with the Ministry of Education to incorporate content related to cyberthreats and Singapore’s Cybersecurity Strategy 2021 into the social studies curriculum for upper secondary school students (the CSA also co-created videos for the ministry’s Student Learning Space to deepen educators’ and students’ understanding of cybersecurity)

How NTT DATA helps schools build robust cyberdefence

While national initiatives play a critical role in raising awareness and strengthening baseline cyber readiness, educational institutions still need dedicated support to build deeper, long‑term resilience. This is where NTT DATA can help.

We have deep, worldwide experience in cybersecurity and digital transformation, protecting clients across critical sectors, including education, with services aligned to trends, limitations, regulatory requirements and ongoing innovation in these industries. For example, we’ve worked with the Zuyd University of Applied Sciences in the Netherlands to improve their cyber resilience.

In Singapore, we understand the regulatory landscape and operational constraints that educational institutions face, and we’re already helping them design, implement, operate and modernize their cybersecurity blueprints — including use cases that defend against nation‑state–level threats.

· ALSO READ → Future-ready higher education: A strategic guide to digital transformation in Singapore’s universities