File-less malware does not care how many threats you blocked last year. It runs in memory, leaves nothing on disk, and exits cleanly. Many endpoint stacks in Singapore's public sector are not consistently configured to detect it, and organisations that believe otherwise may not have validated that assumption against realistic threat scenarios. Drive-by downloads persist because browser plugin governance is genuinely hard and it has not yet become a board-level priority across the estate. Until the conversation shifts from "train users to be careful" to "audit and restrict what runs in the browser across the estate," the vector stays open. When scam case counts fall but total losses climb, that is a targeting upgrade, not a win. Criminals running fewer, more precise operations are harder to detect and harder to prosecute than the ones running volume. The broader point for Singapore's public sector is that the 5.3 million blocked threats is one data point among several—a strong block rate and a strong detection posture are not the same measurement.
File-less malware does not care how many threats you blocked last year. It runs in memory, leaves nothing on disk, and exits cleanly. Many endpoint stacks in Singapore's public sector are not consistently configured to detect it, and organisations that believe otherwise may not have validated that assumption against realistic threat scenarios. Drive-by downloads persist because browser plugin governance is genuinely hard and it has not yet become a board-level priority across the estate. Until the conversation shifts from "train users to be careful" to "audit and restrict what runs in the browser across the estate," the vector stays open. When scam case counts fall but total losses climb, that is a targeting upgrade, not a win. Criminals running fewer, more precise operations are harder to detect and harder to prosecute than the ones running volume. The broader point for Singapore's public sector is that the 5.3 million blocked threats is one data point among several—a strong block rate and a strong detection posture are not the same measurement.