Amid the launch of DeepSeek and ChatGPT’s ‘Operator’ mode, organizations across Asia are facing increased risks from AI-powered cyber-attacks, with traditional defenses proving inadequate in addressing convincing social engineering schemes that bypass legacy security controls.

As businesses in the region continue on their digital transformation journeys, they are inevitably facing evolving cyberthreats, regulatory shifts, and skill shortages. However, these challenges also present opportunities for innovation, collaboration, and cybersecurity investment. We find out more from Fabrice Bartolucci, Regional General Manager of SEAHK, Exclusive Networks. 

Similarly, AI-driven tools have been deployed in spear-phishing campaigns, creating customized, convincing messages that trick users into revealing sensitive information. Additionally, AI has been utilized in adversarial attacks to bypass machine learning-based defenses, such as fooling image recognition systems or biometric authentication.

AI can even discover vulnerabilities faster than traditional methods, giving attackers a significant edge. One example is the use of AI to map out an organization’s entire infrastructure to identify weaknesses, enabling precision attacks like ransomware or supply chain compromises.

While these risks are concerning, they highlight the need for equally advanced defenses. AI and machine learning can also be leveraged by cybersecurity teams to enhance threat detection, automate responses, and predict potential vulnerabilities before they are exploited. The sentiment toward these technologies, therefore, depends on how responsibly they are developed, deployed, and regulated.

The stakes are high, and as AI continues to evolve, proactive measures will be vital to ensuring it becomes a tool for security rather than an enabler of risk. Balancing innovation with security will be critical as we continue to integrate AI into our digital ecosystem. It’s an exciting yet precarious time for technology, and proactive measures like ethical AI frameworks, robust cybersecurity strategies, and collaboration between industries are crucial to ensuring AI is a force for good rather than risk.

The World Economic Forum’s Global CybersecurityOutlook 2025 report highlights increasing complexity in the cyber landscape due to emerging technologies and geopolitical uncertainties. What are some new cyberthreats that businesses in Asia are expected to face in 2025? 

FB: AI-powered cyber-attacks will continue to be a major threat to businesses across Asia as cybercriminals leverage generative AI and deepfake technology to enhance their tactics. AI-driven phishing scams and business email compromise attacks will only become more sophisticated and convincing, making it harder for employees to differentiate between legitimate and fraudulent communications. 

Attackers will also use AI to automate reconnaissance, craft personalized scams, and bypass security defenses, leading to higher success rates in social engineering and ransomware attacks​.Additionally, double extortion tactics, where attackers demand a ransom not only to restore data but also to prevent its public exposure, will remain a growing concern​.

Supply chain vulnerabilities also pose significant risks as AI-fueled attacks increasingly target software vendors, cloud service providers, and third-party suppliers. A single compromised vendor could expose multiple organizations to cyber threats, leading to widespread disruptions. Attackers will exploit weak links in the supply chain to inject malicious code, steal sensitive data, or manipulate critical business operations. 

To effectively combat evolving cyber threats, businesses must first foster a culture of strong industry-academic collaboration by working closely with universities and research institutions to develop cutting-edge cybersecurity solutions and train the next generation of cybersecurity professionals. 

Geopolitical tensions are leading to increased cyber-attacks on businesses and governments, affecting industry standards. Have there been any significant cybersecurity incidents or breaches in 2025 that have influenced industry standards?

FB: The cybersecurity industry evolves so rapidly that focusing on specific attacks can quickly become obsolete. Cyber-attacks in Asia increasingly target critical infrastructure, including power grids, healthcare systems, and transportation networks, exploiting vulnerabilities in these essential services. For instance, ransomware campaigns and advanced persistent threats (APTs) have been deployed against energy providers and public utilities in nations embroiled in regional disputes. 

With Asia’s rapid digitalization and growing reliance on interconnected systems, safeguarding critical infrastructure has become a pressing priority for governments and businesses alike.

Global frameworks like Zero Trust Architecture, Post-Quantum Cryptography and supply chain risk management standards have gained traction, spurred by concerns over the security of software and hardware sourced from geopolitical rivals. Additionally, international collaboration initiatives, such as ASEAN’s efforts to create regional cybersecurity frameworks, highlight the push for harmonized standards to address cross-border cyber threats. These developments reflect the growing recognition of cybersecurity as a key component of national defense.

The expanding attack surface is exacerbated by the shortage of cybersecurity professionals. How can SMEs effectively address this shortage to meet the increasing demands of modern digital threats?

FB: The cybersecurity talent shortage remains a significant challenge, and a long-term solution is still far from reach. Addressing this issue requires a multi-faceted approach to support businesses that lack in-house expertise.

SMEs can leverage Managed Security Service Providers (MSSPs) to access expert security services without the need for in-house specialists. MSSPs offer comprehensive solutions, including 24/7 threat monitoring, incident response, vulnerability management, and compliance support, ensuring SMEs remain protected against evolving cyber threats. By outsourcing to MSSPs, businesses can reduce costs, enhance security, and scale their defenses as needed, without the burden of hiring and retaining specialized talent. 

An industry example would be our partnership with Palo Alto Networks which consists of a MSSP program designed to provide businesses with advanced cybersecurity solutions. What this means is, access to Palo Alto Networks security platforms, such as Prisma Cloud, Cortex XDR, and Next-Generation Firewalls (NGFWs), ensuring that threat detection, prevention, and response capabilities are effectively delivered.

AI-driven security automation, Zero Trust architecture, and real-time threat intelligence are made available to MSSPs without the need for complex in-house security infrastructure. In addition, specialised training, flexible consumption models, and dedicated support are offered by Exclusive Networks, allowing MSSP partners to scale their services efficiently while addressing the ongoing cybersecurity skills gap. 

MSSPs essentially help SMEs to mitigate risks more efficiently and strategic partnerships like these allow them to focus on core operations while ensuring robust cybersecurity protection.

Which industries are at the highest risk, and why?

FB: While finance and healthcare remain prime targets for cybercriminals due to their highly lucrative nature, the growing adoption of IoT, cloud-based supply chains, and smart factories has positioned the manufacturing sector as a major target for cyberthreats.

Unlike industries with well-established cybersecurity frameworks, manufacturing has traditionally underinvested in security, prioritizing physical safety and operational efficiency over digital risk management. This lack of focus has made manufacturing highly susceptible to AI-driven cyberattacks, which can exploit supply chain vulnerabilities to infiltrate organizations through third-party vendors. Additionally, ransomware attacks pose a significant threat, with the potential to halt production lines, disrupt logistics, and compromise critical infrastructure, leading to substantial financial losses and operational downtime.

A major challenge is the absence of dedicated cybersecurity teams and outdated security policies in many manufacturing firms. Employees at all levels, from factory workers to executives, often receive little to no cybersecurity training, making them easy targets for phishing, social engineering, and credential theft. Furthermore, legacy operational technology systems, which were never designed with security in mind, frequently remain unpatched and exposed, creating an open door for cyber-attacks.

The lack of a strong security culture means that basic cybersecurity measures, such as multi-factor authentication (MFA), regular software updates, and network segmentation, are often overlooked, significantly increasing the risk of breaches. To mitigate these threats, manufacturers must prioritize cybersecurity awareness training, invest in specialized security personnel, and integrate AI-driven threat detection systems to safeguard critical infrastructure and sensitive data.