Is your organization focusing on the exposures that matter most, or is your cybersecurity investments misallocated?

Ng: Enterprises continue to underestimate the risk posed by legacy vulnerabilities, edge devices, and cloud misconfigurations. Many of the exploitation attempts we observe globally still involve older, publicly disclosed vulnerabilities because organizations have not fully patched or monitored them.

The same pattern applies to IoT and edge devices, which often operate with outdated firmware or default credentials. These devices provide a simple entry point that attackers can use to move laterally through an organization’s environment.

Cloud environments also remain a significant blind spot. Misconfigured storage, wide-ranging identity permissions, and unsecured APIs are exploited repeatedly. In many cloud incidents, the initial access begins with unusual logins from unfamiliar geographies, which highlights gaps in identity monitoring.

Despite these trends, many organizations continue allocating budget toward reactive patching and isolated tools rather than toward proactive exposure management. Approaches such as continuous threat exposure management provide a more complete Despite these trends, many organizations continue allocating budget toward reactive patching and isolated tools rather than toward proactive exposure management. Approaches such as continuous threat exposure management provide a more complete exploitable.

When organizations focus on the exposures that matter most, their security investments produce far greater impact and resilience.

AI-driven cyberthreats can easily outpace AI-powered defenses. In this situation, what countermeasures should organizations prioritize?

Ng: AI amplifies both offense and defense, and outcomes depend on how effectively an organization integrates AI into its security architecture. Threat actors may use AI to generate targeted phishing emails, automate reconnaissance, or identify weak configurations at scale. If defenders rely on manual processes or disconnected systems, they will struggle to react quickly enough.

The most important countermeasure is an integrated security platform where AI is embedded across networking, endpoint, cloud, and security operations. A unified architecture provides the context and visibility needed to spot early signs of compromise and respond quickly.

Automation is equally critical because modern attacks unfold at machine speed. Routine detection, correlation, and response must be as automated as possible so that defenders can focus on higher-level analysis.

Threat intelligence also plays a defining role. AI models rely on high-quality data to anticipate emerging techniques and adapt to new behaviors. When organizations combine integrated design, automation, and intelligence, they create a defensive environment that keeps pace with AI-driven threats.

We’ve seen how ransomware and supply chain attacks have evolved, often bypassing traditional defenses. What lesser-known or hybrid attack strategies could gain traction in the coming months?

Ng: Cybercrime is entering a phase where specialization and industrialization are becoming the norm. Criminal groups are focusing on specific parts of the attack chain to increase efficiency, and this makes coordinated campaigns more scalable.

As organizations adopt multiple cloud providers, attackers are devoting more attention to cloud-specific vulnerabilities, identity exposures, and misconfigurations.

AI-driven hacking tools are becoming more common on underground marketplaces. They allow even inexperienced actors to craft convincing lures, analyze stolen data, or probe for weak access controls.

Another trend is the convergence of cyber and real-world intimidation, as certain groups extend their operations into physical coercion and fraud schemes supported by broader criminal networks.

To counter such hybrid threats, collaboration becomes essential. Governments, industry partners, and the security community must work together to share intelligence and strengthen collective readiness.

Besides the financial and government sectors, what other industries in Asia Pacific might become prime cyber-attack targets?  

Ng: Healthcare remains one of the sectors most vulnerable to attacks because clinical services depend on uninterrupted operations and because medical data carries long-term value. A successful attack can delay treatment, compromise sensitive patient records, and cause significant operational and reputational harm.

Utilities and the wider energy sector are also seeing increased attention from attackers. These organizations operate complex environments where any interruption can affect large populations. Ransomware groups understand the leverage they gain when essential services are disrupted and are becoming more aggressive in targeting these sectors.

Manufacturing continues to face mounting pressure as production lines increasingly rely on digital systems. Many operational technology environments were not originally designed with cybersecurity in mind, and a breach can halt operations, damage equipment, and cause prolonged downtime. As digital transformation accelerates, the exposure grows, making these industries attractive targets.

Where do enterprises struggle most when balancing security and usability, and how should CISOs rethink their approach?

Ng: Enterprises often struggle with the complexity created by disconnected security tools. When systems do not work together, teams spend significant time correlating information, navigating multiple dashboards, and performing repetitive tasks. This slows incident response and increases the likelihood of errors.

Employees also feel the impact of friction caused by multiple authentication steps, restrictive access policies, and inconsistent user experiences.

The strain between data protection and accessibility presents another challenge. Employees need fast and reliable access to information, yet sensitive data must remain protected. When controls are too restrictive, productivity suffers. When they are too relaxed, risk escalates.

CISOs can address this by designing security with the user experience in mind. Selecting integrated and intuitive solutions reduces operational complexity for both employees and security teams.

Training grounded in real work scenarios helps build awareness without overwhelming staff. Automation relieves teams of repetitive tasks and accelerates detection and response. Zero Trust principles help ensure that identity, device posture, and access controls are enforced consistently.

AI contributes by analyzing behavioral patterns, identifying anomalies, and improving visibility across the environment.

When security becomes streamlined and consistent, organizations achieve stronger protection without compromising usability.