Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Sparsa AI Launches Sovereign Enterprise AI Platform with Global Deploy...
Conifers AI Opens Singapore Data Region, Bringing Local Data Residency...
Finally taken down: Residential proxy network of at least 2m smart dev...
DXC Opens Flagship AI-first Customer Experience Center in Bengaluru
AI speeds threat discovery as coverage gaps persist: survey
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      S E Asia governments targeted by cyber-espionage group

      S E Asia governments targeted by cyber-espionage group

      Tuesday, June 23, 2026, 8:00 AM Asia/Singapore | Features
    • Featured

      Rethinking network and infrastructure design for resilience

      Rethinking network and infrastructure design for resilience

      Thursday, June 18, 2026, 2:17 PM Asia/Singapore | Features
    • Featured

      Bringing cybercriminals to justice in APAC

      Bringing cybercriminals to justice in APAC

      Thursday, June 11, 2026, 10:30 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • AWARDS 2026
  • Directory
  • E-Learning

Select Page

Features

How AI is supercharging insider threats

By Victor Ng | Wednesday, April 15, 2026, 12:29 PM Asia/Singapore

How AI is supercharging insider threats

Beyond headline-grabbing ransomware, the early months of 2026 point to a fast-growing concern: insider-driven identity exposure, now increasingly amplified by AI-enabled attack techniques.

Recent news that Singapore’s four major telcos, Singtel, StarHub, M1 and Simba Telecom, were targeted by the advanced persistent threat group UNC3886, shows how even well-defended organizations remain exposed when identity systems lack continuous monitoring, privileges are overextended and attackers use AI-driven automation to escalate access at speed.

UNC3886 exploited zero-day vulnerabilities and credential access in their sophisticated espionage campaigns. Whether through privilege misuse, stale access rights or anomalous behavior, insider-related incidents can expose sensitive data and weaken core identity systems such as Active Directory and Entra ID.

AI further complicates. Increasingly, the challenge lies not in sophistication of malware but in the speed and stealth enabled by AI-assisted tactics. CybersecAsia discussed this issue – and more – with Sean Deuby, Principal Technologist, Semperis.

Why have identity systems become a primary target, and how are attackers increasingly using insider access and AI-driven automation as force multipliers?

Deuby: It is often said that people are the weakest link in cybersecurity, but in practice, attackers are increasingly focused on the systems that sit behind people, particularly identity. You hear the maxim “identity is the new perimeter” but at Semperis, we would say that identity has always been the perimeter.

When attackers can compromise identity infrastructure, they move beyond a single point of entry and gain broad access across systems, users and privileges. In that sense, identity is not just a target, but also a weapon.

This aligns closely with the economics of cybercrime: maximize payout, move quickly, and avoid detection for as long as possible. Compromising identity systems can enable ransomware, data exfiltration, lateral movement and persistence, all from a position of trusted access.

Insider access fits this model particularly well because it can dramatically accelerate the attack path. Whether it involves privileged access, assistance in bypassing controls such as multi-factor authentication, or activity from within an administrative environment, insider involvement can reduce the time, cost and effort required to compromise an organization.

AI is increasingly acting as a force multiplier in this process. At this stage, attackers are using AI and automation to scale tasks such as phishing, password spraying, reconnaissance and vulnerability discovery more efficiently. While the underlying tactics may be familiar, AI allows them to execute faster and at greater volume, which increases pressure on defending attacks.

This combination of identity compromise, insider-enabled access and AI-driven automation is making attacks more efficient and harder to contain. That is why strengthening identity security and overall cyber resilience has become increasingly important.

With early 2026 already showing signs of rising insider-driven identity exposure, what emerging trends, such as privilege creep, misconfigurations and delayed remediation, should organizations be most concerned about?

Deuby: Many of the biggest risks are not new but are becoming more dangerous because organizations are now layering AI, automation and faster deployment cycles onto longstanding weaknesses. Issues such as privilege creep, over-permissioning, weak governance, misconfigurations and delayed remediation, which have existed for years are being exploited at scale and speed.

Privilege creep remains a major concern because excess access often accumulates over time without being properly reviewed or removed. In many environments, users, service accounts and applications end up with more access than they need, creating unnecessary exposure across the identity estate. Threat actors can easily exploit permissions that were never tightened in the first place.

Misconfigurations are equally significant. In many cases, organizations are compromised not because of a sophisticated breakthrough, but because basic controls were left incomplete, inconsistently applied or poorly governed.

Common examples include weak segmentation, gaps in privileged access hygiene, incomplete enforcement of multi-factor authentication, and administrative credentials being exposed through routine operational practices such as administrative tiering.

Delayed remediation is another serious issue. Even when weaknesses are known, they are not always addressed quickly because security improvements often compete with operational priorities, change control processes and resource constraints. As a result, vulnerabilities can remain open long after they are identified, giving attackers ample opportunity to exploit them.

AI is increasing the urgency of these problems. As organizations experiment with AI agents and AI-enabled workflows, governance is often lagging deployment. In some cases, these tools may be granted excessive permissions, poorly managed secrets, or no meaningful time limits on what they can do. That creates a growing risk that organizations will continue to encounter familiar identity and access problems in a much more scalable and dynamic environment.

Organizations should be less focused on hypothetical edge cases and more focused on tightening governance, reducing unnecessary privilege, correcting known misconfigurations and fixing issues before they become persistent attack paths.

What operational and regulatory consequences can organizations face when identity systems are compromised?

Deuby: When identity systems are compromised, the consequences extend well beyond a typical cyber incident. There can be immediate financial impact, regulatory exposure and serious operational disruption, but the bigger issue is that identity failure often makes the wider crisis significantly harder to manage.

From a regulatory standpoint, organizations may face strict breach notification obligations, accelerated reporting timelines and increased scrutiny from regulators, particularly in highly regulated sectors such as healthcare, finance and critical infrastructure. In many cases, organizations are required to begin reporting before they have a complete picture of what happened, which adds pressure at an already chaotic stage of the incident. Operationally, compromised identity systems can create a “lights out” scenario where the very systems they need to respond to a breach are unavailable. Identity platforms such as Active Directory and Entra ID underpin authentication, access, administration and internal coordination. If those systems are unavailable or untrusted, organizations may struggle to communicate internally, access core systems, coordinate incident response, or even carry out basic recovery activities.

There is also a distinct recovery challenge with identity systems. Restoring identity is not the same as restoring a standard workload such as email or a database. Attackers often establish persistence in identity infrastructure so they can return even after initial access is removed. That means an organization may bring systems back online operationally, while still leaving the underlying identity environment untrustworthy.

This is why identity recovery must focus not only on returning services to operation, but on restoring trust. If backdoors, malicious changes or persistence mechanisms remain in place, the organization remains exposed to repeat compromise. For security leaders, the goal should not just be ‘return to operations’ but ‘return to trustworthiness’.

Why are continuous monitoring, behavioral analytics and proactive detection now business-critical rather than optional?

Deuby: These capabilities are now business-critical because many attacks no longer look overtly malicious at first glance. In identity-based attacks, adversaries often use legitimate credentials, valid sessions or authorized pathways, which means traditional alerts may not detect them early enough.

That is why organizations need more context around user and system activity. Continuous monitoring and behavioral analytics help security teams determine whether activity is merely valid on paper, or genuinely normal in context. For example, a login may appear legitimate from an identity perspective but still be suspicious if it comes from an unusual location, device, browser or usage pattern.

The value of behavioral analytics is that it enables organizations to assess multiple signals together rather than relying on any single indicator. Risk scoring based on factors such as location, device, access behavior and session characteristics gives defenders a stronger chance of identifying misuse before it escalates into full compromise.

Proactive detection is equally important because attackers are moving faster, and AI is helping them scale and automate familiar tactics more efficiently. As identity attacks become more adaptive and harder to distinguish from normal activity, organizations cannot afford to wait for a major disruption before responding. They need the ability to detect subtle warning signs early, investigate quickly and contain threats before they affect operations.

In that environment, continuous monitoring and behavioral analytics are no longer optional security enhancements. They are essential to maintaining visibility, reducing response time and protecting trust in the identity layer that the rest of the business depends on.

Identity systems like Active Directory and Entra ID form the backbone of enterprise access. What practical steps can security leaders take in 2026 to strengthen identity resilience without slowing business operations?

Deuby: The first priority is to focus on the fundamentals that make an organization a harder target. Security leaders do not need to make their environment perfect overnight, but they do need to reduce the clear vulnerabilities that attackers can exploit with relative ease and minimal cost.

That begins with strengthening identity hygiene and posture. Organizations should review privileged access, reduce over-permissioning, close common configuration gaps, enforce strong authentication consistently, and regularly assess the exposure of critical identity infrastructure such as Active Directory and Entra ID. In many cases, these basic steps can materially strengthen resilience without creating unnecessary friction for the business.

It is also important to take a risk-based approach. Cybercriminals tend to follow the easiest and most profitable path. If an organization can make identity compromise slower, harder and less predictable, attackers may decide the effort is no longer worthwhile and shift to an easier target. In that sense, resilience is not only about building perfect defenses, but about increasing the cost and complexity of attack.

Security leaders should also invest in ongoing identity posture assessment rather than treating resilience as a one-time project. Regular reviews of permissions, exposures, configuration weaknesses and recovery readiness can help teams address low-hanging fruit before it develops into a more serious incident.

Strengthening identity resilience will require disciplined execution of the fundamentals: reducing unnecessary privilege, tightening governance, improving visibility and remediating the conditions that make compromise easier. These measures should not be viewed as routine technical maintenance, but as foundational to cyber resilience, operational continuity and organizational trust.

Share:

PreviousNEC Asia Pacific to Showcase Trusted Public Safety and Digital Identity Innovations at Milipol TechX 2026
NextHow SMEs can turn cyber “sins” into NIST-aligned best practices

Related Posts

Protecting operational technology requires public-private synergies

Protecting operational technology requires public-private synergies

Wednesday, October 2, 2019

Thailand’s largest mobile network exposed 8 billion Internet records

Thailand’s largest mobile network exposed 8 billion Internet records

Friday, May 29, 2020

Bridging the enterprise cybersecurity gaps

Bridging the enterprise cybersecurity gaps

Tuesday, January 7, 2020

Data privacy – from understanding to believing to enforcing

Data privacy – from understanding to believing to enforcing

Wednesday, November 20, 2019

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Cyber threats have become more frequent and sophisticated, targeting organizations of all sizes across all …Download Whitepaper
  • Zero Trust Made Simple: Why it matters and how to get started

    Zero Trust Made Simple: Why it matters and how to get started

    Data breaches and cyberattacks are no longer limited to large, high-profile organizations.Download Whitepaper
  • Cloud Secure Edge: Remote access, better security

    Cloud Secure Edge: Remote access, better security

    ​SonicWall Cloud Secure Edge™ is a modern, cloud-native Security Service Edge (SSE) solution that addresses …Download Whitepaper
  • Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • How a Vietnamese D2C retailer built its own secure digital infrastructure

    How a Vietnamese D2C retailer built its own secure digital infrastructure

    Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
  • Cyber protection for medical clinics in Singapore

    Cyber protection for medical clinics in Singapore

    As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
  • India’s WazirX strengthens governance and digital asset security

    India’s WazirX strengthens governance and digital asset security

    Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
  • Bangladesh LGED modernizes communication while addressing data security concerns

    Bangladesh LGED modernizes communication while addressing data security concerns

    To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

  • Sparsa AI Launches Sovereign Enterprise AI Platform with Global Deployment at QNET

    Wednesday, July 8, 2026
    The Sparsa AI Enterprise Operating …Read More »
  • Conifers AI Opens Singapore Data Region, Bringing Local Data Residency to Asia-Pacific Security Teams

    Wednesday, July 8, 2026
    With data regions now spanning …Read More »
  • DXC Opens Flagship AI-first Customer Experience Center in Bengaluru

    Tuesday, July 7, 2026
    Strengthens DXC’s India presence with …Read More »
  • D-Link Brings Advanced AI Fall Detection and Privacy Protection to Home Elderly Care with the New DCS-8610 Wi-Fi Camera

    Monday, July 6, 2026
    Advanced technologies traditionally found in …Read More »
  • ICAC Commissioner attends first IAACA European regional anti-corruption conference in Hungary

    Friday, July 3, 2026
    BUDAPEST, Hungary, July 2, 2026 …Read More »
  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2026 CybersecAsia All Rights Reserved.