Steven Scheurmann, Regional Vice President (ASEAN), Palo Alto Networks

In terms of specific threats, our research has uncovered the region’s top cyber threats:

    • malware attacks (60%), which underscore the importance of robust endpoint protection, regular updates, and user awareness
    • password attacks (51%), which highlight the necessity of multifactor authentication and secure password management practices
    • account takeovers (51%), which demonstrate the need for continuous monitoring, threat intelligence, and proactive incident response
    • attacks on the public sector and critical infrastructure, which had direct implications for national security, economic stability, regional interconnectivity. The consequences of such attacks on these sectors can be far-reaching and have long-term effects on both individual nations and the region as a whole. These attacks emphasize the significance of strategic investments in cybersecurity, cross-sector collaboration, and the development of resilient, robust systems to safeguard national security and economic stability.

SS: From our research, the top three cybersecurity strategies our customers across the region wanted to incorporate were:

    • adopting cloud security (44%)
    • identity and access management (40%)
    • securing IoT/OT (40%)

SS: We foresee the following:

    • AI will be leveraged for the execution of attacks. Organizations embracing AI should exercise caution regarding potential vulnerabilities like model poisoning, data leakage, prompt injection attacks, and similar threats.
    • The exploitation of innovation gaps is expected to persist as AI continues to gain traction for legitimate use cases. Addressing this challenge involves the implementation of comprehensive security controls, robust vulnerability management, and vigilant threat monitoring across the entire lifecycle of AI development projects.
    • Also, how well organizations secure operational technology (OT) will be a critical determinant for the region’s landscape. While some organizations believe that OT environments are safeguarded by an air gap, the evolving landscape reveals a significant IT/OT convergence, connecting OT systems more extensively to the cloud. This intricate connectivity not only broadens the attack surface but also substantially elevates the risk associated with OT networks. Consequently, a trend will emerge whereby organizations allocate resources towards enhancing the maturity of their Operational Technology (OT) cybersecurity to safeguard crucial business systems to effectively manage the heightened risks.Consolidation of cybersecurity tools will also be an imperative

SS: Organizations should strive for the following:

    • Maintain a proactive approach in cyber defense by consistently evaluating and adjusting the risk profile in alignment with the dynamic threat landscape. With the evolving sophistication of bad actors, vigilance is the key.
    • Utilize AI to supplement security. With AI and automation, analysts can process and analyze large volumes of data more quickly. These tools identify patterns to indicate potential threats before an attack occurs, thereby increasing efficiency by automating repetitive and time-consuming tasks.
    • Prioritize investments in cloud security to protect digital assets stored and processed in cloud environments. Although the Cloud offers exceptional agility and efficiency, it introduces major security risks that have become increasingly widespread — according to our own data 80% of security exposures are found in cloud environments, which can result in large-scale breaches.
    • Focus on OT cybersecurity maturity to safeguard critical business systems, effectively manage heightened risks, and ensure the resilience of essential operations. The best overall practice organizations can implement is Zero Trust measures.
    • do away with disjointed cybersecurity tools and prioritize streamlining their security measures. They should recognize the significance of adopting consolidated cybersecurity stacks, promoting a holistic and efficient approach to threat prevention and mitigation.