Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Cohesity Launches New Partner Program to Accelerate Partner Success
Experts weight in on Singapore’s response to UNC3886
Urgent mitigation urged for on-premises users of an endpoint security ...
VIVOTEK’s VORTEX Cloud Solution Enhances Efficiency and Security...
Do corporations know the various AI risks that come with insufficient ...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      Experts weight in on Singapore’s response to UNC3886

      Experts weight in on Singapore’s response to UNC3886

      Friday, August 8, 2025, 10:45 PM Asia/Singapore | Features, Newsletter, Opinions
    • Featured

      When legitimate URLs lead to dangerous destinations

      When legitimate URLs lead to dangerous destinations

      Wednesday, August 6, 2025, 11:04 AM Asia/Singapore | Features
    • Featured

      Securing trust in a digitally ambitious Singapore

      Securing trust in a digitally ambitious Singapore

      Tuesday, August 5, 2025, 10:19 AM Asia/Singapore | Features, Newsletter, Tips
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

LOGIN REGISTER
  • Features
    • Featured

      Experts weight in on Singapore’s response to UNC3886

      Experts weight in on Singapore’s response to UNC3886

      Friday, August 8, 2025, 10:45 PM Asia/Singapore | Features, Newsletter, Opinions
    • Featured

      When legitimate URLs lead to dangerous destinations

      When legitimate URLs lead to dangerous destinations

      Wednesday, August 6, 2025, 11:04 AM Asia/Singapore | Features
    • Featured

      Securing trust in a digitally ambitious Singapore

      Securing trust in a digitally ambitious Singapore

      Tuesday, August 5, 2025, 10:19 AM Asia/Singapore | Features, Newsletter, Tips
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning
Features

Organizations are facing a new identity crisis

By Victor Ng | Tuesday, July 30, 2024, 1:53 PM Asia/Singapore

Organizations are facing a new identity crisis

JM: The Principle of Least Privilege is the practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform legitimate functions for the time needed to complete the task. It is a timeless security concept that is just as effective today as when it was first discussed over 40 years ago.

While technology and cyber-attacks continue to get more sophisticated the reality is that all attacks rely heavily on the privileges of the account, application or user that they compromise. Even in the case of zero-day exploits – where an attacker leverages a previously unknown vulnerability – minimizing the privileges associated with the system or user being targeted can vastly limit the impacts of the attack.

In modern complex IT environments it is crucial to gain visibility across an organization’s identity fabric, to uncover all the identities, accounts and privileges in order to continuously drive towards least privilege and understand the identity attack surface. IAM and security teams are in a far stronger position to defend and mitigate the risks associated with sophisticated identity-related attacks when they have this visibility and the tools in place to protect paths to privilege.

What should organizations in APAC do to provide visibility and protection in the context of identity security?

JM: Having a robust Privileged Access Management strategy is essential for organizations to mitigate cybersecurity threats. This includes both removing and securing privileges. Our reports have previously shown that historically 75% of Microsoft critical vulnerabilities can be mitigated through the removal of local admin rights and the controlling of process execution. It is equally important that credentials associated with highly privileged accounts are rotated regularly or cannot be reused. This lowers the possibility of successful password spraying attacks using credentials that have been stolen or re-used.

Identity threats cross domains and organizational silos, we are seeing greater numbers of identity-related attacks start in the cloud and then migrate to on-premise or vice-versa. This means it is critical for security teams to have a unified, cross-domain view of their identity estate, including identity providers (IdP), cloud providers, SaaS applications, etc., to identify hidden threats and indirect paths to privilege that can be leveraged by attackers.

What are some trends in cybersecurity that organizations in APAC should take note of in the second half of the year?

JM: Many of the trends we see for the remainder of 2024 are the continuation of existing trends, but with potentially greater sophistication.

Ransomware continues to be a thorn in the side of many businesses and governments across the region. In the first part of the year we saw a significant increase in ransomware attacks in the Philippines while last month it was reported that a variation on the Lockbit ransomware was being used in attacks on Philippine government systems.

Earlier this year the Cyber Security Agency of Singapore (CSA) released its annual cybersecurity health report that identified ransomware as the number one cause of cyber incidents for Singaporean businesses.

As cyber-defenders we need to remember that ransomware is not magic. It can only leverage the privileges of the user or application that launches it. That is why enforcing least privilege is so important in defending against this type of attack.

Supply chain attacks, where attackers utilize the access provided to suppliers or contractors of their actual target, to gain initial access are also continuing. It is a problem that has been called out by the likes of the Australian Prudential Regulatory Authority (APRA), the government agency overseeing the financial services sector in Australia.

We have seen across the Asia Pacific region attacks where third-party access to systems – often via VPN – have been leveraged to steal and encrypt sensitive customer data. Organizations need to implement more secure remote access solutions that again limit the privileges available to contractors and suppliers to just those needed to complete the task but can also log and help identify potential attacks.

Finally, while much has been made of AI providing greater sophistication and scale to cyber-attacks, we are also going to see a greater use of AI to help us defend against attacks and make our defenses more robust. As mentioned earlier, for example, we can already use AI to help uncover hidden threats or paths to privilege within our identity estate.

Pages: 1 2

Share:

PreviousTake-up rate for Australia’s myGov passkey protection can be better
NextThe logistics industry is always in the crosshairs of cybercriminals. Why?

Related Posts

Are existing crisis management strategies outdated?

Are existing crisis management strategies outdated?

Friday, March 8, 2024

Will AI play a bigger role in India’s cyber defense strategy this year?

Will AI play a bigger role in India’s cyber defense strategy this year?

Tuesday, February 11, 2025

Digitalization without data security – a recipe for vulnerability

Digitalization without data security – a recipe for vulnerability

Tuesday, July 19, 2022

Balancing the need for great digital experiences while keeping threats away

Balancing the need for great digital experiences while keeping threats away

Wednesday, March 10, 2021

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • PT Kereta Api Indonesia announces nationwide email and communication overhaul

    PT Kereta Api Indonesia announces nationwide email and communication overhaul

    The state railway operator’s upgraded email system improves privacy, operational reliability, and regulatory alignment for …Read more
  • Operationalizing sustainability in cybersecurity: Group-IB’s approach

    Operationalizing sustainability in cybersecurity: Group-IB’s approach

    See how the firm turned malware-group takedowns into measurements of sustainability and resilience gains: by …Read more
  • Thai government expands secure email management to close cybersecurity gaps

    Thai government expands secure email management to close cybersecurity gaps

    New measures address cybersecurity gaps in public sector communications, deploying advanced protections and operational support …Read more
  • How Iress optimized global DevSecOps

    How Iress optimized global DevSecOps

    Scaling compliance, security & efficiency – while seamlessly migrating to the cloud – with JFrog.Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.