Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
The cyber incident that is too “isolated” to accentuate to mass media...
Sparsa AI Launches Sovereign Enterprise AI Platform with Global Deploy...
Conifers AI Opens Singapore Data Region, Bringing Local Data Residency...
Finally taken down: Residential proxy network of at least 2m smart dev...
DXC Opens Flagship AI-first Customer Experience Center in Bengaluru
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      S E Asia governments targeted by cyber-espionage group

      S E Asia governments targeted by cyber-espionage group

      Tuesday, June 23, 2026, 8:00 AM Asia/Singapore | Features
    • Featured

      Rethinking network and infrastructure design for resilience

      Rethinking network and infrastructure design for resilience

      Thursday, June 18, 2026, 2:17 PM Asia/Singapore | Features
    • Featured

      Bringing cybercriminals to justice in APAC

      Bringing cybercriminals to justice in APAC

      Thursday, June 11, 2026, 10:30 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • AWARDS 2026
  • Directory
  • E-Learning

Select Page

Features

Organizations are facing a new identity crisis

By Victor Ng | Tuesday, July 30, 2024, 1:53 PM Asia/Singapore

Organizations are facing a new identity crisis

JM: The Principle of Least Privilege is the practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform legitimate functions for the time needed to complete the task. It is a timeless security concept that is just as effective today as when it was first discussed over 40 years ago.

While technology and cyber-attacks continue to get more sophisticated the reality is that all attacks rely heavily on the privileges of the account, application or user that they compromise. Even in the case of zero-day exploits – where an attacker leverages a previously unknown vulnerability – minimizing the privileges associated with the system or user being targeted can vastly limit the impacts of the attack.

In modern complex IT environments it is crucial to gain visibility across an organization’s identity fabric, to uncover all the identities, accounts and privileges in order to continuously drive towards least privilege and understand the identity attack surface. IAM and security teams are in a far stronger position to defend and mitigate the risks associated with sophisticated identity-related attacks when they have this visibility and the tools in place to protect paths to privilege.

What should organizations in APAC do to provide visibility and protection in the context of identity security?

JM: Having a robust Privileged Access Management strategy is essential for organizations to mitigate cybersecurity threats. This includes both removing and securing privileges. Our reports have previously shown that historically 75% of Microsoft critical vulnerabilities can be mitigated through the removal of local admin rights and the controlling of process execution. It is equally important that credentials associated with highly privileged accounts are rotated regularly or cannot be reused. This lowers the possibility of successful password spraying attacks using credentials that have been stolen or re-used.

Identity threats cross domains and organizational silos, we are seeing greater numbers of identity-related attacks start in the cloud and then migrate to on-premise or vice-versa. This means it is critical for security teams to have a unified, cross-domain view of their identity estate, including identity providers (IdP), cloud providers, SaaS applications, etc., to identify hidden threats and indirect paths to privilege that can be leveraged by attackers.

What are some trends in cybersecurity that organizations in APAC should take note of in the second half of the year?

JM: Many of the trends we see for the remainder of 2024 are the continuation of existing trends, but with potentially greater sophistication.

Ransomware continues to be a thorn in the side of many businesses and governments across the region. In the first part of the year we saw a significant increase in ransomware attacks in the Philippines while last month it was reported that a variation on the Lockbit ransomware was being used in attacks on Philippine government systems.

Earlier this year the Cyber Security Agency of Singapore (CSA) released its annual cybersecurity health report that identified ransomware as the number one cause of cyber incidents for Singaporean businesses.

As cyber-defenders we need to remember that ransomware is not magic. It can only leverage the privileges of the user or application that launches it. That is why enforcing least privilege is so important in defending against this type of attack.

Supply chain attacks, where attackers utilize the access provided to suppliers or contractors of their actual target, to gain initial access are also continuing. It is a problem that has been called out by the likes of the Australian Prudential Regulatory Authority (APRA), the government agency overseeing the financial services sector in Australia.

We have seen across the Asia Pacific region attacks where third-party access to systems – often via VPN – have been leveraged to steal and encrypt sensitive customer data. Organizations need to implement more secure remote access solutions that again limit the privileges available to contractors and suppliers to just those needed to complete the task but can also log and help identify potential attacks.

Finally, while much has been made of AI providing greater sophistication and scale to cyber-attacks, we are also going to see a greater use of AI to help us defend against attacks and make our defenses more robust. As mentioned earlier, for example, we can already use AI to help uncover hidden threats or paths to privilege within our identity estate.

Pages: 1 2

Share:

PreviousTake-up rate for Australia’s myGov passkey protection can be better
NextThe logistics industry is always in the crosshairs of cybercriminals. Why?

Related Posts

Regaining control over personal data

Regaining control over personal data

Monday, September 23, 2019

Five-fold increase in WFH threats – Where are the cybersecurity talents?

Five-fold increase in WFH threats – Where are the cybersecurity talents?

Wednesday, July 22, 2020

Integrating AI tools into business without unnecessary cyber risks

Integrating AI tools into business without unnecessary cyber risks

Tuesday, May 28, 2024

Not another story on AI vs AI! The human twist to phishing’s rising impact

Not another story on AI vs AI! The human twist to phishing’s rising impact

Wednesday, March 26, 2025

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Cyber threats have become more frequent and sophisticated, targeting organizations of all sizes across all …Download Whitepaper
  • Zero Trust Made Simple: Why it matters and how to get started

    Zero Trust Made Simple: Why it matters and how to get started

    Data breaches and cyberattacks are no longer limited to large, high-profile organizations.Download Whitepaper
  • Cloud Secure Edge: Remote access, better security

    Cloud Secure Edge: Remote access, better security

    ​SonicWall Cloud Secure Edge™ is a modern, cloud-native Security Service Edge (SSE) solution that addresses …Download Whitepaper
  • Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • How a Vietnamese D2C retailer built its own secure digital infrastructure

    How a Vietnamese D2C retailer built its own secure digital infrastructure

    Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
  • Cyber protection for medical clinics in Singapore

    Cyber protection for medical clinics in Singapore

    As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
  • India’s WazirX strengthens governance and digital asset security

    India’s WazirX strengthens governance and digital asset security

    Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
  • Bangladesh LGED modernizes communication while addressing data security concerns

    Bangladesh LGED modernizes communication while addressing data security concerns

    To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

  • Sparsa AI Launches Sovereign Enterprise AI Platform with Global Deployment at QNET

    Wednesday, July 8, 2026
    The Sparsa AI Enterprise Operating …Read More »
  • Conifers AI Opens Singapore Data Region, Bringing Local Data Residency to Asia-Pacific Security Teams

    Wednesday, July 8, 2026
    With data regions now spanning …Read More »
  • DXC Opens Flagship AI-first Customer Experience Center in Bengaluru

    Tuesday, July 7, 2026
    Strengthens DXC’s India presence with …Read More »
  • D-Link Brings Advanced AI Fall Detection and Privacy Protection to Home Elderly Care with the New DCS-8610 Wi-Fi Camera

    Monday, July 6, 2026
    Advanced technologies traditionally found in …Read More »
  • ICAC Commissioner attends first IAACA European regional anti-corruption conference in Hungary

    Friday, July 3, 2026
    BUDAPEST, Hungary, July 2, 2026 …Read More »
  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2026 CybersecAsia All Rights Reserved.