The increasingly complex and aggressive threat landscape in Asia Pacific calls for an integrated approach to resiliency, especially when critical infrastructure is targeted leveraging machine and application identities.
As 2025 approaches, governments and organizations across Asia Pacific are witnessing how cloud adoption and app modernization have brought along cyber risks that will continue to impact us in the coming year.
CybersecAsia finds out more from Norbert Kiss, Senior Vice President, Delinea, Asia Pacific, Delinea, about emerging cyberthreats in Asia Pacific and the business resiliency approaches governments and organizations should be taking, as well as the role identity and privileged access management (PAM) play in cyber-resiliency strategies.
What are some emerging cyberthreats APAC organizations should look out for?
Kiss: Organizations in APAC are facing an increasingly complex and aggressive threat landscape, partly driven by the rapid adoption of cloud technologies and app modernization.
Ransomware attacks are becoming more targeted and sophisticated, often employing social engineering techniques to exploit vulnerabilities. Advanced Persistent Threats (APTs) are on the rise, with nation-state actors focusing on critical infrastructure and intellectual property.
The rapid pace of cloud migration, particularly in countries like Indonesia, introduces vulnerabilities such as misconfigurations and weak security policies.
AI-powered attacks are also increasing, enabling cybercriminals to automate and scale their efforts, often targeting machine and application identities as much as individual users. Additionally, the growing use of IoT devices expands the attack surface, creating new challenges for cybersecurity teams.
Organizations in APAC must remain vigilant and proactive in adapting their security strategies to these evolving risks.
What are some of the latest technologies, approaches and measures that governments and organizations in APAC are employing to enhance cyber- and business resiliency, and how effective are they?
Kiss: Governments and organizations in APAC are rapidly embracing zero-trust architectures, which verify every access attempt to mitigate risks effectively.
AI and machine learning are being utilized to improve threat detection and reduce response times, with these technologies helping to identify unusual patterns in data and flag anomalies in real time.
While multi-factor authentication (MFA) is now widely used, many organizations are moving toward more sophisticated, context-aware implementations, requiring additional verification when anomalous activity is detected.
Governments are also enforcing stricter data protection regulations to drive businesses toward stronger security practices. These measures are proving effective, though continuous investment in advanced automation and identity-centric solutions is essential to meet evolving threats.
What should be some key CIO/CISO considerations for effective strategies in managing increasingly complex cyberthreats in an increasingly complex hybrid multi-cloud environment?
Kiss: CIOs and CISOs must tackle the complexity introduced by largescale cloud adoption and the modernization of applications across multiple clouds. As organizations increasingly rely on machine and application identities, security must adapt to address these new dynamics.
Integrating ITDR, CIEM, IGA, and PAM into a centralized security platform is essential for managing identity and access consistently across both on-premises and cloud environments. Encrypting sensitive data both in transit and at rest is critical, particularly when it moves between hybrid systems. Identity and access management strategies should focus on granular access controls and enforcing the principle of least privilege to secure systems effectively.
Automation plays a key role in addressing the volume and sophistication of cyber threats, reducing response times, and containing breaches more efficiently. Additionally, ongoing employee education is vital to prepare teams for recognizing and mitigating risks such as phishing attacks.
What is the role of PAM in this context? Why is it critical?
Kiss: Privileged Access Management (PAM) is vital in hybrid multi-cloud environments, especially in the APAC region where the rapid pace of cloud adoption and app modernization presents unique challenges.
PAM enforces strict control over privileged access, ensuring only authorized users can interact with sensitive systems and data. It also provides visibility into the activities of both human and machine identities, which is increasingly important as application modernization leads to more app-to-app and machine-to-machine interactions.
Sophisticated PAM solutions can dynamically adjust access, using multi-layered MFA to provide additional security when unusual behavior is detected.
Furthermore, PAM solutions simplify compliance by offering centralized monitoring and reporting, ensuring organizations can quickly identify and respond to potential threats.
As the APAC region scales its digital transformation efforts, PAM is critical to addressing these complexities and securing sensitive assets.
