Cybersecurity News in Asia

Mitigating the human factor in the critical battleground of AI-powered cybersecurity risks

By David Sajoto, Vice President and General Manager (Asia-Pacific and Japan), Mimecast | Tuesday, October 21, 2025, 1:43 PM Asia/Singapore

Even the most sophisticated cyber defenses may fail if human behavior is overlooked. Find out how to mitigate this critical factor.

When a cyber incident occurs, the instinctive reaction for many organizations is to invest in the latest tools: advanced firewalls, AI-driven threat detection, and endpoint protection.

While technology remains essential, the decisive battleground is often not in the hardware, but in the human factors.

Over the years numerous surveys and reports have linked cyber weaknesses to the daily decisions, habits, and actions of employees to the most exploited vulnerabilities. For example: systemic behavioral gaps, employees turning to unapproved AI tools, sharing sensitive data, or bypassing safeguards.

Closing this human risk gap is just as critical as deploying advanced defenses.

Why the human layer is under siege

Cyber attackers now recognize that it is far easier to manipulate people than break hardened systems.

At the same time, employees operate in increasingly complex digital environments. Hybrid work, global collaboration, and the explosion of productivity tools mean sensitive data moves outside traditional perimeters. Shadow AI is rising as employees turn to consumer AI tools to speed their work, often bypassing corporate security controls.

These dynamics create fertile ground for attackers: they do not need to breach systems when they can exploit human behaviour instead.

Training alone is not enough

For years, organizations have relied on annual awareness training or generic phishing simulations. These programs may satisfy regulators, but they rarely result in lasting behavior change. Employees may remember a lesson for a few weeks, but under pressure, old habits can return.

Since one-off training cannot keep pace with the evolving sophistication of attacks, the solution lies in continuous and adaptive interventions:

Employees handling financial transactions should be regularly exposed to simulations mimicking business email compromise attempts.
Teams experimenting with AI tools need targeted guidance on what information should never be input into unvetted platforms.
Security teams should track the time employees take to report suspicious emails, reductions in policy violations, and declining click-through rates on risky links. These measures provide concrete evidence of improvement and allow leaders to refine interventions based on outcomes, not assumptions

The goal is not just to instill awareness: it is to cultivate measurable, real-world behavioral change.

From awareness to actionable behavioral analytics

By monitoring patterns in how employees interact with communications and systems, organizations can tap behavioral analytics to bridge the gap between knowledge and action.

For instance, repeated interactions with suspicious emails, delayed reporting of phishing attempts, or frequent bypassing of established communication procedures — can all be signals of potential risk.

Importantly, this approach is not about creating a culture of surveillance. Employees need to understand what is measured and why.

Also, behavioral analytics should guide interventions such as targeted coaching, tailored awareness training, or reminders that reinforce safe behaviour, rather than punishment. The aim is to empower employees to act safely while providing security teams with actionable insight.

Addressing the human layer is therefore not just a technical concern: it is a strategic imperative. Building resilience in the human layer strengthens the overall security posture and creates a workforce that is vigilant and informed.

Practical steps for CISOs

Securing the human layer requires more than training. CISOs should focus on five interconnected priorities:

Instituting continuous, role-based training that adapts to evolving threats. One-off modules are replaced with scenario-based lessons delivered when and where employees need them
Leveraging behavioral analytics to track anomalies, flag potential lapses, and reinforce safe behavior
Mandating AI governance that enforces access controls, sets clear policies, and educates employees on safe AI usage, closing the shadow AI gap
Establishing a security-first corporate culture that encourages reporting without fear, rewards vigilance, and integrates cybersecurity into everyday operations
Aligning with regulatory policies and ensuring that training reflects local compliance requirements and industry best practices

These measures transform the human layer from a liability into a strategic asset, aligning behavior, technology, and governance to mitigate risk.

In 2025, the most effective firewall is not built from code or silicon. It is shaped by human judgement, culture, and the decisions employees make every day. Technology alone cannot prevent breaches: even the most sophisticated systems fail if human behavior is overlooked.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
2024 Insider Threat Report: Trends, Challenges, and Solutions
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
AI-Powered Cyber Ops: Redefining Cloud Security for 2025
The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
Data Management in the Age of Cloud and AI
In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper

Middle-sidebar-banner

Case Studies

Cyber protection for medical clinics in Singapore
As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
India’s WazirX strengthens governance and digital asset security
Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
Bangladesh LGED modernizes communication while addressing data security concerns
To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more
What AI worries keep members of the Association of Certified Fraud Examiners sleepless?
This case study examines how many anti-fraud professionals reported feeling underprepared to counter rising AI-driven …Read more

Bottom sidebar

Other News

VIVOTEK Accelerates AI Innovation Through Network Optix Platform Integration
Saturday, March 14, 2026
TAIPEI, March 12, 2026 /PRNewswire/ …Read More »
Tencent Cloud Unveils AI-Powered Gaming Solutions at GDC 2026, Transforming Connection, Creation, and Security for the Future of Games
Friday, March 13, 2026
The Latest GVoice Brings Revolutionary …Read More »
TXOne Networks Showcases TXOne Complete at S4x26, Advancing the Full OT Security Journey for Channel Partners
Thursday, March 12, 2026
The operations-first OT security partner …Read More »
Globe Teleservices Announces Partnership with Myanma Posts and Telecommunications to Enhance Secure Messaging and Customer Experience
Thursday, March 12, 2026
SINGAPORE, March 11, 2026 /PRNewswire/ …Read More »
Coremail Shares Insights on Strengthening Enterprise Email Security Amid Evolving Threats
Thursday, March 12, 2026
BANGKOK, March 11, 2026 /PRNewswire/ …Read More »

Featured

Building trust in Asia’s financial sector with digital identity innovations

Featured

IoT trends APAC enterprises cannot ignore in 2026

Featured