Know the three pillars of a Defense-in-Depth strategy that addresses persistent manufacturing IT/supply chain vulnerabilities in the age of deepfakes.

Across Asia’s dynamic digital landscape — from the financial centers of major cities to emerging markets in South-east Asia — a new reality is dawning. We have entered an era where “seeing is no longer believing.”

Consider a recent attack where hackers infiltrated a major airline’s systems not through complex code, but by using an AI-generated deepfake voice to trick a single employee at a third-party call center. The result was millions of compromised records — one voice, one employee, vast breach impact.

This is not an isolated scare story: it marks a growing normalcy. With deepfakes, the digital battlefield has fundamentally changed, and the stakes for the regional digital economy could not be higher.

The exploding threat landscape
Data from regional cybersecurity centers reveal alarming trends. In one major jurisdiction alone, over 11,000 security incidents were handled in the first three quarters of 2025, with phishing attacks comprising more than half.

The catalyst for this rapid escalation is AI, which has flipped the cybersecurity game on its head. This is no longer a battle of people versus people; it is AI fighting AI: a reality that reshapes defence strategies and priorities.

The threat extends beyond traditional IT systems into the rapidly expanding AIoT ecosystem. From smart manufacturing sensors to autonomous logistics vehicles and remote healthcare monitoring, AIoT applications are transforming industries across the region.

However, widespread security neglect in IoT deployments remains a critical concern. Many IoT administrators still use weak password hashing and lack proper update mechanisms, allowing attackers to compromise entire content management systems and hijack device functionalities. This reflects a structural gap where the speed of digital innovation outpaces security maturity, especially among small- and medium- sized enterprises (SMEs).

Introducing the Defense-in-Depth Strategy

Faced with this asymmetric threat, relying on a single-point solution is a fallacy. Defense must be as layered and interconnected as the attacks themselves.

This is why a three-pillar strategy constitutes a blueprint for creating a resilient digital ecosystem:

Pillar 1: Establish ethical AI frameworks and governance The first layer is principled defence. Emerging regional guidelines provide organizations with blueprints to harness AI’s defensive potential through proactive threat hunting and automated response, while ensuring accountability, transparency, and fairness.

In the AIoT domain, advocating for “Security by Design” from the initial product concept phase is essential. Aligning with international standards like ISO/IEC 27001 and ETSI EN 303 645 establishes a robust security baseline, with local guidance helping adapt these standards regionally.

Ethical AI frameworks are not regulatory hurdles but competitive advantages. Demonstrating trustworthy AI builds foundations for cross-border digital trade and innovation, setting adaptable security standards across cities and regions.

Pillar 2: Fortify the entire supply chain, not just the core The second layer addresses the weakest link: the extended digital supply chain. While fortifying critical infrastructure is vital, empowering the broader ecosystem, including SMEs, is crucial.

AIoT landscape vulnerabilities can cascade through ecosystems. Many IoT devices have default credentials, weak encryption, or lack timely updates, creating entry points for attackers.

Practical grassroots initiatives like privacy toolkits, clear compliance guidance, and connecting resource-limited businesses to vetted security experts help close gaps. Strengthening every supply chain link improves overall ecosystem security.

Pillar 3: Empower the human firewall as the ultimate defence The third and most critical layer is the human element. Despite AI and automation, people remain the strongest defence. Human intuition is key to spotting and preventing attacks such as deepfakes and phishing.

Security awareness must span the entire product lifecycle. Training and certification equip developers, operators, and users to identify risks and safeguard systems. Regional and international collaborations facilitate knowledge sharing and security consultations.

Investment in technology must be matched by investment in continuous human training, realistic simulations, and a culture of cyber vigilance. For every emerging AI-driven threat, skilled professionals acting as the “Human Firewall” are the final, most resilient barrier.

Building resilience and innovation regionally

There is no magic bullet, but there is a proven path of layered resilience.

The challenge between rapid innovation and stringent security in AIoT can be resolved through Security by Design principles. Integrating security testing and updates into rapid development cycles, along with shared security platforms and vulnerability databases, allows innovation on security itself rather than constraining progress.

The vision is of smart cities and industries where Security by Design is embedded in all aspects, from smart lamp posts to delivery drones — with built-in security features, real-time monitoring, and self-healing capabilities. Achieving this requires agile policymaking, cross-industry collaboration, and forward-looking education.

By establishing ethical frameworks, fortifying our collective supply chain, and empowering our people, the region can build a digital future that is innovative, prosperous, and fundamentally secure.