With hybrid and remote work becoming commonplace, browsers are fast becoming the weakest link in the cyber chain due to inadequate security controls. Across organisations in APAC, security gaps are already emerging as they struggle to manage both managed and unmanaged devices. On top of these concerns, AI is also changing the attack dynamics with threat actors using AI to automate and streamline their attack campaigns.
What are the evolving cyber threats over the past months, and why are some of the threat actors succeeding? iTNews Asia hears from Steven Scheurmann, Regional Vice President (ASEAN), Palo Alto Networks, on the best strategies to counter them.
iTNews Asia: How do you see the cyber threat landscape evolving globally and in APAC in 2025?
Scheurmann: Businesses across the Asia Pacific region are dealing with increasingly complex cybersecurity challenges that are growing in scale, sophistication, and impact.
Cybercriminals are leveraging automation and streamlined hacker toolkits. The 2025 Global Incident Response Report by Unit 42 Palo Alto Networks found that nearly one in five cases, data was removed from organisations in less than an hour — this is a stark indication that attacks are becoming rapid and more difficult to counter.
At the same time, attacks are also becoming more sophisticated. Cybercriminals are using a combination of tactics, techniques, and procedures to target multiple areas at once, making it harder for traditional, siloed security tools to defend effectively.
iTNews Asia: Are businesses in the region increasingly vulnerable and struggling as threats multiply and become more complex and evasive?
Scheurmann: Three key shifts are happening in modern workplaces today: we are seeing increased remote work adoption, the growing use of a mixture of managed and unmanaged devices, and explosive growth in SaaS usage. These applications are often accessed via browsers; Omdia and Palo Alto Networks’ 2025 State of Workforce Security report revealed that the majority or 80 percent of our daily work occurs through browsers. The attack surface is expanding and creating more entry points to exploit.
At the same time, critical visibility gaps are emerging as enterprises struggle to manage both managed and unmanaged devices. Traditional security tools are often unevenly deployed, leaving gaps in protection. The Unit 42 report revealed that security tool issues contributed to nearly half of breaches today, allowing attackers to move laterally and escalate privileges undetected.
Lastly, AI is fundamentally changing attack dynamics and is being used to automate and streamline attack campaigns, create polymorphic malware, and exploit vulnerabilities even faster.
In fact, Generative AI (GenAI) is already being used to craft better and more convincing phishing attacks; we are now seeing a growing number of successful phishing attempts when emails are written or rewritten by GenAI.
iTNews Asia: How are threat actors evolving their tactics? Are they moving beyond traditional ransomware and data theft and focusing on business disruption?
Scheurmann: As cyber hygiene across enterprises matures, threat actors have evolved from encryption, to exfiltration and multi-extortion techniques, to intentional business disruption. Cybercriminals are now focused on more disruptive tactics that cause operational downtime, reputational damage, and financial losses beyond just encrypting data. Last year, more than four in five of the incidents that Unit 42 responded to had impact-related losses.
In addition, threat actors are continuously increasing the speed, scale, and sophistication of their attacks as well as attacking on multiple fronts. In many incidents, threat actors attacked their intended victim across three or more fronts. Humans continue to be the weakest cybersecurity link in any organisation as phishing attacks remain a highly effective initial access vector.
Many employees are falling victim to phishing, malicious redirects, and undetected malware downloads due to inadequate browser security controls.
- Steven Scheurmann, Regional Vice President (ASEAN), Palo Alto Networks
iTNews Asia: In what situations are the threat actors’ tactics proving the most effective, and why are they succeeding?
Scheurmann: Threat actors are succeeding as organisations often lack comprehensive visibility across their IT estates, data shared in SaaS applications and AI tools, encrypted traffic, and activities on unmanaged devices as a result of BYOD policies. This lack of visibility hinders their ability to detect malicious activity and respond effectively.
iTNews Asia: With hybrid and remote work becoming commonplace, have browsers become the weakest link in the chain? Why are traditional/existing security control methods for browsers not working, and what should we do to make our browsers more secure?
Scheurmann: Most of our daily work happens in a web browser on managed device. This has led to attackers employing increasingly sophisticated web-based attacks, including more convincing phishing attempts leveraging Gen AI, drive-by download attacks, and malicious extensions. Traditional anti-phishing technologies like URL filtering at the network level may not be enough.
Organisations can improve browser security by treating browsers as critical security control points and implementing browser security across all devices, whether managed or unmanaged. This can include adopting enterprise-grade browsers with centralised security management, malware protection, data loss prevention, and enhanced visibility into user activities.
iTNews Asia: Even if an organisation has advanced security controls, it is still susceptible to cyberthreats. Research from Omdia found that, despite major budget allocation for point solutions like secure web gateways, mobile device management (MDM) and endpoint protection, security incidents still occur. What are businesses missing or not doing right?
Scheurmann: Many businesses remain vulnerable to threats as security controls have been deployed inconsistently across their IT infrastructure. Further, this patchwork approach to security is compounded by siloed security systems that lack integration and limit enterprise-wide visibility. Cybercriminals are then able to exploit these visibility gaps.
Many companies also underestimate the browser as a critical security control point, even though it is central to modern work. Similarly, unmanaged and BYOD devices represent a growing blind spot in security postures.
They are also struggling to adapt to increasingly sophisticated threats, including AI-powered and multi-stage attacks. There also needs to be a balance between security and productivity. Often when employees feel that security measures are impeding their workflow, they create risky workarounds, increasing exposure.
iTNews Asia: How should businesses change their cyber security strategy and approach to better anticipate and defend against AI-assisted attacks?
Scheurmann: Businesses need to adopt a proactive cybersecurity strategy to stay ahead of AI-assisted attacks. First, leveraging AI-powered security tools is essential. By integrating AI, deep learning, machine learning, and GenAI capabilities into their defense systems, organisations can enhance real-time threat detection, behavioural analysis, and automated responses to identify and mitigate attacks more swiftly.
Next, securing the browser becomes crucial. Since the browser is a common entry point for AI-driven phishing attacks, organisations should adopt secure browser solutions that incorporate AI to detect and defend against web-based threats while extending Zero Trust principles to all endpoints. Zero Trust principles minimise the impact of successful AI-assisted attacks through strict verification, least privilege access, and constant monitoring.
Another critical step is implementing a unified security platform. The increasing sophistication of AI-assisted attacks calls for moving away from siloed solutions toward an integrated system. These platforms continuously analyse data across networks, endpoints, cloud environments, and encrypted traffic to detect hidden threats and patterns of potential AI-driven attacks.
