Few shifts in the history of business IT have been as game-changing as the move to hybrid and multi-cloud environments. From boosting scalability and flexibility to opening new doors for innovation, hybrid cloud strategies are now a cornerstone of modern IT. Unsurprisingly, the Asia-Pacific (APAC) region is accelerating this trend – with IDC reporting that over 90 percent of newly developed applications by APAC organisations set to be multi-cloud enabled by 2028.
However, the shift to the cloud is not without its challenges.
As organisations tap into more diverse data environments, they face an inevitable challenge: managing a rapidly increasing volume of data distributed across multiple devices and networks. What follows is a reduction in visibility and control over where their data resides, along with uncertainty about the security measures of third-party cloud services.
Cyberattackers are aware of these multi-cloud security vulnerabilities and are increasingly zeroing in to exploit these gaps. Concerningly, threat actors are now leveraging AI to accelerate and scale their attacks, from automating the lateral movement and targeting sensitive data, to using AI for credential abuse, such as bypassing authentication controls or mimicking user behaviour.
Ransomware threats have also escalated. According to a 2024 report by IDC, cybercriminals are deploying more advanced tactics like double extortion, where data is exfiltrated before encryption to ramp up pressure and demand bigger payoffs.
The risk is tangible: in Singapore, three out of four organisations hit by ransomware attacks in 2024 found that attackers had partially compromised their backup and recovery systems.
With cloud-driven modernisation no longer optional but essential for maintaining competitiveness and agility, how can organisations effectively manage the cloud’s inherent risks to safeguard their data and ensure resilience amid evolving threats?
Adopting a data-first mindset
While many organisations are grappling with unprecedented data hazards arising from hybrid cloud environments, this topic remains alarmingly overlooked.
One of the primary issues lies in an over-dependence on cloud service providers. Although these vendors offer security infrastructure and data guardrails, they are often insufficient to cover multiple layers of an organisation’s cybersecurity comprehensively.
- Sheena Chin, Managing Director, ASEAN, Rubrik
Instead, this misconception might lead to a false sense of security, with organisations failing to maintain active oversight, enforce internal controls, or monitor vulnerabilities across their expanding cloud footprint.
Additionally, the absence of centralised management in complex multi-cloud environments further exacerbates security risks, as threats can more easily move undetected between systems. Fragmented visibility and inconsistent controls make it difficult to pinpoint vulnerabilities and respond to threats in real-time – which is precisely what cyberattackers count on to slip through the cracks.
What is needed is a well-defined, strategic cloud security framework that puts data at the centre. By continuously monitoring where sensitive data lives, who is accessing it, and how it is being used, organisations can surface high-risk exposures early, before they are weaponised. This data-first approach provides the visibility, control, and resilience required to stay ahead of modern cloud threats.
Take a page out of the attacker’s playbook
To stay resilient in today’s complex cyberthreat landscape, the first step is to think like a cyberattacker. Just as attackers work to identify and exploit an organisation’s most valuable data, businesses must race to stay one step ahead – by locating, classifying, and protecting their most sensitive information before it becomes a target.
This demands more than traditional perimeter defences. It requires establishing comprehensive visibility across the entire cloud footprint. Organisations need continuous, real-time visibility of where sensitive data resides, who has access to it, and how it is classified – whether it is personal identifiers, financial records, or proprietary business intelligence.
By leveraging AI-driven analytics, DevSecOps teams can further enhance this process by automating data discovery and risk scoring, detecting anomalies, and predicting potential attack paths with greater accuracy. This will also allow for better prioritisation of security efforts, supporting a layered defence strategy that mirrors the tactics and techniques used by cyberattackers.
But visibility is only part of the equation. When – not if – a breach event or ransomware attack occurs, the difference lies in how fast businesses can bounce back. With immutable backups, automated recovery workflows, and clean restore points, organisations can quickly recover critical data and maintain business continuity without compromising security posture.
Manage your cyber security threat proactively, like you will in a high stakes situation
Ultimately, in today’s digital landscape, cybersecurity is less a sprint and more like a high-stakes game of chess. Like grandmasters anticipating their opponent several steps ahead, organisations must do the same for their cybersecurity strategies – anticipating threats, closing gaps, and making bold, strategic defences.
The winning move is always made in advance. Victory will come to organisations that move beyond reactive defences and invest in proactive, data-centric security. This means understanding where sensitive data lives, how it is accessed, and when it is behaving abnormally, at all times. It also requires having the ability to isolate and clean data fast, even when attackers breach the front lines.
Only those who build resilience ahead of time by keeping visibility, intelligence, and recovery at the core of their defence will stand strong and claim checkmate every time.
Sheena Chin is Managing Director, ASEAN at Rubrik
