The cybersecurity landscape looks increasingly precarious in 2025. Experts warn that cyberattacks will continue to escalate in both volume and sophistication, with more threats targeting digital infrastructure, sensitive data and weak supply chain links.
A primary concern is the growing use of AI by cybercriminals, which is expected to make attacks more prolific and harder to detect. AI-driven tools will not only automate cyberattacks but also enhance their precision, enabling attackers to exploit weaknesses faster and on a larger scale.
The shift to cloud computing, accelerated by the demands of remote work, AI integration, and the need for scalable data storage, further complicates security efforts. While the cloud offers flexibility and growth opportunities, businesses must ensure their digital assets are properly protected from breaches and vulnerabilities.
As we brace for another year where the threat landscape remains as insidious as ever, how proactive should our cybersecurity measures be? Do businesses and organisations need to change their security strategy and posture to better protect themselves and stay ahead of cybercriminals?
To shed light on the most pressing concerns and effective mitigation strategies, we spoke with cybersecurity experts who shared their insights into defending against emerging threats and strengthening digital resilience in the year ahead.
● William Oh, Director of Business Development, APAC, BlueVoyant
● Sunny Tan, Head of Security Business, East Asia, BT Business
● Clement Lee, Security Architect, APAC, Check Point Software Technologies
● Gareth Cox, Vice President, APJ, Exabeam
● Jess Ng, Country Head, Singapore and Brunei, Fortinet
● Steve Ledzian, CTO, Cloud Security, Asia Pacific, Google Cloud
● Adrian Hia, Managing Director, APAC, Kaspersky
● Darren Guccione, CEO & co-founder, Keeper Security
● Jennifer Cheng, Director of Cybersecurity Strategy, APJ, Proofpoint
● Chee Wai Yeong, Area Vice-President for APJ, Rubrik
● Robert Pizzari, Vice President, Security, APAC, Splunk
● Daniel Toh, Chief Solutions Architect, Data and Application Security, APJ, Thales
iTNews Asia: How do you see the cybersecurity landscape in APAC evolving in the coming year, and what do you think are key issues and challenges that organisations will face?
Hia (Kaspersky): In 2024, supply chain attacks and IT outages had emerged as dominant cybersecurity concerns, illustrating that no infrastructure is immune to cyberattacks. We predict these to be the key challenges that organisations will face in 2025, alongside brute force attacks. These attacks involve cybercriminals trying to decrypt login credentials and encryption keys to steal personal data, spread malware, or hijack systems.
In the first half of 2024, Kaspersky blocked over 23 million brute-force attacks against businesses in Southeast Asia, highlighting the growing threat in the region.
As the Asia Pacific (APAC) region sees more investment in supply chain and logistics, cybercriminal groups are expected to intensify their attacks. Government organisations will remain prime targets for a range of cyberattacks, from espionage to politically motivated breaches.
As businesses increasingly rely on AI, the concentration of AI service providers creates potential points of failure. If an AI provider faces disruption, it could affect dependent services or lead to major data breaches, as these systems often store sensitive information.
Clement (Check Point): The cybersecurity landscape in APAC is rapidly changing as more organisations move to the cloud, adopt IoT, and embrace remote work. As the year begins, we can expect an increase in threats targeting these expanded networks.
Cybercriminals are likely to exploit weak spots like misconfigurations, unpatched software, and social engineering tactics. Supply chain vulnerabilities also remain a significant concern, with attackers targeting weaker links in partner systems. Data breaches are another major risk, driven by stricter data protection laws and cross-border data sharing.
Cox (Exabeam): Critical infrastructure will face unprecedented challenges as escalating cyberthreats test the resilience of our essential services. Power grids, utilities, and healthcare systems will face heightened risks, driven by geopolitical tensions and the growing aggression of cybercriminals.
In APAC, several countries have already witnessed large-scale cyberattacks on essential services in 2024, and this trend is expected to intensify.
AI is set to lower the barrier to entry for cybercrime, empowering a new wave of cybercriminals. Generative AI models will facilitate the automation of ransomware and spyware, making sophisticated attacks more accessible to non-technical actors.
- Gareth Cox, Vice President, APJ, Exabeam
Living Off The Land (LOTL) attacks – where attackers exploit trusted network tools available in the target system to evade detection will also emerge and become more prevalent. Geopolitical adversaries, such as the Chinese state-sponsored hacker group Volt Typhoon, will increasingly leverage these techniques to establish persistent system access.
Darren (Keeper): Organisations across all sectors are facing an increasing frequency and sophistication of cyberattacks as digital transformation accelerates. A primary challenge is balancing economic pressures with the need for strong security measures. Organisations may cut back on crucial areas like Privileged Access Management (PAM), leaving them vulnerable to cybercriminals.
The emergence of AI is allowing attackers to automate and scale traditional tactics more convincingly than ever. Relying on outdated systems or reactive measures is no longer sufficient.
Pizzari (Splunk): Cybercriminals are using AI for more targeted and disruptive attacks. Governments across the region are redefining "cybersecurity materiality" and setting clear expectations for managing cyber risks.
While these measures aim to improve accountability, they also put more pressure on organisations to strengthen their compliance and risk management frameworks.
Downtime continues to be a major issue, with APAC organisations facing some of the longest recovery times globally. These disruptions not only lead to financial losses but also damage customer trust.
With evolving policies, regulatory pressures, and growing cyber threats, the next 12 months will be critical for organisations to invest wisely, improve compliance, and build resilience.
- Robert Pizzari, Vice President, Security, APAC, Splunk
Ng (Fortinet): Key challenges include AI-powered threats, such as sophisticated phishing campaigns and deepfake scams. Ransomware remains a significant concern, with attackers targeting high-value sectors and employing double and triple extortion tactics.
Misconfigurations and vulnerabilities in hybrid cloud environments leave organisations exposed. Lastly, the persistent cybersecurity skills gap further complicates efforts.
Organisations must also navigate increasing regulatory pressures while adopting frameworks like Zero Trust to mitigate unauthorised access.
Oh (BlueVoyant): One of the most pressing issues will be the rise of AI-powered cyber threats. Generative AI (GenAI) is increasingly being weaponised by threat actors to create highly convincing phishing scams, deepfake content, and even automated malware.
Ransomware remains a persistent threat, with ransomware-as-a-service (RaaS) models enabling even low-skill attackers to carry out sophisticated campaigns. Cybercriminals are refining their tools, including Endpoint Detection and Response (EDR) killers, which pose a significant challenge to existing security measures.
Despite recent declines in ransomware incidents, organisations cannot afford to become complacent, particularly as supply chain vulnerabilities and sophisticated attack vectors remain potent risks.
Cybersecurity compliance and regulatory oversight are expected to become stricter, with more aggressive enforcement and substantial penalties for breaches or negligence, pushing organisations to adopt higher security standards.
- William Oh, Director of Business Development, APAC, BlueVoyant
While regional regulatory variations currently pose challenges for global businesses, efforts toward harmonising standards across the EU, US, and parts of Asia could lead to more consistent rules on data protection and incident response.
Building on frameworks like General Data Protection Regulation (GDPR), more regions may enforce stricter privacy rights, requiring transparency, limited data collection, and rapid breach notifications.
Cheng (Proofpoint): AI will fuel increasingly sophisticated attacks as malicious actors can also leverage the technology to enhance phishing campaigns and other forms of social engineering at scale, develop more potent malware, and exploit vulnerabilities with greater precision. Navigating the diverse data privacy and security laws across APAC adds another layer of complexity, exacerbated by a critical shortage of cybersecurity professionals in the region.
Next, it is just as important to recognise that despite technological advancements, human error remains a critical vulnerability.
Yeong (Rubrik): organisations are faced with the challenge of safeguarding privacy, preventing data leakage, and maintaining compliance with stringent regulations – particularly as trust in AI solutions becomes a competitive differentiator.
Establishing control and visibility of sensitive data will be critical to minimising the risk of data exposure when leveraging Generative AI. Ransomware will also remain a persistent threat in the region, fueled by Ransomware-as-a-Service (RaaS) and AI-enhanced attack strategies.
Toh (Thales):
As organisations adopt modern application development as a means of digital transformation, the volume of application programming interfaces (APIs) will continue to multiply. Last year, our research found that API traffic constituted over 71 percent of web traffic. As this traffic continues to escalate, so do the threats – creating a greater need for API observability.
- Daniel Toh, Chief Solutions Architect, Data and Application Security, APJ, Thales
In addition, we will see a significant jump in open-source supply chain attacks, as the increasing complexity and interconnectedness of software supply chains make them attractive targets for cybercriminals.
Ledzian (Google Cloud): Ransomware and business email compromise will remain the major cybersecurity threats in 2025, exacerbated by attackers' increasing use of AI to refine and enhance their methods.
Cybercriminals are also beginning to utilise generative AI and deepfakes to improve their social engineering tactics. The rise of sophisticated infostealer malware and the rapid exploitation of vulnerabilities often within days of disclosure are also creating new challenges for defenders. Credential theft, leveraging adversary-in-the-middle techniques to circumvent multi-factor authentication, is also on the rise, particularly in cloud environments.
Tan (BT Business): AI-driven threats will continue over the next 12 months, but the real challenge is how we use the AI tools at our disposal. We've moved far beyond traditional threat hunting, so how can we leverage machine learning, pattern recognition, and automation to quickly identify vulnerabilities and counter threats around the clock?
It's crucial to ensure that sensitive data stays within the organisation and isn't leaked due to misuse or misunderstandings of AI models, which could lead to privacy breaches. Cybersecurity isn't just about implementing technology but about ensuring ethical practices and the right safeguards are in place to protect organisations.
- Sunny Tan, Head of Security Business, East Asia, BT Business
iTNews Asia: Cyber attackers are innovating, using sophisticated phishing and social engineering methods that are learning and adapting to bypass security measures. What can we do to address the new AI-led vulnerabilities? How should our cyber security strategy and posture change?
Ng (Fortinet): First, adopting AI-powered tools is critical. AI-powered threat intelligence systems can recognise patterns in attacker behaviour and pre-emptively alert security teams to mitigate risks.
Second, implementing a Zero Trust architecture is essential. This approach assumes no entity - internal or external is inherently trusted, requiring continuous verification for all users and devices. Regular simulations and education on identifying phishing emails and deepfake scams can empower employees as the first line of defence.
Also, fostering public-private partnerships and sharing threat intelligence are vital to staying ahead of adversaries and enable faster, coordinated responses.
Tan (BT Business): It’s clear that businesses, big or small, must improve their cybersecurity knowledge and strengthen defenses, as many still rely on outdated models designed for a time when IT resources and data were securely locked away.
One effective approach is adopting a human-centric security model, often called a "human firewall." This goes beyond having a solid security plan - it’s about creating a culture where employees are aware and accountable for security.
From a tech perspective, businesses should use emerging tools like AI and machine learning. Organisations should regularly assess and update their cybersecurity frameworks to anticipate new risks.
For those unsure where to begin, take the guidance offered by cybersecurity vendor companies that offer flexible, scalable, and secure 360-degree protection solutions. By working with the right partners, companies can tailor their defences to align with their unique operational needs.
Clement (Check Point): Organisations must focus on both technology and human awareness to stay secure. On the technical side, leveraging machine learning to detect anomalies in user behaviour and email traffic can help spot malicious campaigns early.
Continuous monitoring, real-time threat intelligence, and automated incident response are also key.
From a human perspective, consistent cyber security training and realistic “live-fire” simulations equip employees to recognise and resist AI-driven phishing attempts. Updating policies to include stronger authentication measures - such as multi-factor authentication (MFA) further reduces risk.
Ultimately, tackling AI-enabled threats requires a proactive stance: assessing potential vulnerabilities, building layered defences, and integrating AI-based tools that proactively search for new attack vectors.
Hia (Kaspersky): To defend against AI-driven phishing attacks, organisations must adopt a multi-layered approach that emphasises comprehensive cybersecurity.
Firstly, employees should go through regular, up-to-date AI-focused cybersecurity awareness training to help them identify the subtle signs of phishing and other malicious tactics.
Businesses should administer robust security tools capable of detecting anomalies in emails, such as unusual writing patterns or suspicious metadata. A zero-trust security model is crucial to minimise the potential damage of a successful attack.
- Adrian Hia, Managing Director, APAC, Kaspersky
By restricting access to sensitive data and systems, companies can ensure that even if attackers breach one layer of security, they will not be able to compromise the entire network.
Pizzari (Splunk): Integrating AI into Security Operations Centres (SOCs) allows organisations to analyse large data sets, detect anomalies, and neutralise threats in real-time, shifting from a reactive to a proactive approach.
A strong defense also starts with better data management. Modern threats take advantage of weak encryption, poor access controls, and inadequate governance, which can lead to risks like ransomware. Federated data management strategies provide real-time insights and help make smarter decisions, reducing these risks.
Investing in AI tools and training empowers teams to spot and respond to threats early, making security part of the organisational culture.
Toh (Thales): AI can track user behaviour, spot unusual activity, and flag suspicious messages in real time, while ML can analyse large amounts of threat data to identify new patterns.
AI-driven training can simulate advanced phishing attempts, helping staff spot red flags. Creating a culture of security awareness and offering simple ways to report suspicious activity is also important.
Finally, investing in advanced threat intelligence, running regular simulations, and improving incident response with AI automation will strengthen overall security.
Darren (Keeper): Defenders can leverage AI tools for real-time threat detection, identifying phishing and zero-day attacks. Adopting a zero-trust model, which verifies every access request, is crucial.
Switching to passwordless authentication also strengthens defenses against credential theft. Regular employee training helps teams spot and report suspicious activity. These measures help prevent unauthorised access and limit damage if an attack occurs.
Oh (BlueVoyant): An organisation’s cyber posture must evolve to become more proactive and adaptive. This necessitates a shift towards AI-powered threat detection, leveraging machine learning to analyse network traffic, identify anomalies, and predict potential vulnerabilities. By automating threat detection and triage, AI can free up human analysts for more strategic tasks.
It's crucial to remember that AI is a tool and can’t replace human cybersecurity experts. By sifting through massive datasets and identifying threats, AI frees up human analysts to focus on more complex tasks such as threat hunting, forensic analysis, automatically combining different source information, and strategic security planning.
Cox (Exabeam): Traditional security measures are no longer sufficient to combat AI-driven cyberattacks, prompting the need for cybersecurity strategies that embrace AI at every level of defence.
Organisations must integrate AI across their security operations, from endpoint protection to threat intelligence. AI-powered co-pilots will also become indispensable in cybersecurity operations moving forward, significantly enhancing defensive capabilities, such as threat detection, investigation, and response. They should plan to integrate these co-pilots with existing security systems and train operators to collaborate effectively with AI.
Companies should adopt AI security certifications and frameworks now to prepare for future regulatory requirements.
Yeong (Rubrik):
AI-powered cyberattacks demand proactive cybersecurity strategies, zero trust principles and to adopt an assumed breach mindset. This involves granting minimal access privileges, continuous authentication, and deploying stringent data access controls to reduce the impact of compromised credentials.
- Chee Wai Yeong, Area Vice-President for APJ, Rubrik
Along with AI-powered security solutions, implementing data security posture management (DSPM) will also be crucial as it provides a comprehensive overview of an organisation’s sensitive data and where it resides, enhancing overall data visibility and enabling the appropriate controls to be applied before a breach occurs.
Intelligent platforms today can also offer guided workflows and actionable recommendations to swiftly isolate threats and recover critical data. An example is our generative AI companion, Ruby, which enables organisations to mitigate complex cyber incidents efficiently even for those with varying levels of expertise.
Ledzian (Google Cloud): As AI tools become integrated into security operations automating tasks, streamlining workflows, and prioritising risks, security teams can focus on addressing high-priority threats.
As hybrid work models become standard, organisations should strengthen account security with MFA and shorter session lifetimes to minimise the impact of compromised credentials.
Implementing cloud-native security information and event management (SIEM) solutions can also improve threat monitoring, detection, and remediation across the entire organisation. Many organisations are moving towards unified, AI-powered, intelligence-led security operations solutions of which SIEM is just one component.
Proactive investments such as threat intelligence, security awareness training, and red team exercises will also be essential to stay ahead of AI-driven threats. Organisations with a good understanding of the evolving tactics employed by cybercriminals can more effectively patch known and critical vulnerabilities or leverage insights to address emerging attack vectors.
- Steve Ledzian, CTO, Cloud Security, Asia Pacific, Google Cloud
Cheng (Proofpoint): AI/ML is a powerful tool for detecting patterns in large datasets and predicting threats, such as Business Email Compromise (BEC), before they even reach employees. By analysing the tone and intent behind potential threats, AI can block malicious emails early, enhancing protection.
It is important to remember that the state of cybersecurity vulnerability today isn't just a technological conversation; but also a human one. A new approach is needed—a human-centric approach. This approach brings together an understanding of data classification, user intent and threat context, and applies it consistently across email, cloud, endpoint, web and GenAI tools.
- Jennifer Cheng, Director of Cybersecurity Strategy, APJ, Proofpoint
iTNews Asia: The cloud is becoming a prime target for cyberattacks as businesses continue to move their infrastructure and sensitive data to the cloud. Misconfigurations and inadequate security measures also make organisations more vulnerable to attacks. What steps can we take to prevent any unauthorised access to our data stored in the cloud? How can we ensure the microservice architecture we develop is secure?
Oh (BlueVoyant): Preventing unauthorised access to cloud-stored data is a major challenge. Strong IAM, MFA role-based access controls, and regular audits of user permissions are essential. Regular updates and patches are essential to stay ahead of attackers. The zero-trust model is no longer optional but a necessity.
Technology alone isn’t enough. Compliance with regulations, regular security audits are vital.
Ng (Fortinet): The cloud has become a prime target for cyberattacks as businesses increasingly migrate infrastructure and sensitive data to hybrid and multi-cloud environments. Misconfigurations and inadequate security measures remain critical vulnerabilities.
To address these challenges (misconfigurations and inadequate security measures) organisations should prioritise unified cloud security platforms. These platforms simplify policy management, enhance visibility, and ensure consistent enforcement across hybrid environments. For microservice architectures, network segmentation and runtime security are essential to isolate workloads and protect against lateral movement.
- Jess Ng, Country Head, Singapore and Brunei, Fortinet
Leveraging end-to-end encryption and automated risk remediation further strengthens data protection.
Toh (Thales): Along with Zero Trust Architecture, strict IAM, MFA policies, encryption organisations must prioritise a “secure-by-design” approach throughout the development lifecycle. Implement container security best practices by scanning images for vulnerabilities before deployment and by using trusted, verified base images.
Clement (Check Point): Preventing unauthorised access in cloud environments starts with strong configuration management: apply least-privilege principles, enforce strict access controls, and monitor for anomalies.
Regular audits, data encryption (both at rest and in transit), and solid key management are also essential. For microservices, each service should be isolated and use secure communication methods like mutual transport layer security (mTLS).
Following container security best practices, including scanning images for vulnerabilities before deployment, is key.
Orchestration platforms like Kubernetes should use strict role-based access control. By combining effective network segmentation, secure coding practices, and ongoing testing or penetration assessments, organisations can minimise their cloud attack surface and maintain resilient micro-services.
- Clement Lee, Security Architect, APAC, Check Point Software Technologies
Ledzian (Google Cloud): As organisations accelerate cloud adoption, protecting cloud infrastructure requires a robust multi-layer approach.
Cloud Native Application Protection Platforms (CNAPPs) are central to cloud security. These unified solutions integrate various cloud security functions and are constantly evolving. Organisations with sensitive cloud workloads should prioritise CNAPP to protect their cloud workloads and infrastructure.
Regular third-party cloud security assessments and continuous monitoring of cloud infrastructure are crucial. Storing cloud telemetry and logs helps investigate suspicious activity and distinguish between benign incidents and actual intrusions.
Because most cloud intrusions result from stolen credentials, strong identity and access management (IAM) and the principle of least privilege are essential to limit the blast radius of any successful intrusion.
Lastly, in addition to preventative measures, organisations should build cyber resilience by establishing an incident response retainer and conducting regular tabletop exercises to prepare for significant cyber incidents.
Tan (BT Business): As cloud environments become more distributed to meet the demands for low latency and scalability, the risks also increase.
While solutions like IAMs, MFAs, mTLS and APIs are important, there’s no fool proof way to manage the wide range of evolving cyber threats. That’s why a proactive, unified approach to cloud security is more essential than ever.
The good news is that the cloud's open, scalable, and flexible nature helps build a resilient defense system. This architecture allows organisations to create multiple pathways between cloud environments, geofence data to meet regulatory needs, and integrate built-in distributed denial-of-service (DDoS) protection directly into their infrastructure. In emergencies, this robust architecture ensures continuity and reliability.
Unlike traditional setups that might require rerouting traffic through different regions (which can cause delays), the cloud maintains steady performance, ensuring smooth operations even in tough situations.
Pizzari (Splunk): Strong cloud security starts with end-to-end visibility. Real-time monitoring tools give organisations the ability to track cloud environments, spot anomalies, and fix misconfigurations before they turn into vulnerabilities.
AI-driven observability takes this further by analysing large datasets to identify patterns, prioritise issues, and speed up response times.
Security should also be built in from the start. For microservices, adopting development, security, and operations (DevSecOps) practices integrates security into every development stage, creating a continuous security model that ensures systems stay protected as they evolve.
Finally, working closely with vendors is crucial. Aligning security protocols, conducting joint risk assessments, and setting flexible service-level agreements help reduce third-party risks and ensure business continuity in complex environments.
Darren (Keeper): Securing cloud environments begins with adopting a zero-trust framework that enforces strict access controls and continuously monitors activity to detect threats. Implementing least-privilege policies minimises the potential damage from compromised credentials by restricting user permissions to only what’s necessary. Regular auditing and remediating misconfigurations are critical, as those are often the weakest link in cloud security.
For microservice architectures, protecting APIs with robust authentication protocols and ensuring secure communication between services through encryption are two essential steps. Organisations must also prioritise visibility across their cloud environments to identify and address risks proactively.
- Darren Guccione, CEO & co-founder, Keeper Security
By integrating strong access controls, continuous monitoring and secure development practices, they can effectively protect sensitive data and maintain resilient cloud systems.
Yeong (Rubrik): Organisations can adopt a comprehensive resilience strategy rooted in Zero Trust principles. Equally important is deploying an air-gapped, immutable file system to safeguard backup data.
By preventing unauthorised modifications or deletions and isolating backups from network access, this architecture significantly enhances protection against cyber threats.
Cox (Exabeam): Organisations should begin by creating a clear and comprehensive cloud security policy. This policy should define who can access cloud services, what data is stored, and how sensitive information is protected. It should also outline the security technologies in place and provide best practices for employees to follow.
Along with IAM, MFA and encryption solutions, organisations need to implement Security Information and Event Management (SIEM) or Extended Detection and Response (XDR) to help security teams detect sophisticated threats in real time and streamline response efforts.
Cheng (Proofpoint): Securing cloud environments requires a fundamental shift in mindset. While traditional security tools have their place, they often fall short in the dynamic world of the cloud because data does not move itself. Gaining clear visibility into data access patterns allows us to establish a baseline of normal behaviour and quickly identify anomalies that could indicate a compromise before the damage is done.
For microservice architectures, this means setting up strict access controls for each service, constantly monitoring for suspicious activity, and building security into the development process from the start.
Developers should also enforce least privilege access to protect data and reduce risk. The focus should shift from reacting to incidents to preventing threats, understanding that people are both the biggest risk and the best defense.
Hia (Kaspersky): Businesses should actively manage their accounts and devices. If a service or software is no longer in use, it must be properly closed down, as hackers can access cloud networks through old, unpatched accounts. MFA is also important using methods like biometric data or a code sent to a mobile device.
From a business perspective, it's worth considering a hybrid cloud system to separate company data from other customers' data. This can be done by encrypting or segmenting the data for secure storage.
It’s also essential to assess and audit your supply chain and managed services access to your environment. Use compromise assessment services if you suspect that you may be compromised.
