HPE’s inaugural In the Wild report from its newly formed HPE Threat Labs paints a stark picture for CISOs in Asia: cyber adversaries are operating like large enterprises, using automation, generative AI and industrial‑scale infrastructure to scale attacks against governments, finance, telco and other critical sectors.
The report analysed 1,186 active campaigns observed during 2025 and found governments were the most targeted globally (274 campaigns), followed by finance (211) and technology (179).
Attackers deployed more than 147,000 malicious domains, nearly 58,000 malware files and actively exploited 549 vulnerabilities over the year — indicators that campaigns are highly repeatable, persistent and resilient to simple takedown efforts.
“In the Wild reflects the reality organisations face every day,” said Mounir Hahad, head of HPE Threat Labs. “Our research is grounded in real‑world threat activity… These first‑hand observations and insights help sharpen detection, strengthen defences, and give customers a clearer view of the threats most likely to impact their data, infrastructure, and operations.”
For CISOs across Asia, the implications are immediate and operational. The professionalisation of threat actors means perimeter‑only defences are insufficient: adversaries are increasingly exploiting ubiquitous enterprise services such as VPNs, SharePoint and edge devices.
HPE recommends prioritising patching of these common entry points — a practical imperative in many Asian organisations still running legacy remote‑access stacks and diverse hybrid estates.
Generative AI has entered the attacker toolkit. The report documents use of synthetic voices, images and deepfake videos to mount sophisticated vishing and executive‑impersonation campaigns. These techniques compound insider risk and supply‑chain exposure — issues that require tighter identity controls, multi‑factor authentication and behavioural detection tuned to regional language and cultural nuances.
Operational guidance that matters for Asia’s CISOs in 2026:
- Break down silos and operationalise threat intelligence sharing across business units, partners and regulators to speed detection and containment.
- Adopt a SASE or ZTNA posture to unify networking and security, reducing blind spots in hybrid and cloud‑edge deployments common across the region.
- Harden common exploited services (VPN, collaboration platforms, edge kit) with aggressive patching and compensating controls.
- Invest in AI‑native detection and deception technologies to raise attacker cost and slow automated campaigns.
- Extend security to remote workers’ home networks and third‑party integrations, which remain fertile ground for scaled intrusion.
“Defending against them requires the same level of strategy, integration, and operational rigor.” said David Hughes, SVP & GM, SASE and security for networking at HPE.
For CISOs in Asia, that means shifting budget and operational emphasis from point tools to integrated, intelligence‑driven platforms and stronger cross‑functional playbooks.
