Traditional defences fall short in the region's rapidly digitising landscape, with vulnerabilities across the cloud, OT, supply chains, and critical sectors such as healthcare.
For CIOs, CISOs and CROs, the industrialisation of cyber threats requires pivoting to practical defence strategies against threats that operate like efficient enterprises, powered by AI agents and automated workflows that compress attack lifecycles to minutes.
Rapid digital transformation, expanding IT/OT convergence, and geopolitical tensions amplify vulnerabilities across critical sectors, including utilities, manufacturing, and finance.
The industrialisation of cybercrime
Cybercrime has evolved into a highly structured, profit-oriented ecosystem that mirrors legitimate business operations. Jonas Walker, director of threat intelligence at Fortinet describes this transformation: "Cybercrime has really evolved into a structured profit-driven ecosystem, which operates like legitimate industries, featuring supply chains, specialised services like ransomware services, and a collaborative network."
He forecasts that "the global cost of cybercrime will reach close to 20 trillion annually" in 2026, highlighting the substantial financial rewards fuelling this ecosystem. Automation combined with artificial intelligence has significantly reduced the technical barriers to entry, allowing individuals with minimal skills to participate profitably.
Organisations that rely solely on reactive measures will perpetually lag behind attackers. Walker emphasises the necessity of anticipation: "If we just wait for attacks to happen, we are always one step behind." Attackers adhere to a predictable kill chain, beginning with reconnaissance and detailed examination of the victim's attack surface. Initial access brokers routinely sell compromised entry points on underground and darknet forums.
Effective defence requires active monitoring of leaked credentials, continuous attack-surface assessment, and an understanding of the attacker's mindset. Walker explains: "We can take a very different approach to cybersecurity where we just monitor and try to detect someone, but we operate from a point of view that we should look actively – where are the vulnerabilities and how is it most likely that someone will attack us?"
This proactive posture is particularly critical across Asia, where rapid connectivity growth and increasing integration of crucial infrastructure with corporate IT networks demand shorter dwell times and earlier disruption of threats.
Gartner's Top Trends in Cybersecurity for 2026 highlight the need for preemptive cybersecurity, shifting from reactive to proactive measures using AI to block threats before they strike, amid agentic AI and regulatory volatility.
AI's dual role in attacks and defence
Artificial intelligence serves as a powerful accelerator for both attackers and defenders. Walker clarifies its position: "AI is just another tool. It's a tool which can be used to make things more efficient and to lower the barriers for both attackers and defenders on multiple occasions."
Attackers deploy AI across the kill chain, from crafting convincing social engineering campaigns (including deepfakes and victim profiling) to generating more sophisticated malware to rapidly filtering exfiltrated data for high-value assets.
On the defensive side, AI enables operationalisation of threat intelligence at machine speed. Walker illustrates the advantage: "AI tools can be useful in understanding that intelligence to understand what is happening."
He provides a practical example: an IT ticket reporting slow server connections can be analysed swiftly by AI, which identifies anomalous CPU usage linked to a specific process and an external IP address associated with a botnet.
On the importance of balance, "AI doesn't solve all the problems, and it doesn't mean the users are not required anymore, but it assists the users in a way that it makes their life much more efficient," stresses Walker.
As attackers increasingly adopt AI, defenders must match this capability to avoid creating a significant imbalance.
IBM's cybersecurity predictions for 2026 warn of major incidents involving shadow AI systems and unapproved tools that risk IP exposure, and emphasise integrated governance for AI agents. McKinsey notes that AI is expanding the cybersecurity market to US$2 trillion, with non-CISO spending growing at a 24% CAGR.
Prioritising established controls in IT/OT environments
Rather than pursuing novel technologies, organisations should focus on refining and strengthening proven security controls, especially as IT and OT environments converge. OT presents unique challenges to organisations.
Jonas Walker
"OT environments very often run on older operating systems. Unfortunately, to some degree, they are so old that no one is touching them anymore because they're afraid that if they do any updates, the software might not run anymore." Jonas Walker
Traditional air gaps have largely disappeared, leaving legacy systems exposed to constant internet scanning by automated AI agents. Walker warns: "Whatever is connected to the Internet will be attacked very quickly."
Network segmentation, strict privilege management, and continuous anomaly detection are essential to control dwell times and restrict lateral movement in these hybrid environments.
Gartner's Predicts 2026 stresses a shift to cyber resilience, with 50% of CISOs owning disaster recovery by 2028.
Disrupting botnets and insider threats
Botnets remain a cornerstone of large-scale operations. In describing their architectures, Walker says: "There are always two components to a botnet. One of them is a command-and-control system. You can think of it like a dashboard, and then this dashboard connects to a lot of infected machines all around the world and controls them simultaneously."
Meanwhile, insider threats have grown with the normalisation of remote work, including sophisticated nation-state operations such as those conducted by the Lazarus Group, which places operatives inside target organisations.
Walker advises layered protection: "It's very important that we are aware of securing the network from the outside and ensure we have segmentation and security layers in place from the inside."
Fortinet's report predicts AI agents will automate credential theft and lateral movement, amplifying botnet threats.
Securing critical infrastructure against blended attacks
Critical infrastructure remains highly vulnerable to blended threats combining ransomware with data extortion. Connectivity is the entry point for automated scanning and exploitation.
Walker stresses: "Security always needs to be top of mind, especially in OT environments, because very often, it's about connectivity first and then security is implemented at a later stage."
He recommends robust segmentation and layered controls: "Segment all the different networks as best as we can from each other."
Rapid detection and isolation of anomalies remain critical, as attackers typically require weeks or months to achieve the widespread access needed for maximum impact, providing defenders with valuable windows to intervene.
Identity remains the primary target. Attackers exploit credential reuse, data breaches, and open-source intelligence. Walker highlights practical measures: "It is important, and when we talk about identity, that users have unique passwords for their e-mail logins because what causes a lot of harm is that people reuse the same username and password combination across multiple accounts and websites."
Multi-factor authentication, behavioural analysis, and consistent enforcement in cloud environments are non-negotiable: "Especially in cloud environments. It's key that these security layers are in place."
Bridging the security skills gap
AI augments limited expertise: "It allows people to do more with fewer resources." Walker highlights AI's role in summarising information and troubleshooting, combining human and AI strengths: "It's really a combination of both."
McKinsey emphasises building resilience through AI tools to address skills shortages.
Disrupting cybercrime ecosystems
Effective disruption involves law enforcement partnerships, intelligence sharing, and refusing to pay ransoms. Walker states clearly: "Paying the threat actors is usually the worst thing to do from an organisation's point of view if they wish to stop cybercrime."
Long-term resilience requires community collaboration, sharing lessons learned, and coordinated efforts between CISOs and CIOs to build layered, intelligence-driven defences against Asia's rapidly industrialising cyber threats.
Click on the PodChats player for more details on Walker's recommendations for building practical defence strategies against industrialised cyber threats.
Describe what, for you, is an industrialisation of cybercrime?
How has this industrialisation of cybercrime in Asia necessitated a shift from reactive to proactive defence strategies?
What role do AI-enabled agents play in accelerating attack stages, and how can defenders in the region counter this by operationalising threat intelligence at machine speed?
Why must defences prioritise refining established controls over novel innovations, and what does this mean for managing dwell times in environments with expanding OT and IoT exposures?
How are botnets and insider recruitment threats amplifying industrial-scale attacks, and what defensive measures should leaders implement to disrupt these?
In recent years, governments around Asia have raised concerns about the vulnerability of critical infrastructure. Please suggest a couple of practical strategies to mitigate blended threats, such as ransomware and data extortion, including essential tools and frameworks, such as integrated SecOps for automated detection and containment.
In the context of today's hybrid, meaning human and machine workers, why is identity governance becoming central to defence? More importantly, how can it be enforced in AI-driven cloud environments?
What is the answer to Asia's perennial security skills gap? How can organisations build specialised expertise in areas like detection engineering and AI operations to support resilient defences?
What practical incentives can Asia's leaders leverage to disrupt cybercrime ecosystems and enhance accountability, and how can CISOs and CIOs work together to strengthen long-term defence strategies against evolving industrialised threats?
Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events.
Previous Roles
He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role.
He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications.
He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer.
He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific.
He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific.
He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.
