In 2025 the cyber threat landscape in Asia presents many challenges that Chief Information Security Officers (CISOs) must navigate. Recent insights from the SANS 2024 Security Awareness Report and PwC's Bridging the Gaps to Cyber Resilience: The C-suite Playbook underscore the critical importance of enhancing security practices and building resilience against evolving threats. The landscape is complex and rapidly changing, necessitating CISOs to take a proactive and strategic approach.
Most challenging aspects for CISOs in 2024
Daniel Kwong, CISO for Fortinet North Asia, articulates that "the most challenging aspect for CISOs has been managing the increasing complexity and sophistication of cyber threats." In 2024, threat actors have become more adept, employing tools that leverage artificial intelligence alongside Cybercrime-as-a-Service (CaaS) models.
This evolution means that CISOs must prioritise their protective measures amid an increasingly intricate threat landscape. The sheer volume and variety of threats can overwhelm even the most robust security frameworks.
Compounding this complexity is the rapid expansion of cloud environments, which, while offering numerous advantages, also introduces new vulnerabilities. The ongoing cybersecurity skills gap further exacerbates these challenges, leaving organisations at risk due to a lack of qualified personnel capable of managing these advanced threats.
CISOs must defend against current threats and anticipate future challenges, making the cultivation of a resilient cybersecurity posture essential.
Threat intelligence defined
In the context of these evolving threats, effective threat intelligence becomes paramount. Kwong points out that "people can easily collect threat intelligence from different vendors... but they don’t know if the threat intelligence is useful for them."
This highlights a crucial aspect of information security: differentiating between noise and actionable insights. CISOs must ensure that the threat intelligence they gather is relevant and tailored to their specific operational context, seamlessly integrating it into their security frameworks.
The ability to contextualise threat intelligence is vital. For instance, if an organisation collects intelligence about a vulnerability in an application it does not use, that information becomes irrelevant. Therefore, developing a strategy to filter and interpret threat intelligence is critical for effective decision-making.
Assessing vulnerability in North Asia
Kwong emphasises the importance of understanding system vulnerabilities, particularly in North Asia, where rapid digital transformation has outpaced security measures. He states, "The moving target is still very complex but catchable."
To effectively manage risk, organisations must conduct thorough vulnerability assessments that encompass both network and application layers. This is especially pertinent in a region where innovative technologies and mobile payment systems are proliferating, introducing unique security challenges.
The presence of localised threats, such as those stemming from state-sponsored actors or regional cybercriminal groups, requires a nuanced understanding of the threat landscape. Regular assessments can help identify gaps in security, enabling organisations to fortify their defences before vulnerabilities can be exploited.
The threat of Cybercrime-as-a-Service
The rise of CaaS is particularly concerning for CISOs. Kwong describes how attackers are developing tools that mimic legitimate applications, making detection increasingly difficult. He explains, "They actually develop a tool that really, really looks like a normal application."
This trend necessitates heightened vigilance from CISOs, as they must adapt their strategies to counter sophisticated, modular attack campaigns that can be easily tailored to target specific organisations or sectors.
Kwong’s insights underline the importance of continuous monitoring and threat detection capabilities. Organisations must invest in advanced security solutions that can identify anomalies and respond to potential threats in real-time. The ability to recognise when a legitimate application may be compromised is crucial for protecting sensitive data and maintaining operational integrity.
Monitoring and responding to ransomware attacks
As threats become more nuanced, Kwong advocates for the integration of AI capabilities within cybersecurity tools. He states, "You have to have some sort of AI capability in your tool set… to learn based on when you open the file."
Traditional signature-based detection methods are becoming increasingly ineffective against polymorphic malware and sophisticated ransomware attacks. By leveraging AI, organisations can adapt their security protocols to recognise unusual behaviour and potential threats, enabling proactive rather than reactive responses.
Mapping actions to frameworks like MITRE can further enhance threat detection. By understanding the tactics, techniques, and procedures (TTPs) of threat actors, organisations can create a more robust defence strategy.
Fortinet’s integration of MITRE into their tools exemplifies how CISOs can enhance their threat-hunting capabilities, allowing for a quicker and more efficient response to attacks.
Securing cybersecurity budgets
Amidst these challenges, securing adequate budgets for cybersecurity remains a crucial concern for CISOs. Kwong suggests framing budget requests in terms of risk management rather than solely focusing on return on investment (ROI).
He notes, "You need to develop your report similar to finance risk management... list out the potential risk if you don't do this thing." This approach can help CISOs communicate the necessity of cybersecurity investments to the board, ensuring that funding is aligned with risk mitigation strategies.
Regulatory compliance can also provide leverage for securing budgets. In industries where compliance is stringent, organisations may find it easier to justify the need for increased cybersecurity expenditures. However, CISOs should be prepared to articulate the specific risks their organisations face, utilising data and case studies to strengthen their case.
Cultivating a strong security culture
The SANS report emphasises the need for organisations to enhance their security awareness programmes, particularly in addressing human risks and fostering a strong security culture. Human behaviour remains one of the most prevalent causes of security incidents, and Kwong aptly points out, "Cybersecurity is a moving target." This highlights the necessity for ongoing training and awareness initiatives that empower employees to recognise and respond to potential threats.
Integrating security awareness into the organisational ethos requires a multifaceted approach involving regular training sessions, clear communication about security policies, and the promotion of a culture where security is everyone's responsibility.
By fostering an environment where employees feel equipped to contribute to security efforts, organisations can significantly reduce the likelihood of human error leading to breaches.
The imperative of vigilance
In light of PwC's findings revealing that only 2% of organisations have implemented comprehensive cyber resilience actions, it is clear that CISOs must prioritise resilience in their strategies. The urgency to cultivate a robust security culture and address vulnerabilities is critical for maintaining stakeholder trust and ensuring business continuity in an increasingly perilous landscape.
As we move into 2025, the convergence of complex threats and the imperative for a proactive, resilient approach will define the cybersecurity posture of organisations across Asia. CISOs must remain vigilant, adaptive, and committed to fostering a culture of security awareness to effectively combat the evolving cyber threat landscape. By integrating human factors into their security strategies and ensuring that resilience is a core component of their cybersecurity efforts, organisations can better prepare for the challenges that lie ahead.