The latest findings from Palo Alto Networks’ Unit 42 2026 Global Incident Response Report reveal that threats are evolving at an alarming rate.
According to the report, AI, alongside increased attack surface complexity and identity exploitation, is fuelling the majority of cyber breaches today.
The report underscores a growing urgency for CISOs in Asia to reassess their security strategies.
The report indicates that adversaries are leveraging AI throughout the attack lifecycle, increasing attack speeds fourfold over the past year. Notably, the average time from initial access to data exfiltration in the fastest attacks has plummeted to just 72 minutes, a stark reminder of the imperative for swift defensive measures.
Identity-related vulnerabilities are a critical concern, having been implicated in 89% of investigations. Furthermore, 65% of initial access points stem from identity-based tactics, such as social engineering and credential misuse. This trend highlights the necessity for organisations to bolster their identity management practices.
The report sheds light on the browser's role as a primary battleground, with 48% of attacks involving browser-based activities. Tactics include credential harvesting through routine web interactions, revealing how common workflows can easily be manipulated by malicious actors.
For CISOs in Asia, this means heightened vigilance in training staff to recognise potential threats in their day-to-day digital interactions.
Moreover, the report notes a staggering 3.8-fold increase in attacks leveraging third-party SaaS applications, accounting for 23% of all incidents. This shift underscores the risks associated with OAuth tokens and API key misuse in interconnected environments, which is particularly relevant as organisations in Asia adopt cloud and SaaS solutions rapidly.
To defend against these emerging threats, the report advocates for a comprehensive approach to cybersecurity that includes:
- Adopting a unified platform: Empower Security Operations Centres (SOCs) with AI and automation to act swiftly against high-velocity attacks.
- Securing the development pipeline: Embed security measures throughout the software and AI development lifecycle to prevent vulnerabilities from reaching production.
- Modernising identity defence: Centralise management of all identities to close governance gaps.
- Implementing zero trust: Continuously verify every interaction to prevent lateral movement by attackers.
