24 on 2024: Asia-Pacific’s cybersecurity thought leaders share their predictions and aspirations

In 2024, anticipation and speculation regarding the future of cybersecurity have reached a crescendo. Against a dynamic backdrop of technological advancement, socio-political shifts, and new threats; predictions and aspirations for the year abound with both hope and apprehension. From generative artificial intelligence (GenAI) to cyber warfare, the forecast for 2024 is as multifaceted as it is uncertain. Through the lens of 24 of Asia-Pacific’s thought leaders in cybersecurity, we explore their predictions and goals for the year.

-An important goal of mine in 2024 is to achieve cyber investment clarity following the organisation-wide implementation of Cyber Risk Quantification. This year, we hope to quantify our top cyber risks, demonstrate the return-on-investment for existing and planned measures, and base our budget and roadmap for the next year on this data.

Alexander Antukh – Chief Information Security Officer (AboitizPower)

-With artificial intelligence (AI) and generative AI (GenAI) on the rise, how organisations manage and secure their data will affect stakeholder trust. In this region, businesses are rethinking how they leverage automation to optimise operational efficiency. This spans a spectrum of applications – from automating assembly processes in manufacturing to proactively identifying advanced cyber threats in the security operations centre (SOC).

IDC predicts that by 2024, 25% of A2000 will deploy GenAI on first-party data in their SOCs for detection and response to uplevel analysts while addressing hallucinations, bias, privacy, and reinforced learning concerns.

Although GenAI may enhance the efficiency of security analysts, it still places the analyst at the core of security implementation. SOCs are actively exploring use cases to derive maximum benefit and ROI from GenAI. Innovative security vendors are strategically combining predictive and GenAI to more effectively tap into predictive models, resulting in improved security data and better outcomes.

Christian Fam – Research Manager (IDC Singapore)

-An increase in AI-driven cyberattacks – taking advantage of vulnerabilities in ever-more-connected devices – will surface in 2024. The attack surface increases dramatically as IoT devices and smart technologies proliferate. With its ability to crack conventional encryption and enable complex cryptographic solutions, quantum computing presents both a risk and an opportunity. Ransomware will pivot with more sophisticated techniques targeting critical infrastructure.

Deepfake technology heightens the likelihood of social engineering attacks. Anticipation grows for increased global cooperation in cyber defence and a proactive cybersecurity strategy that includes prioritising AI-powered threat detection and quantum-resistant encryption is essential as we accelerate digital transformation amid emerging threats.

Christopher Lek – Director (Nanyang Technological University)

-In 2024, expect a notable rise in chief information security officer (CISO) departures due to high stress, litigation risks, and operational fatigue leading to burnout – with many opting for early retirement or advisory roles. Ever increasing ransomware attacks on supply chains, including previously assumed secure cloud providers, underscore the need for collaboration among major players for broader ecosystem defence. Globally, boardrooms – influenced by new US Securities and Exchange Commission (SEC) cyber regulations – will see a surge in demand for cyber board advisors, reflecting a heightened focus on cybersecurity at the highest corporate levels everywhere.

Darren Argyle – Group Chief Information Security Risk Officer (Standard Chartered Bank)

-In 2024, zero-trust architecture will continue to gain momentum as a security principle, while the focus on cloud security will intensify – particularly in relation to serverless architecture, where infrastructure-as-code and secure access management are key areas. Furthermore, the adoption of security solutions leveraging AI and machine learning (ML) capabilities will increase – enhancing defensive and offensive capabilities.

With supply chain and third-party breaches on the rise, greater attention will be directed towards risk mitigation and preparedness. Additionally, there will be heightened emphasis on securing mobile applications and endpoint devices. A shift from traditional risk management to a more proactive threat scenario-based risk management approach will be observed. Lastly, an expansion on cybersecurity and data protection regulations and practices is expected.

David Walker – Chief Data, Security & Innovation Officer (Mox Bank)

-As with many cyber leaders, I think AI security will be a big topic for this year (and for many years to come). Cyber leader will need to understand the power and potential of AI-enabled technologies well beyond the mechanics of how AI is constructed and operated. It is important to understand the various AI platforms and how they can be used to help and cripple the organisation – identifying both the risks and benefits will be essential for cyber leaders in the years to come.

Establishing meaningful policies, guidelines and procedures, and training regimes will be necessary to protect and enhance the company’s brand and reputation, as well as value. This will provide employees with the guardrails and is vital to reduce the threat of unauthorised disclosure of sensitive corporate data.

David Wang – Regional Information Security Manager, ASEAN (NS BlueScope)

-AI will be a huge catalyst to the development of the cybersecurity industry while concurrently posing as a threat against it. Hackers can leverage AI to automate complicated cyber-attacks and to create advanced malware programmes that can self-learn and bypass traditional security detection tools, making it more difficult to detect and remove.

AI can also be used to automate the process of finding vulnerabilities in systems and networks, allowing more efficient and effective attack launches. To shield against such attacks, the cybersecurity community must take a proactive approach to develop AI-driven solutions that are at par in their detection and protection capabilities.

Dicky Wong – AGM, Head of Technology Risk (New World Development)

-2023 was the year of AI, which supplanted zero trust as the buzzword in the field of cybersecurity. In 2024, both AI and zero trust will be critically important and remain core to an enterprise’s security strategy. This year, I believe:

• If you cannot beat AI, join it.
• Implement zero trust and protect your crown jewels.
• Be friendly to your business – CISOs are not obstructions, but good listeners and storytellers.
• Do more with less.
• Promote collaboration and information-sharing as cyber defence is a team sport.

Frankie Shuai – APAC Regional Information Security Officer (DWS Group)

-Global Geopolitical Instability and Cyber Warfare: Escalating geopolitical tensions are increasingly reflected in the cyber domain with state-sponsored activities destabilising critical infrastructures worldwide. This trend – targeting energy, healthcare, and financial systems – signals a rise in cyber-economic warfare, aiming for high impact through minimal effort by compromising core supply chains. These strategies – adopted by state actors – necessitate robust and adaptive cybersecurity responses.

In regions like the Asia Pacific – with strategic geopolitical interests – protecting key infrastructure from such sophisticated attacks is crucial. This new era in cybersecurity emphasises the protection of not just data, but also the stability of economies and societies.

Jason Lau – Chief Information Security Officer (Crypto.com)

-The world of cybersecurity in 2024 will witness a notable surge in AI and ML. AI’s robust data analysis will play a crucial role in assisting early detection of cyber threats. ML algorithms are improving to discern and counter emerging threats, thereby elevating defensive measures over time.

AI algorithms will deliver real-time threat analysis that allows a faster and more precise response to cyber incidents. However, AI phishing may become a significant threat as attackers leverage advanced techniques to deceive systems.

These trends signal a shift towards more intelligent and self-sufficient cybersecurity systems, driven by AI and ML advancements.

Joseph Ong – Chief Information Security Officer, Asia (FCM Travel Asia)

-In 2024, cybersecurity landscapes are reshaped by the maturity of GenAI and integrations to cybersecurity technologies. These technologies are dual-edged swords: on one hand, cyber defenders leverage them for enhanced and efficient data analysis, reducing incident response times and early detection of threats. On the other hand, threat actors exploit these advances for sophisticated social engineering, including convincing deepfakes and real-time deceptive interactions.

Additionally, increasingly skilled threat actors reduce dwell time, utilising similar advanced capabilities as defenders. The rise in supply chain attacks persists, highlighting the interconnected and complex technology stack.

Leonard Ong – Director, Cyber Defence Group (Synapxe)

-In 2024, we anticipate a significant shift in cyber threats, driven by the pervasive integration of AI methodologies. The rise of AI will elevate the sophistication of cyber-attacks, amplifying risks in areas like phishing, insider threats, malware development, deepfake, ransomware-as-a-service, and the exposure of personal identifiable information through GenAI. This demands a concerted effort from cyber defence practitioners – involving advanced tools, skilled personnel, and adaptive processes.

These changes underscore the imperative for organisations – especially in the financial sector – to bolster cybersecurity programmes, ensuring resilience against evolving threats in this AI-driven landscape.

Mundzir – Head of Cyber Security (Bank Sahabat Sampoerna)

-For 2024, I’m looking at:

• A fit-for-purpose cloud adoption strategy and implementation plan for our APAC business (considering the highly complex regulatory environments and geopolitical challenges among different countries in the region).
• Better understanding and proper management of AI tools.
• User education on AI tools and how to use them effectively and securely.
• Retaining the best talents and building a growth-and-development plan for their career.
• Timely and reasonable responses to the fast-evolving regulatory changes in Asia.

Nan Hao Maguire – Head of Technology, Security Resilience & Third Party Governance APAC (abrdn)

-We continue to scan both external and internal environments to determine potential threats and how we could prepare for them effectively, which is key to staying competitive in the market. In our banking industry, cyber ecosystem and information assurance risks will be our key focus.

Our main goal is to keep our clients and business safe from cyber threats, as well as be the best partner for them. This year, we hope to increase automation and agility as well as cultivate our resources on priorities that create business value.

Rathana Men – Head of Cyber Security Division, ABA Bank (National Bank of Canada Group)

-While large language models (LLM) provide new and exciting opportunities for software development, they also create new attack vectors. We are increasingly learning that LLMs are vulnerable to new attacks and exploitations. IBM security researchers demonstrated to have ‘hypnotised’ well-known big language models, getting them to participate in complex games reminiscent of Inception in which the bots were instructed to provide false responses to demonstrate their ‘ethical and fair’ nature.

OWASP (the Open Worldwide Application Security Project) has highlighted top 10 risks for LLM apps and it would be interesting to see how they evolve to mitigate such risks.

Rubaiyyaat Aakbar – Head of IT and Cybersecurity (DocDoc)

-As organisations seek to enhance security and user experience, passwordless authentication methods – such as biometrics, hardware tokens, etc. – will gradually replace traditional passwords. The shift towards passwordless authentication is driven by the need for stronger identity verification, reduced susceptibility to phishing, and improved user convenience. While challenges such as interoperability and privacy concerns persist, advancements in technology and growing industry support are paving the way for widespread adoption. In the near future, passwordless authentication will become a foundational element of secure access strategies across various sectors, offering a more resilient and user-friendly approach to identity verification.

Shakthi Priya Kathirvelu – VP and Head of Information Security and IT (Funding Societies | Modalku Group)

-One of my key goals this year is to take our cybersecurity awareness programme to the next level – The ABC Programme, which focuses on Awareness, Behaviours, and Culture. Cybersecurity culture is the shared values, beliefs, and assumptions that influence how people think and behave when it comes to cybersecurity. A positive culture is non-negotiable and it affects many areas of cyber risk. It must align with the company’s overall goals and values to ensure that cybersecurity complements the company’s processes and expectations.

Stephanie Liew – Chief Information Security Officer of APMEA (British American Tobacco)

-While multinational corporations have the resources to at least make an effort to level the playing field with hackers, small- and medium-sized enterprises (SMEs)and individuals struggle with a lack of resources and expertise – coupled with budget and manpower cuts made at every economic downturn. As the cybersecurity divide shows signs of widening further with the volatile threat landscape, 2024 will be a year of bridging this divide – both for SMEs as well as individuals. I anticipate that this will take shape across the ecosystem of regulators, enterprises, and technology providers in 11 key areas.

Steven Sim – Head Group Cybersecurity (PSA International)

-1.           GenAI is the biggest challenge for CISOs in 2024. Microsoft and Google are rolling out their enterprise AI solutions. Use of GenAI will have a huge impact on personal data privacy and business ethics.

2.           Crypto hacks are coming back. We ought to see the institutional adoption of digital assets this year after the SEC’s approval on Bitcoin ETFs. Hackers are incentivised to compromise digital assets exchanges and DeFi protocols for the massive economic returns.

3.           Geopolitical disputes are disrupting business operations like global supply chains. Cyber wars are everywhere and causing billions in financial losses.

Thomas Kung – Chief Information Security Officer (Rakkar Digital)

-For 2024, my team/organisation would like to:

1.           Optimise incident response times – by fine-tuning our SIEM (security information and event management) and UBA (user behaviour analytics) systems. This strategic enhancement is aimed at swiftly identifying and mitigating threats, thereby safeguarding our infrastructure more effectively.

2.           Enhance data protection and compliance – we are committed to fortifying our data protection measures to not only meet but exceed governance requirements.

3.           Bolster cybersecurity awareness – reinforcing the importance of cybersecurity within our corporation remains a top priority, with an aim to empower every employee with the knowledge and tools needed to contribute to our collective digital defence.

4.           Refine our zero-trust architecture.

Tran Phu Nghia – Chief Information Security Officer (Nova Group)

-My prediction or biggest worry is on AI-powered cyber-attacks, which will be one of the key cybersecurity threats in 2024 as cybercriminals leverage readily available AI and ML technology to automate attacks and bypass traditional security measures.

My organisation is currently reviewing our corporate governance and processes before incorporating AI technologies into our business and IT environment. Concurrently, we are reviewing our IT security strategic roadmap to see how we can integrate advanced AI-driven solutions to enhance our threat detection and response against this new trend.

William Loh – Head of IT Security, Asia (ING Bank)

-The maritime industry is experiencing a revolution in connectivity, fuelled by the deployment of Starlink across the world’s fleets. The once-isolated vessel is now as connected as any enterprise and faces cybersecurity risk with potentially real-world consequences. Adequately addressing this risk will require the industry to enhance cybersecurity on board – implementing the same technologies, processes, policies, and training that have been necessary to protect the enterprise.

A second revolution – the popularisation of ChatGPT and other GenAI platforms – adds additional risk to the ever-evolving advance of cyber threats. Rising to meet these challenges will require a more sophisticated approach to cybersecurity, emphasising security automation and AI for threat detection and response.

Xerxes Philip Kiok Kan – Head of Information Security (CISO) (Anglo-Eastern Ship Management)

-This year, we aim to:

1. Adopt a proactive approach to compliance and regulatory standards including PCI-DSS (Payment Card Industry Data Security Standard), ISO 27001 ISMS (Information Security Management System), and ISO 27701 PIMS (Privacy Information Management System).

2. Improve the cybersecurity culture within the organisation.

3. Improve cybersecurity resilience to ensure business continuity.

4. Collaborate with and contribute to the cybersecurity community.

5. Acquire more personal, professional, and leadership cybersecurity certifications.

6. Modernise the organisation’s cyber and physical security operations.

7. Implement a robust framework for identity and access management by establishing clear policies for user authentication, authorisation, and lifecycle management.

Yaroth Chhay – Senior Vice President & Head of Information Security Division, CISO (ACLEDA Bank Cambodia)

    -My prediction for 2024 is an increase in sophisticated social engineering that uses GenAI, leading to account takeover or credential loss via phishing. It will be able to eliminate typical indicators of phishing such as awkward formatting or grammatical errors, making it even more difficult to detect.

    Yohannes Glen Dwipajana – VP, Head of IT Security (INDODAX Nasional Indonesia)


    Go to Source