In March, Taylor Swift (TayTay) took a knee on the Elas Tour, performing sold-out performances in various cities in Australia, before moving to Singapore, where she traveled to Singapore to celebrate friendship, joy, a small earthquake, an economic upturn in the host city, And of course it inspired cyber society. Incident. Like TayTay, I also went on a whirlwind tour in Southeast Asia. My job is to provide roundtables to his CISOs from Hong Kong, Malaysia, Indonesia and Singapore. Unlike TayTay, when I toured 4 countries in 5 days dragging 35 kg of luggage, although my tour lacked the glamor, money, fans, and global recognition of TayTay's tour, I felt that I was alone and For us, it was full of intensity, passion, connection, and learning. Attendees.
Our dynamic conference included respected CISOs and security leaders from some of the largest organizations. Our discussion covers the top cybersecurity threats of 2023, lessons learned from the most notable breaches of 2022, key recommendations for your security programs in 2023 and 2024, and, of course, our predictions for 2024. : We also delved into cybersecurity, risk, and privacy. It is no surprise that each country has different challenges and opportunities. Region-specific factors such as business cultural norms, language, geopolitical issues, regulatory landscape, and cybersecurity maturity can significantly impact cybersecurity threats and practices.
The luxury of physical presence and time has allowed me to learn things that are not intuitive from press coverage or virtual calls. In this blog, I will share the main lessons learned and learnings about the key challenges and opportunities for his CISOs in Southeast Asia.
- Narrative attacks and deepfakes are on the horizon. 2024 has been touted as “Asia's election year,” with elections held in seven of Asia's most populous countries, so narrative attacks are expected to be particularly popular here. Indonesia has seen this. AI-generated deepfake video of late President Suharto A video that replicated his face and voice and attempted to influence political agendas went viral. Speaking of deepfakes, Sumsub reports that deepfakes have spiked by 1,530% in the Asia-Pacific region. We talked about Hong Kong Finance, where an employee took part in a video call using deepfake technology to imitate his colleagues and was part of a scheme to facilitate the transfer of $25 million. We also discussed concerns about the use of deepfakes in biometric authentication, and security leaders brought to my attention confirmed banking victims in Vietnam and Thailand.
- The human element and AI software supply chain threats are no surprise. GenAI's ability to break down language barriers means that non-English speaking countries will no longer be able to avoid human-related attacks such as BEC and other forms of social engineering (for example, in Japan, BEC 35% increase) (attempts). The security leaders we spoke to agreed that they expect a significant increase in human-related attacks. Another pressing threat related to AI and software supply chains. Forrester predicted that at least three data breaches in 2024 will be publicly blamed on his AI-generated code.
- A chaotic and evolving regulatory environment consumes CISO resources. APAC regulators can no longer ignore these violations. From 2022 to 2023, Australian regulators will announce changes to the Privacy Act and Telecommunications Act, and Australia will also update the federal government's mandatory eight threat mitigation strategies to focus on industries such as critical infrastructure security. We have strengthened the regulations that we have put in place.
India's Parliament has passed the much-awaited Digital Personal Data Protection (DPDP) Bill. Singapore has amended its Personal Data Protection Act. Personal information protection laws have also been strengthened in Japan. And Indonesia passed its first-ever Personal Data Protection (PDP) law. Not only is this causing havoc for her CISOs in these regions, the CISO told us, it's a “significant regulatory burden.” These compliance activities consume valuable resources, time, and energy. Everything a CISO wants can be repurposed into more strategic initiatives.
- CISOs in Southeast Asia are moving to protect themselves and their teams. All of the above moves are compounded by low budgets, still-new levels of organizational influence, a widening cybersecurity talent gap (up 11.8% in Asia Pacific this year), and many CISOs in the region still leaving the technology sector. A discussion of how CISOs protect themselves and their teams, combined with reporting directly to them.
Cybersecurity burnout has begun to rear its ugly head, particularly in discussions in Singapore and Hong Kong, although the issue was only discussed in hushed tones on previous visits. Leaders discussed the feasibility of hiring their own legal counsel to negotiate compensation and insurance, and to consult in making decisions as senior security leaders. We also discussed retaining and upskilling existing talent.
- Like everyone else, SEA's CISOs are committed to GenAI goals. Security leaders discussed how they have helped organizations securely deploy GenAI, their desire to protect their organizations from being relegated to no-department, and some are concerned about their companies being too conservative with GenAI. Some spoke about warning against this and advising their companies on: Many business benefits and productivity benefits of GenAI. They all need to engage their organizations on appropriate behavior when using GenAI (e.g., what can and cannot be shared with GenAI), especially when employees embrace the technology and create a GenAI shadow situation. , wanted to know how to make an impact.
- While Zero Trust becomes a regional reality, adoption continues to vary widely. Forrester predicted that by 2024, roles with the ZT title will double across the public and private sectors in some countries and emerge in others. This was not a common prediction that participants were prepared for, at least in the short term. While our research shows that ZT is finally moving from concept to reality in the Asia-Pacific region, there was still widespread sentiment and skepticism within the deep debate.
Let's connect
Are you a Forrester Security and Risk client in the Asia-Pacific region or a multinational global organization with questions about the key trends facing the region and how to best improve your security capabilities to anticipate these trends? Please contact me through inquiries or guidance. session.
