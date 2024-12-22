1. Cyber Infrastructure will be centred around a single unified data security platform

In 2025, the organisations will address increased complexity by reducing the number of cybersecurity tools in use, and shifting to a unified platform, offering enhanced visibility and control. The ongoing cyber skills shortage will continue to accelerate this trend. A unified platform will provide end-to-end visibility and context, spanning code repositories, cloud workloads, networks, and SOCs. Ultimately this creates a more holistic security architecture with fewer dashboards. The convergence of all security layers onto a unified platform will optimise resources, improve overall efficiency, and enable organisations to build more resilient, adaptive defences against evolving threats

2.2025 is the year deepfakes go mainstream in APAC

Deepfakes are already being used for nefarious purposes in the APAC region. While some have been used to spread political misinformation, the most effective attacks have targeted corporations for financial gain, as the employee at a Hong Kong engineering firm was duped into wiring millions of dollars to a scammer who had used deepfakes to imitate the CFO and executive team on a video conference.

Savvy criminals will take note and use ever-improving generative AI technology to launch credible deepfake attacks. The use of audio deepfakes will also become more widespread in these attacks, as the available technology allows for highly credible voice cloning. We can expect deepfakes to be used alone or as part of a larger attack much more often in 2025.

3. Beyond the Quantum security hype: what to expect in 2025

Quantum computing projects are spreading across the region, with governments and venture capital firms investing heavily in local initiatives.

While quantum attacks on widely used encryption methods are not yet feasible, nation-state-backed threat actors are expected to intensify their “harvest now, decrypt later” tactics, targeting highly classified data with the intent to unlock it when quantum technology advances. This poses a risk to governments and businesses, with the potential to jeopardise civilian and military communications, undermine critical infrastructure, and overcome security protocols for most internet-based financial transactions. We will likely also see nation-state actors target organisations developing quantum computers themselves, in corporate espionage attacks.

To counteract these threats effectively, all organisations will need to act and adopt quantum-resistant defences, including quantum-resistant tunnelling, comprehensive crypto data libraries, and other technologies with enhanced crypto-agility. The National Institute of Standards and Technology (NIST) recently released final standards for post-quantum cryptography. Transitioning to these algorithms will help secure data against future quantum threats. Organisations that require high security should explore quantum key distribution (QKD) as a means of ensuring secure communications. As quantum computing continues to become more and more of a reality and potential threats loom, it will be essential to adopt these measures to keep pace with the rapidly evolving cyber landscape, prevent data theft, and ensure the integrity of critical systems.

For now, CIOs can debunk any hype around this topic to the board. Though significant progress with quantum annealing has been made, military-grade encryption has still not been broken.

4. Transparency will be the cornerstone for maintaining customer trust in the AI era

Regulators in the APAC region are starting to zone in on the data protection and cybersecurity implications of the growing use of AI models. This is part of an overall bid to build trust in AI use and encourage AI-driven innovation.

In 2025, APAC legislators’ AI focus on ethics, data protection and transparency, will remain, However, increased use of AI models will lead to greater emphasis being placed on AI security and the integrity and reliability of the data being used. Transparency and proactive communication about AI model mechanics—specifically regarding data collection, training datasets, and decision-making processes—will be essential for building customer trust.

5. Increased focus on product integrity and supply chain security in 2025

In 2025, organisations can be expected to focus more on product integrity and supply chain resilience. Specifically, they will conduct much more thorough risk assessments, consider accountability and legal implications of business outages and review insurance arrangements.

In cloud environments, where complexity and scale amplify risks, real-time visibility has become a necessity. Expect to see a greater focus on comprehensive monitoring involving continuous tracking of both infrastructure and application performance metrics.

