In today’s rapidly changing world, the advent of digitalisation has ushered in a rise in cyber threats, leaving most organisations unprepared, particularly for emerging markets in the region. This lack of cybersecurity preparedness drives organisations to address these risks, resulting in various initiatives being implemented to counter it.
However, these efforts are hampered by varying levels of cyber maturity, with each country having to deal with its own internal issues. With both public and private organisations grappling with these challenges, one question remains: Where do challenges and opportunities lie in the region’s cyber landscape?
In this exclusive interview, UpTech Media engaged in a conversation with Kunal Jha, regional director for Asia at Netskope, to discuss the current cybersecurity challenges facing the emerging markets in the ASEAN region.
Specifically, he delved into topics such as balancing innovation with risk management, driving cybersecurity growth, and strategies towards creating a safer and more secure cyber landscape.
Balancing innovation with risk management
Kunal notes that the adoption of artificial intelligence has already progressed to the core of the cybersecurity landscape at present.
He specifically cited that for years now, AI/ML engineers have already been training algorithms to optimise and automate essential operations, noting its key role in the scene.
“AI plays a pivotal role in network monitoring, data loss protection, zero-trust network access, cloud access security, and threat detection, handling the bulk of these tasks,” he said.
“The priority right now is to increase AI’s defensive capabilities beyond just monitoring and detection and train algorithms to mitigate cyber attacks without the need for human intervention,” Kunal further explained.
He also pointed out that with the emergence of large language models comes the introduction of advanced AI applications in the field, enhancing organisational cyber-resilience.
According to him, this move begins with GenAI bots capable of serving as cybersecurity copilots, trainable for specific tasks, and interactable in natural language.
“We are hoping that AI assistants can support security teams that may be unsure how to remediate certain situations. The general idea is to continue to increase AI’s contribution to cybersecurity and, in the process, help lessen the workload on overworked cybersecurity professionals and address labour shortage and burnout issues in the industry,” he said.
Talking about artificial intelligence as a risk in the industry, on the other hand, Kunal also admitted how AI is currently being used by threat actors to their advantage, noting a lesser extent than security teams due to lack of the same skill sets and access.
“I think it’s important that organisations also realise that AI environments are a prime target for cybercriminals. They see a great opportunity in targeting organisations that are racing to be the first in their industries to integrate fancy AI or Gen AI features into their products or solutions without necessarily having high security standards in mind,” he added.
He also emphasised that this particular effort is quickly changing due to Gen AI significantly reducing the barrier to AI adoption. The said advancement, for him, emerges across various emerging levers for threat actors to disrupt AI democratisation.
“Generative AI is really lowering the barrier to AI adoption and establishing a more level playing field, helping threat actors design more efficient malware and attacks or more realistic social engineering campaigns that are increasingly reinforced with AI-generated audio or video deep fakes,” stated Kunal.
Fostering cybersecurity growth amidst an evolving tech landscape
In terms of the current advancements contributing to the region’s cybersecurity growth, Kunal reiterated artificial intelligence as a key tech trend driver, stating its influence in the consolidation of security and networking.
Particularly, he said that as organisations search for modern network solutions that are able to cope with hybrid, remote, and/or mobile teams, they are also keeping an eye on making these networks extra secure in the process.
“This is because data breaches the world over are showing that one of the key weaknesses threat actors are taking advantage of is ageing on-premise security and networking solutions such as VPNs and web-proxies, and we are seeing a migration from these legacy solutions to new and emerging models.”
Kunal also expounded on this argument by citing Secure Access Service Edge (SASE), a cloud-based network architecture with AI as a core engine. According to him, this term coined by Gartner in 2019 includes key security components such as firewall-as-a-service, cloud security, data protection, or zero trust.
At the same time, he also mentioned that it is also an SD-WAN network component designed to dynamically distribute capacity where and when employees need it.
“As organisations in the region look to get rid of their legacy networking or security infrastructure, I believe they should consider convergence opportunities that could help them drastically simplify their technology stack and make it easier to manage.”
Emerging markets towards enhancing cyber resilience
When asked about his perspective on the basic strategies that countries must look at to improve their cyber resilience, Kunal stressed the need to conduct joint efforts from both public and private organisations as well as its citizens towards the same goal.
“Where governments play a key role is in establishing the right regulatory and legislative landscapes that will legally protect their citizens from cyber scams and attacks and incentivise organisations to be proactive about elevating their cybersecurity standards, not only to protect their own systems and employees, but also their users, customers, and other external stakeholders.”
These efforts, according to Kunal, are crucial for striking a balance between advocacy and enforcement, one that he thinks should be tailored based on a list of parameters, such as the nature and risk profile of organisations and industries, their financial resources, or the gravity of the threat landscape.
“Depending on a country’s resources, governments can also build the institutions that will help make cybersecurity a more collaborative effort, through cybersecurity centres designed for cross-industry cooperation and exchange of information and best practices, for example,” continued Kunal.
“There’s also a case for regular education for citizens about the risks associated with internet use, including from a younger age, and warning the population about emerging and major cyber scams targeting individuals,” he added.
Lastly, he also suggested the significance of establishing and consistently enhancing cyber defence capabilities through specialised task forces. In particular, he notes, “Finally, building and continuously improving cyber defence through dedicated task forces trained to mitigate major threats or state-sponsored attacks is usually a must-have.”
Kunal concluded his points by stating two main factors influencing the tech landscape: first, cloud adoption then, second, AI democratisation.
He further stated, “We have already touched on how both those are contributing to improving cybersecurity across the board. But there needs to be awareness that all technologies are both allies and threats, and that for all the benefits cloud computing and AI bring to organisations, they also come with a set of risks that need to be mitigated.”
