With the rise of AI-enabled cyberthreats, large enterprises in Southeast Asia now face a cybersecurity mismatch: rising AI-powered attacks and APTs outpace often understaffed teams. This is especially so in markets with relatively less mature cybersecurity ecosystems, as they contend with limited sectoral talent and resources. Fragmented tools create visibility gaps and alert fatigue. To build resilience, organizations should consolidate platforms, automate responses and embed AI-driven detection, shifting from reactive firefighting to intelligence-led protection at scale.
In the space of a few short years, the cybersecurity environment for enterprises across Southeast Asia (SEA) has evolved dramatically. Hybrid workforces, multi-cloud architectures, AI-driven operations and complex third-party supply chains have expanded the attack surface beyond what traditional security models were designed to protect. Meanwhile, the threat actors targeting these environments have grown more capable, more organised and more persistent. This is telling from Kaspersky’s threat detections – where it detected and blocked more than 18 million malicious attack detections across SEA in 2025, with Singapore alone amassing more than a million attacks. The result is a structural mismatch: the scale and sophistication of threats is outpacing the capacity of many security teams to detect, investigate and respond effectively.
For security leaders, the challenge is managing the intersection of accelerating threats, workforce constraints and fragmented security architectures, all while justifying investment to the board and maintaining operational resilience. Three interconnected challenges define this landscape in SEA today.
Challenge 1: Rising volume and speed of attacks
The pace of modern cyberattacks is straining enterprise security operations. Threat actors are moving faster, from initial compromise to lateral movement to data exfiltration, and the window available to detect and contain an incident is shrinking.
Advanced persistent threats (APTs) remain the most consequential risk for large organisations. These groups, well-funded, disciplined and operating with nation-state backing or organized criminal infrastructure, were detected in 21 percent of customers in 2025 and accounted for 23 percent of all high-severity incidents, according to the Global Report by Kaspersky Security Services. In fact, just last year, Kaspersky detected a new campaign by the ‘Mysterious Elephant’ APT that specifically targeted government entities and foreign affairs organisations in Asia Pacific – a sign of its continued prevalence and threat in the region.
What makes APTs particularly dangerous is their operational discipline. Rather than relying on a single exploit, these actors combine credential theft, living-off-the-land techniques, lateral movement and stealthy persistence to remain undetected for extended periods.
What security teams in SEA should focus on would be to:
- Establish real-time endpoint visibility to detect anomalous behavior and early indicators of compromise
- Correlate telemetry across endpoints, identity, email, and cloud to uncover multi-stage and lateral attacks
- Automate triage and containment to reduce dwell time
- Embed proactive threat hunting to identify stealthy persistence and advanced adversary activity
- Accelerate critical response times with pre-built response scenarios that can be launched in a single click
The goal is to shift security operations from reactive firefighting to sustained, intelligence-driven defense where threats are identified early, contained swiftly and investigated with sufficient context to prevent recurrence.
Challenge 2: Defending against AI-powered threats amid talent shortages
AI enables attackers to automate reconnaissance, generate convincing phishing content at scale and adapt techniques in real time, making campaigns faster to execute and harder to detect. Kaspersky’s research into the RevengeHotels campaign illustrates the trend: threat actors leveraged AI-generated code to enhance malware development and delivery, improving both the effectiveness of phishing lures and the evasiveness of payloads, reflecting a broader shift in how sophisticated adversaries operate.
At the same time, enterprises face a persistent shortage of qualified cybersecurity professionals. The global cybersecurity workforce gap runs into the millions, and 41 percent of information security professionals report that their organizations are somewhat or significantly understaffed. Security operations teams are absorbing growing alert volumes with teams that are not growing at the same rate. Burnout and high turnover compound the problem. The strategic response is not simply to hire more analysts; hiring pipelines cannot keep pace with demand.
Instead, organizations need to embed AI-assisted automation directly into security workflows: automating alert triage, accelerating investigation through contextual summarisation, standardizing response through pre-built playbooks and enabling smaller teams to operate with the effectiveness of larger ones. Consolidating tooling further reduces the cognitive load on analysts who currently switch between multiple dashboards to reconstruct a single incident timeline.
Challenge 3: Tool sprawl is causing drag and weakening visibility
Enterprise security stacks have grown organically over years, with solutions added in response to specific threats or compliance requirements. The result, in many organizations, is a fragmented architecture with dozens of standalone tools across endpoints, networks, cloud environments, identity and data protection, each generating alerts, each requiring management and each operating largely in isolation.
The operational consequences are significant. Security teams spend substantial time integrating tools, reconciling telemetry, and switching between consoles to piece together the scope of an incident. Alert fatigue sets in. Investigation timelines lengthen. Skilled analysts, already scarce, are absorbed by manual correlation tasks rather than focused on proactive risk reduction. Over half of security experts report feeling overwhelmed by managing cybersecurity tools from multiple vendors.
The business consequences are equally problematic. Fragmented stacks create visibility gaps at the endpoint level, still the primary enterprise network entry point for cyberattacks, and make it difficult to demonstrate measurable security ROI to the board. Total cost of ownership extends far beyond license fees: integration complexity, infrastructure requirements and ongoing tuning can multiply initial investments by three to five times.
Addressing tool sprawl requires deliberate consolidation. Organizations should:
- Consolidate overlapping tools into integrated EDR and XDR platforms;
- Centralize telemetry collection and incident management to close visibility gaps;
- Automate correlation and response workflows to reduce manual effort and context switching;
- Implement pre-defined investigation workflows and response playbooks to enforce consistent handling;
- Align tooling decisions to measurable operational outcomes and demonstrable ROI.
The objectives are cost reduction and operational clarity. A unified security operations foundation turns tool reduction into stronger visibility, faster response and sustainable efficiency that scales without requiring proportional increases in headcount or infrastructure.
Building resilience at scale
The challenges of accelerating attack volume in the region, AI-enabled adversary activity and the operational drag of fragmented security architectures do not exist in isolation. Addressing any one of these challenges in isolation is no longer sufficient. Solutions deployed should address these challenges directly, providing continuous AI-driven protection, as well as detection and response across endpoints and beyond, real-time cross-domain correlation, and a unified management platform that reduces tool fragmentation and lowers total cost of ownership.

Simon Tung is the General Manager for Kaspersky in ASEAN (Association of Southeast Asian Nations) and AEC (Asia Emerging Countries). Effective October 2025, he leads the company’s strategic direction and business operations across the region, focusing on empowering organizations and governments to navigate an increasingly complex threat landscape.
His primary focus is on accelerating growth, building key partnerships, and enhancing the delivery of Kaspersky’s innovative solutions to meet the evolving needs of customers and partners in the digital era.
Simon has over three decades of extensive experience in the technology sector, with a proven track record of building and scaling businesses across Asia Pacific. He combines financial discipline with strategic foresight to deliver sustainable results. He has successfully transformed underperforming units, doubled revenues, and launched new business models that accelerated market expansion during his stints in companies like Crayon, Microsoft, and SAP.
He holds a Master’s Degree in Business Administration from University of Adelaide, Australia, is a Chartered Certified Accountant with ACCA (UK), and has an SMU-SID Accredited Diploma in Directorship from Singapore Management of University, Singapore.
TNGlobal INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.
Featured image: Eduardo Pastor on Unsplash
Harnessing AI in cybersecurity: Ways companies can stay ahead of AI-driven threats

