* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Points of View](https://www2.paloaltonetworks.com/blog/category/points-of-view/)
* 5 Cybersecurity Issues to...

# 5 Cybersecurity Issues to Address in the Asia-Pacific Region

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F03%2Fpolicy-asia-pacific%2F)  
[](https://twitter.com/share?text=5+Cybersecurity+Issues+to+Address+in+the+Asia-Pacific+Region&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F03%2Fpolicy-asia-pacific%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F03%2Fpolicy-asia-pacific%2F&title=5+Cybersecurity+Issues+to+Address+in+the+Asia-Pacific+Region&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2020/03/policy-asia-pacific/&ts=markdown)  
\[\](mailto:?subject=5 Cybersecurity Issues to Address in the Asia-Pacific Region)  
Link copied  
By [Sean Duca](https://www.paloaltonetworks.com/blog/author/sean-duca/?ts=markdown "Posts by Sean Duca")  
Mar 02, 2020  
9 minutes  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)  
[cybersecurity](https://www.paloaltonetworks.com/blog/tag/cybersecurity/?ts=markdown)  
[predictions](https://www.paloaltonetworks.com/blog/tag/predictions-2/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/2020/03/policy-asia-pacific/?lang=ja "Switch to Japanese(日本語)")

As technology develops, the cybersecurity industry faces shifting challenges and opportunities. As a global cybersecurity company, we're always working to identify key areas of focus for different regions. Here are some of the major cybersecurity issues we see on the horizon for the Asia-Pacific region.

#### **Today's 4G problems are setting the scene for 5G.**

While we're still a fair way off widespread adoption, we've already started to see early 5G trial services launched in Australia, Singapore and South Korea. For instance, [Singapore](https://www.todayonline.com/singapore/ultra-fast-5g-networks-be-trialled-new-haidilao-branch-cloud-gaming-arenas-ahead-national) has begun its experiments in cloud gaming, autonomous vehicles, smart estates and the food and beverage industry. Once deployed successfully, 5G networks will hold the potential to unlocking autonomy, impacting the entire economy from sectors such as transportation and supply chain to manufacturing, to a high degree.

Before we even start to consider the rollout of 5G, however, 4G networks today are still vulnerable to a myriad of attack modes, from spam to eavesdropping, malware, IP-spoofing, data and service theft, DDoS attacks and numerous other variants.

#### **Prediction: 4G will remain the priority for the majority of Asia Pacific.**

While 5G will continue to evolve alongside 4G networks, the era of 5G isn't quite upon us yet. In some APAC countries, 4G has only just been rolled out, so it will be some time still before 5G networks hit critical mass. According to forecasts by [GSMA](https://www.gsma.com/r/mobileeconomy/asiapacific/), 4G will still account for 68% of global mobile users by 2025 in this region. Many rural areas could still operate under LTE models, simply due to the longer range of 4G, compared to 5G's mmWave.

If existing security risks are not dealt with and roll over, mobile ISPs could be the first point of failure during a cyberattack, and vulnerabilities, such as unsecured IoT systems, could be amplified exponentially under 5G if not addressed at 4G. New cybersecurity approaches are needed today, including adopting a preventive approach to security, increasing levels of security automation, establishing contextual security outcomes and integrating security functions with APIs. We foresee that 4G will continue to be targeted by hackers as a potential gateway to 5G networks over the next few years.

#### **The talent shortage isn't what you think it is.**

Much has been said about the lack of cybersecurity talent globally and the critical skills gap that persists. The latest research puts the current shortage at 2.14 million in the APAC region, according to the [(ISC)² 2018 Cybersecurity Workforce Study](http://hrmasia.com/asia-pacifics-cybersecurity-workforce-gap-hits-2-14m/), making this region likely to be the worst affected.

#### **Prediction: Curious minds and problem solvers wanted.**

The demand for cybersecurity will continue outstripping the supply until there is a fundamental shift in mindset. Two complementary approaches will be required to address this challenge: the adoption of automation and exploring alternative sources of talent.

Automation is going to be a key element in the future of cybersecurity because human operators should not be required -- and expected -- to do everything. Instead, they need to harness skill sets that cannot be automated and focus on higher-order tasks, such as problem-solving, communication and collaboration. This will necessitate a reexamination of today's security operating centre (SOC) structure, and a corresponding change in the types of professionals needed for these new roles, in order to accurately identify and fill some of these gaps. Companies and recruiters need to stop searching for unicorns (they don't exist!) and start looking in the right wells for talent.

In 2020, we expect to see greater evaluation of EQ rather than IQ to find curious minds with problem-solving skills, be they engineers, analysts or even communications specialists. Investments need to be made to upskill and cross-skill these overlooked sources and groom these capable individuals into the talent we need.

#### **Navigating IoT will become a minefield for everyone.**

Asia Pacific is projected to be the global IoT-spending leader in 2019, accounting for approximately 36.9% of worldwide spending, according to[IDC](https://www.idc.com/getdoc.jsp?containerId=IDC_P29475). Yet even today, security can come as an afterthought in product development. Some connected devices continue to be shipped out with no viable means of receiving software updates and security patches, leading to common vulnerabilities that can be exploited easily. This issue will be further exacerbated by the growing number of potential threats to IoT security, such as DDoS attacks, in 2020.

#### **Prediction: Your wireless doorbell might welcome more than your visitors.**

In 2020, we will see the evolution of IoT security play out in two key spheres: personal and industrial IoT. From connected doorbell cameras to wireless speaker systems, we will see a growth in attack modes coming in via unsecured apps or weak login credentials. This threat is further complicated by the emergence of accessible deepfake technology, which can pose a threat for voice- or biometric-controlled connected devices. The mimicry of what were once the strongest biological identifiers to access and control connected systems will have an impact beyond the homes of individuals and into the enterprise environment.

For enterprises, one sector in which we expect to see significant changes take effect is manufacturing, a key pillar of many Asian economies. Manufacturers are looking to deploy sensors, wearables and automated systems as a way to streamline production, logistics and employee management via data collection and analytics. Organisations will need to ensure that these connected devices can leverage automated features, such as built-in diagnostics, continuous vulnerability scanning and advanced analytics in order to remain on top of threats.

Connected devices will need to be continuously retrofitted and updated in order to remain secure. There also is a growing trend among governments globally - including those in Asia Pacific- to issue guidance or regulations related to IoT device security. Further, efforts also are ongoing in industry standards groups to develop relevant security standards for IoT devices, such as the draft [ISO/IEC 27037 standard](https://www.iso.org/obp/ui/#iso:std:iso-iec:27037:ed-1:v1:en). We also expect prioritisation of public education to accompany the rapid growth and adoption of connected devices.

#### **The data privacy lines get blurrier.**

[The Internet Society's 2018 survey](https://www.internetsociety.org/resources/doc/2018/the-internet-society-survey-on-policy-issues-in-asia-pacific-2018/) on Policy Issues in APAC found over 70% of respondents would like to be given more control over the collection and use of their personal information. However, most people don't think twice about trading personal information for short-term benefits, such as trending apps, mobile gaming or online contests. Such behaviour is echoed by both a [low awareness](https://www.oliverwyman.com/content/dam/oliver-wyman/v2/publications/2017/may/Cyber_Risk_In_Asia-Pacific_The_Case_For_Greater_Transparency.pdf) of cybersecurity hygiene in some emerging markets and a perceived complacency in others, such as [Singapore](https://www.opengovasia.com/cyber-security-agency-of-singapore-reports-high-concern-and-awareness-of-cyber-attacks/).

To help address this growing problem and protect citizen data, regulatory momentum is building around the implementation of more stringent local data privacy laws. Some countries, including [Thailand](https://globalcompliancenews.com/thailand-personal-data-protection-act-20190528/), have passed new laws to govern the protection of data, pressuring businesses to pay closer attention to the data they collect, along with how it's shared and used. While some efforts -- such as Japan's recent updates of its data privacy law -- have been spearheaded by compliance with the European Union's GDPR, it is important for enterprises to note the varying states of maturity and local nuances.

#### **Prediction: More data privacy legislation, and the data sovereignty-security paradox.**

We expect additional data privacy legislation to emerge in the region. Both[Indonesia](https://www.opengovasia.com/indonesia-drafts-personal-data-protection-act/) and[India](https://economictimes.indiatimes.com/tech/internet/changes-likely-in-proposed-data-privacy-rules-only-critical-data-may-need-to-be-housed-in-india/articleshow/70355298.cms) have been working on personal data protection bills for the last few years, although the timing for if and when these become final is unclear. A growing number of proposals in the region also would require housing data in its country of origin; these tend to be driven by privacy and security concerns. The latest draft of Indonesia's Government Regulation No. 71 of 2019 would mandate that public agencies must manage, process and store data within Indonesia (according to unofficial translations). We expect more regulatory proposals that regulate or restrict the movement of data across borders, particularly public sector information. In response, it is likely that companies may look to build more data centres locally to support in-market customers better.

However, it is important to note that establishing localised data centres does not necessarily result in data being more secure. Individual end users or corporations are increasingly connected and vulnerable to global incidents, as cyberthreats do not respect national borders. To manage this effectively, companies will need to regularly evaluate the value of the information they collect and control its access.

We foresee that enterprises will need to pay even closer attention to their data flows in a highly interconnected region like ASEAN. Despite efforts to create a regionally harmonized approach to personal data protection---such as via the voluntary[APEC Cross-Border Privacy Rules](https://www.lawfareblog.com/cross-border-privacy-rules-asia-overview)---there is no true harmonization. To create a framework that best serves the region, close collaboration between the private and public sectors will be needed to evaluate how breaches are identified and defined in the face of continuously emerging threats.

#### **The cloud future has arrived: Don't get lost in turbulence.**

There is a complicated mix of attitudes and degrees of cloud adoption across the region. To add to the complexity, misunderstandings still persist around the benefits of virtual versus physical.

All things said, the forecast for cloud adoption shows clear skies ahead. For CIOs in Asia, the cloud journey will boil down to enterprise maturity and having a clear understanding of what a move to the cloud should mean for their digital transformation strategy. We've also started to see governments in ASEAN take small steps towards this transformation; agencies in Singapore, Thailand and Malaysia have all announced ventures in the public cloud space, while Indonesia is expected to be Asia's next big data centre hub.

#### **Prediction: More confusion on configuration.**

Commissioned by Palo Alto Networks, Ovum's Asia-Pacific Cloud Security Study has found that 80% of large organisations view security and privacy as key challenges to cloud adoption.

Key findings include:

* 70% of large organisations in APAC have misplaced confidence in cloud security, believing security by cloud providers alone is sufficient.
* Large organisations in APAC have many security tools, which creates a fragmented security posture and adds further complexity to managing security in the cloud, especially if the companies are operating in a multi-cloud environment.
* There is a need for automation, given that large organisations do not have enough time and resources to dedicate to cloud security audits and training.

More companies are moving towards a DevSecOps approach, integrating both security processes and tools into the development lifecycle of new products. This will be the way forward for integrating cloud and containers successfully.

*This analysis of cybersecurity issues in the Asia-Pacific region grows from our efforts to ensure each day is safer and more secure than the one before. Read more of our* [*thought leaders' perspectives on cybersecurity and policy*](https://www.paloaltonetworks.com/blog/category/policy/)*.*

*** ** * ** ***

## Related Blogs

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### 9 Cybersecurity Predictions for Europe, the Middle East and Africa in 2020](https://www2.paloaltonetworks.com/blog/2020/01/policy-cybersecurity-predictions-emea/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### SEC Rule Sparks Reimagining of Cybersecurity Operations](https://www2.paloaltonetworks.com/blog/2023/08/sec-rule-cybersecurity-operations/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Cybersecurity Guidelines for New Governors](https://www2.paloaltonetworks.com/blog/2023/02/cybersecurity-guidelines-for-new-governors/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Bipartisan Cybersecurity Legislation --- Continuing the Progress in 2022](https://www2.paloaltonetworks.com/blog/2022/01/bipartisan-cybersecurity-policy/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Australia's Response to the Rise of Ransomware](https://www2.paloaltonetworks.com/blog/2021/10/australias-ransomware-action-plan/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### 5 Cybersecurity Barriers State Organizations Face](https://www2.paloaltonetworks.com/blog/2021/10/cybersecurity-barriers/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language