By Kenneth Lai, Area Vice President, ASEAN, Cloudflare
As technology continues to advance at breakneck speed, so are the cyber threats that accompany it. To help organizations understand digital threats and strengthen their cybersecurity posture, Cloudflare recently published the Cloudflare Signals Report, and it paints a clear picture of the escalating cyberthreat landscape. Findings revealed that Cloudflare thwarted over 20.9 million DDoS attacks last year — a 50% increase from the previous year.
From AI-powered attacks to supply chain vulnerabilities and the looming implications of quantum computing, the security risk landscape in 2025 is more volatile and complex than ever. This complexity also means cyber resilience can no longer be the domain of IT departments alone; it is a strategic imperative that spans the entire C-suite.
Modern problems require modern solutions
Remote work and cloud adoption have expanded the attack surface for insider threats, making them harder to detect. From bot-driven credential stuffing to AI-orchestrated DDoS attacks, malicious actors are scaling their operations to automate attacks, evade detection and exploit vulnerabilities faster than organizations can respond. Today, 94% of login attempts using stolen credentials are launched by bots, testing thousands of passwords per second. AI-powered automation is also behind a surge in high-impact, persistent DDoS campaigns, often fuelled by vast botnets and unsecured IoT devices.
Generative AI also affords criminals the ability to create hyper-realistic identities by blending real and fake data to bypass traditional verification systems. AI-generated personal details, deepfakes, and automated credential stuffing make these identities harder to detect.
AI-driven threats require AI-powered defences. As generative AI becomes embedded in workflows, organizations will need to integrate AI-enhanced threat detection, automated defences, and strong credential hygiene to ensure they are facing the enemy head-on. With the integration of AI in the overall security posture, organizations can drive more comprehensive security observability, and leverage AI-powered detection to analyze vast datasets, identify anomalies, and neutralize emerging threats in real time.
Checking for Blind Spots
The threats don’t stop there. There are countless other headwinds that organizations need to navigate in today’s security landscape. For instance, employees are adopting generative AI tools faster than security teams can keep up, creating “Shadow AI” blind spots that bypass traditional governance and compliance. Furthermore, geopolitical tensions are spilling into cyberspace, with organizations underestimating these cyber threats, assuming neutrality while state-sponsored attacks disrupt industries and expose critical supply chain vulnerabilities.
Meanwhile, the uneven adoption of post-quantum cryptography — despite a jump from 3% to 38% in HTTPS traffic secured with quantum-safe encryption in March 2025 compared to a year ago — reveals a troubling lag in enterprise readiness. With quantum computing poised to break traditional encryption, leaders must accelerate the adoption of post-quantum cryptography to protect long-term data and meet evolving regulatory expectations.
Supply chains remain one of the weakest links. With enterprises relying on dozens and even hundreds of third-party scripts, a single compromised vendor can be an open door for attackers. According to the World Economic Forum, 54% of large companies see third-party risk management as their top cyber resilience challenge.
Amid all of these emerging risks, Zero Trust isn’t optional anymore — it’s a necessity to seal these gaps.
Zero Trust
Static passwords and basic multi-factor authentication (MFA) no longer cut it in a world of session hijacking, phishing-resistant threats and MFA bypass techniques. Enterprises must evolve toward full Zero Trust architectures, including passwordless authentication and continuous, risk-based access controls.
The good news is that 96% of organizations have already invested in or are planning to invest in Zero Trust solutions. However, only one-third have fully deployed it, highlighting a crucial execution gap. Organizations will need to evolve their Zero Trust strategy from isolated controls to a single, unified layer spanning their entire enterprise. The focus will shift from secure, remote access management alone to unifying identity, data, and traffic policies across every environment.
Thankfully, many leaders are already moving toward platforms that are resilient by design, are global by default, automate responses, and offer real-time visibility. That’s where the real value is: not just reducing risk, but enabling agility. The organizations that get ahead will be the ones that embed Zero Trust into their digital foundation — making it part of how they build, scale, and innovate securely.
Compliance, continuity, and security
Finally, compliance can no longer be reactive. Regulatory frameworks across Asia Pacific are expanding rapidly to ensure frameworks are in place to prevent and manage cybersecurity threats. In the Philippines, the National Cybersecurity Plan (NCSP), a comprehensive roadmap designed to bolster the country’s digital defences and foster a culture of cybersecurity awareness and responsibility, was launched last year — reflecting stringent global standards to address the unique challenges of the Philippine digital environment.
For example, under new guidelines by the National Privacy Commission, affected data subjects must be notified within 72 hours of a personal data breach or face imprisonment from one year and six months to five years, and a fine of ₱500,000 to ₱1 million.
However, further from just avoiding legal penalties, ensuring a robust security posture has wider implications on protecting trust, reputation, and long-term resilience in an environment where the cost of inaction is rising.
In an era of AI-charged attacks, rising regulatory demands and complex digital interdependencies, cybersecurity can no longer be siloed, reactive, or an afterthought. Security cannot wait and neither can businesses; beyond reacting to threats, organizations must embed resilience into how they operate, innovate, and grow. The future will belong to enterprises that move decisively: adopting AI-enabled defences, securing their supply chains, accelerating post-quantum readiness, and unifying Zero Trust frameworks across their ecosystems. Organizations must act now, because in the AI age, security isn’t optional, it’s foundational.
You must be logged in to post a comment.