Blog

Asean Cybersecurity Trends Jason Steer Interview

April 19, 2025

0 6 6 minutes read

Asean Cybersecurity Trends Jason Steer Interview

ASEAN Cybersecurity Trends: Insights from Jason Steer

Jason Steer, a prominent figure in cybersecurity with extensive experience advising governments and businesses across Asia, offers critical insights into the evolving cybersecurity landscape within the Association of Southeast Asian Nations (ASEAN). His observations highlight a region grappling with rapid digital transformation, increasing threat sophistication, and a growing recognition of the need for robust cyber defenses. The ASEAN region, characterized by its diverse economies and burgeoning digital infrastructure, presents a unique set of challenges and opportunities for cybersecurity stakeholders.

One of the most significant trends identified by Steer is the escalating ransomware threat. This is not merely an opportunistic attack vector but a strategic weapon employed by sophisticated criminal organizations. These groups are increasingly targeting critical infrastructure sectors, including healthcare, finance, and energy, aiming to disrupt services and extort substantial ransoms. The interconnected nature of ASEAN economies means that an attack on one nation can have ripple effects across the entire bloc. Steer emphasizes that the financial stakes are high, with businesses losing significant revenue due to downtime and remediation costs, alongside reputational damage. The effectiveness of ransomware is amplified by outdated security systems and a lack of comprehensive incident response plans in many organizations.

Furthermore, Steer points to the rise of nation-state sponsored cyber-attacks as another dominant trend. These attacks are often characterized by their subtlety, persistence, and sophisticated tools, designed to achieve geopolitical objectives, conduct espionage, or sow disinformation. The competition for technological dominance and influence in the region fuels this trend. Governments and critical infrastructure operators must be particularly vigilant, understanding that these threats are not just about financial gain but about strategic advantage. The attribution of such attacks can be challenging, further complicating the response and requiring a high degree of international cooperation.

Supply chain attacks are also a growing concern, as highlighted by Steer. Malicious actors are increasingly targeting less secure third-party vendors that provide services or software to larger organizations. By compromising a single link in the supply chain, attackers can gain access to a multitude of downstream targets. This trend is particularly relevant in ASEAN, where many businesses rely on interconnected networks of suppliers and service providers. The complexity of these supply chains, coupled with varying security standards among vendors, creates a fertile ground for such breaches. Steer advocates for a more rigorous vetting process for third-party vendors and the implementation of strong contractual security clauses to mitigate this risk.

The increasing adoption of cloud computing across ASEAN presents both opportunities and challenges for cybersecurity. While cloud services offer scalability and flexibility, they also introduce new attack surfaces and require a different approach to security management. Steer notes that many organizations are still navigating the complexities of cloud security, leading to misconfigurations and vulnerabilities that attackers can exploit. The shared responsibility model of cloud security, where both the cloud provider and the customer have security obligations, is often not fully understood or implemented. This can lead to gaps in protection, leaving sensitive data exposed.

The Internet of Things (IoT) is another area of rapid growth in ASEAN, bringing with it a significant increase in the attack surface. Billions of connected devices, from smart home appliances to industrial sensors, are being deployed. Many of these devices are designed with minimal security in mind, making them vulnerable to exploitation for botnets, data theft, or as entry points into more secure networks. Steer underscores the urgency of addressing IoT security, as the proliferation of insecure devices creates a widespread and persistent threat. The lack of standardized security protocols and the difficulty in patching or updating a vast number of diverse IoT devices compound this problem.

The shortage of skilled cybersecurity professionals remains a critical challenge across the ASEAN region, as observed by Steer. The demand for cybersecurity talent far outstrips the supply, creating a significant skills gap. This shortage affects the ability of organizations to implement and manage effective security programs, respond to incidents, and develop proactive defenses. Educational institutions and training programs are struggling to keep pace with the evolving needs of the industry, and retention of skilled professionals is also a major issue. Steer emphasizes the need for increased investment in cybersecurity education, upskilling initiatives, and government-led programs to nurture a stronger talent pipeline.

Regulatory and policy frameworks are evolving within ASEAN, but the pace and consistency can vary across member states, according to Steer. While some nations have made significant strides in enacting comprehensive cybersecurity legislation, others are still in the nascent stages of development. This fragmentation can create inconsistencies in compliance requirements and hinder cross-border cooperation in addressing cyber threats. Steer advocates for greater harmonization of cybersecurity regulations and policies across ASEAN to facilitate a more unified and effective regional response. The establishment of clear legal frameworks for incident reporting, data breach notification, and cybercrime prosecution is crucial.

Public-private partnerships are increasingly recognized as essential for bolstering ASEAN’s cybersecurity posture. Steer highlights that effective cybersecurity requires collaboration between governments, law enforcement agencies, and the private sector. Information sharing on threats, vulnerabilities, and best practices is vital to building collective resilience. Many organizations are hesitant to share information for fear of reputational damage or legal repercussions, making the development of trust and clear communication channels paramount. Steer champions initiatives that foster these partnerships, enabling a more proactive and coordinated defense against cyber threats.

The increasing sophistication of phishing and social engineering attacks continues to be a major concern, as pointed out by Steer. These attacks prey on human psychology, exploiting trust and deception to gain unauthorized access to systems and data. With the widespread use of email and messaging platforms, phishing attempts are becoming more personalized and convincing. The reliance on human error as a vector makes it a persistent and difficult threat to eradicate. Steer stresses the importance of continuous cybersecurity awareness training for employees, equipping them with the skills to identify and report such threats.

The financial services sector in ASEAN, being a prime target for cybercriminals, is under immense pressure to enhance its defenses. Steer observes that institutions are investing heavily in advanced security technologies and implementing stringent compliance measures. However, the constant evolution of attack vectors means that vigilance and adaptation are paramount. The interconnectedness of financial systems across the region amplifies the risk, necessitating robust inter-institutional collaboration and information sharing to combat sophisticated financial fraud and data breaches.

The emergence of AI-powered cyber threats presents a new frontier of challenges, as noted by Steer. Artificial intelligence can be leveraged by attackers to automate the discovery of vulnerabilities, craft more convincing phishing emails, and develop more evasive malware. Conversely, AI is also being used to develop more sophisticated defense mechanisms. The arms race in AI-driven cybersecurity is intensifying, and ASEAN nations need to invest in research and development to stay ahead of emerging threats. Understanding and anticipating the use of AI by adversaries is a critical component of future cybersecurity strategies.

Geopolitical tensions and cyber warfare are also a growing consideration for cybersecurity in ASEAN, according to Steer. The region is a nexus of competing global powers, and cyber capabilities are increasingly being used as tools of statecraft. Governments must be prepared for state-sponsored attacks aimed at disrupting critical infrastructure, influencing public opinion, or conducting intelligence gathering. This necessitates a strong national cyber defense capability and robust international diplomatic efforts to deter such aggression.

The digital nomad phenomenon and remote work trends, accelerated by recent global events, introduce new security challenges, as observed by Steer. Employees accessing corporate networks from diverse and potentially unsecured locations and devices create a wider attack surface. Steer emphasizes the need for organizations to implement strong remote access security protocols, including multi-factor authentication, virtual private networks (VPNs), and endpoint security solutions. Educating remote workers on best security practices is also crucial.

The regulatory landscape surrounding data privacy is also a significant trend impacting cybersecurity in ASEAN. With increasing concerns about data protection, countries are enacting or strengthening data privacy laws. Compliance with these regulations, such as Singapore’s Personal Data Protection Act (PDPA) and similar legislation in other ASEAN nations, requires robust data security measures to prevent breaches and unauthorized access. Steer highlights that a breach of data privacy regulations can result in substantial fines and reputational damage, making data security a top priority.

The development of national cybersecurity strategies and incident response capabilities is an ongoing and vital trend across ASEAN, as observed by Steer. Many governments are investing in establishing national Computer Emergency Response Teams (CERTs) or Computer Security Incident Response Teams (CSIRTs) to coordinate responses to cyber incidents. These teams play a crucial role in threat intelligence sharing, incident analysis, and providing technical assistance to organizations. Steer underscores the importance of continuous refinement and resourcing of these national capabilities to effectively manage the growing threat landscape.

In conclusion, Jason Steer’s insights paint a picture of a dynamic and evolving cybersecurity environment in ASEAN. The region faces a multifaceted threat landscape, from ransomware and nation-state attacks to the security challenges posed by rapid digital transformation, IoT proliferation, and the growing use of AI. Addressing these trends requires a concerted effort involving enhanced technical defenses, robust regulatory frameworks, a skilled workforce, and strong public-private partnerships, all underpinned by a commitment to continuous adaptation and collaboration.