As organisations seek to enhance security and user experience, passwordless authentication methods – such as biometrics, hardware tokens, etc. – will gradually replace traditional passwords. The shift towards passwordless authentication is driven by the need for stronger identity verification, reduced susceptibility to phishing, and improved user convenience. While challenges such as interoperability and privacy concerns persist, advancements in technology and growing industry support are paving the way for widespread adoption. In the near future, passwordless authentication will become a foundational element of secure access strategies across various sectors, offering a more resilient and user-friendly approach to identity verification.
Shakthi Priya Kathirvelu – VP and Head of Information Security and IT (Funding Societies | Modalku Group)
One of my key goals this year is to take our cybersecurity awareness programme to the next level – The ABC Programme, which focuses on Awareness, Behaviours, and Culture. Cybersecurity culture is the shared values, beliefs, and assumptions that influence how people think and behave when it comes to cybersecurity. A positive culture is non-negotiable and it affects many areas of cyber risk. It must align with the company’s overall goals and values to ensure that cybersecurity complements the company’s processes and expectations.
Stephanie Liew – Chief Information Security Officer of APMEA (British American Tobacco)
While multinational corporations have the resources to at least make an effort to level the playing field with hackers, small- and medium-sized enterprises (SMEs)and individuals struggle with a lack of resources and expertise – coupled with budget and manpower cuts made at every economic downturn. As the cybersecurity divide shows signs of widening further with the volatile threat landscape, 2024 will be a year of bridging this divide – both for SMEs as well as individuals. I anticipate that this will take shape across the ecosystem of regulators, enterprises, and technology providers in 11 key areas.
Steven Sim – Head Group Cybersecurity (PSA International)
1. GenAI is the biggest challenge for CISOs in 2024. Microsoft and Google are rolling out their enterprise AI solutions. Use of GenAI will have a huge impact on personal data privacy and business ethics.
2. Crypto hacks are coming back. We ought to see the institutional adoption of digital assets this year after the SEC’s approval on Bitcoin ETFs. Hackers are incentivised to compromise digital assets exchanges and DeFi protocols for the massive economic returns.
3. Geopolitical disputes are disrupting business operations like global supply chains. Cyber wars are everywhere and causing billions in financial losses.
Thomas Kung – Chief Information Security Officer (Rakkar Digital)
For 2024, my team/organisation would like to:
1. Optimise incident response times – by fine-tuning our SIEM (security information and event management) and UBA (user behaviour analytics) systems. This strategic enhancement is aimed at swiftly identifying and mitigating threats, thereby safeguarding our infrastructure more effectively.
2. Enhance data protection and compliance – we are committed to fortifying our data protection measures to not only meet but exceed governance requirements.
3. Bolster cybersecurity awareness – reinforcing the importance of cybersecurity within our corporation remains a top priority, with an aim to empower every employee with the knowledge and tools needed to contribute to our collective digital defence.
4. Refine our zero-trust architecture.
Tran Phu Nghia – Chief Information Security Officer (Nova Group)
My prediction or biggest worry is on AI-powered cyber-attacks, which will be one of the key cybersecurity threats in 2024 as cybercriminals leverage readily available AI and ML technology to automate attacks and bypass traditional security measures.
My organisation is currently reviewing our corporate governance and processes before incorporating AI technologies into our business and IT environment. Concurrently, we are reviewing our IT security strategic roadmap to see how we can integrate advanced AI-driven solutions to enhance our threat detection and response against this new trend.
William Loh – Head of IT Security, Asia (ING Bank)
The maritime industry is experiencing a revolution in connectivity, fuelled by the deployment of Starlink across the world’s fleets. The once-isolated vessel is now as connected as any enterprise and faces cybersecurity risk with potentially real-world consequences. Adequately addressing this risk will require the industry to enhance cybersecurity on board – implementing the same technologies, processes, policies, and training that have been necessary to protect the enterprise.
A second revolution – the popularisation of ChatGPT and other GenAI platforms – adds additional risk to the ever-evolving advance of cyber threats. Rising to meet these challenges will require a more sophisticated approach to cybersecurity, emphasising security automation and AI for threat detection and response.
Xerxes Philip Kiok Kan – Head of Information Security (CISO) (Anglo-Eastern Ship Management)
This year, we aim to:
1. Adopt a proactive approach to compliance and regulatory standards including PCI-DSS (Payment Card Industry Data Security Standard), ISO 27001 ISMS (Information Security Management System), and ISO 27701 PIMS (Privacy Information Management System).
2. Improve the cybersecurity culture within the organisation.
3. Improve cybersecurity resilience to ensure business continuity.
4. Collaborate with and contribute to the cybersecurity community.
5. Acquire more personal, professional, and leadership cybersecurity certifications.
6. Modernise the organisation’s cyber and physical security operations.
7. Implement a robust framework for identity and access management by establishing clear policies for user authentication, authorisation, and lifecycle management.
Yaroth Chhay – Senior Vice President & Head of Information Security Division, CISO (ACLEDA Bank Cambodia)
My prediction for 2024 is an increase in sophisticated social engineering that uses GenAI, leading to account takeover or credential loss via phishing. It will be able to eliminate typical indicators of phishing such as awkward formatting or grammatical errors, making it even more difficult to detect.
Yohannes Glen Dwipajana – VP, Head of IT Security (INDODAX Nasional Indonesia)