As organizations look to improve security and user experience, passwordless authentication methods – such as biometrics, hardware tokens, etc. – will gradually replace traditional passwords. The move toward passwordless authentication is driven by the need for more rigorous identity verification, reduced vulnerability to phishing, and improved usability. Although challenges such as interoperability and privacy concerns persist, technological advancements and growing industry support are paving the way for widespread adoption. In the near future, passwordless authentication will become a fundamental part of secure access strategies across various industries, providing a more resilient and user-friendly approach to identity verification.
Shakthi Priya Kathirvelu – Vice President and Head of Information Security and IT (Finance Companies | Modalku Group)
One of my main goals this year is to take our cybersecurity awareness program to the next level: the ABC program, which focuses on awareness, behaviors and culture. Cybersecurity culture is the shared values, beliefs, and assumptions that influence how people think and behave around cybersecurity. A positive culture is non-negotiable and affects many areas of cyber risk. It should align with overall business goals and values to ensure cybersecurity complements business processes and expectations.
Stephanie Liew – APMEA (British American Tobacco) Information Security Manager
While multinational corporations have the resources to at least make an effort to level the playing field with hackers, small and medium-sized businesses (SMEs) and individuals face a lack of resources and expertise – associated to budget and labor reductions every time. economic downturn. As the cybersecurity gap shows signs of growing ever wider due to the unstable threat landscape, 2024 will be the year of closing the gap – for both SMBs and individuals. I anticipate this will take shape across the ecosystem of regulators, businesses and technology providers in 11 key areas.
Steven Sim – Group Cybersecurity Manager (PSA International)
1. GenAI is the biggest challenge for CISOs in 2024. Microsoft and Google are rolling out their enterprise AI solutions. The use of GenAI will have a huge impact on personal data privacy and business ethics.
2. Crypto hacks are making a comeback. We are expected to see institutional adoption of digital assets this year following the SEC’s approval of Bitcoin ETFs. Hackers are incentivized to compromise digital asset exchanges and DeFi protocols to gain massive economic returns.
3. Geopolitical conflicts disrupt business operations such as global supply chains. Cyberwars are pervasive and result in billions in financial losses.
Thomas Kung – Director of Information Security (Rakkar Digital)
For 2024, my team/organization wants:
1. Optimize incident response times – by refining our SIEM (security information and event management) and UBA (user behavior analytics) systems. This strategic enhancement aims to quickly identify and mitigate threats, thereby more effectively protecting our infrastructure.
2. Improve data protection and compliance – we are committed to strengthening our data protection measures to not only meet, but exceed governance requirements.
3. Increase cybersecurity awareness – reinforcing the importance of cybersecurity within our business remains a top priority, with the goal of equipping every employee with the knowledge and tools necessary to contribute to our collective digital defense.
4. Refine our Zero Trust architecture.
Tran Phu Nghia – Director of Information Security (Nova Group)
My prediction or biggest worry is AI-based cyberattacks, which will be one of the top cybersecurity threats in 2024, as cybercriminals leverage readily available AI and ML technologies to automate attacks and bypass traditional security measures.
My organization is currently reviewing its governance and business processes before integrating AI technologies into our business and IT environment. At the same time, we are reviewing our strategic IT security roadmap to see how we can integrate advanced AI-based solutions to improve our threat detection and response to this new trend.
William Loh – Head of IT Security, Asia (ING Bank)
The maritime industry is experiencing a connectivity revolution, fueled by the deployment of Starlink across global fleets. The once isolated ship is now as connected as any business and faces cybersecurity risks with potentially real-world consequences. To adequately address this risk, the industry will need to strengthen onboard cybersecurity, implementing the same technologies, processes, policies and training that have been necessary to protect the business.
A second revolution – the popularization of ChatGPT and other GenAI platforms – adds further risk to the ever-evolving advancement of cyber threats. Addressing these challenges will require a more sophisticated approach to cybersecurity, emphasizing security automation and AI for threat detection and response.
Xerxes Philip Kiok Kan – Chief Information Security Officer (CISO) (Anglo-Eastern Ship Management)
This year we aim to:
1. Take a proactive approach to compliance and regulatory standards, including PCI-DSS (Payment Card Industry Data Security Standard), ISO 27001 ISMS (Information Security Management System), and ISO 27701 PIMS (Privacy Information Management System).
2. Improve the cybersecurity culture within the organization.
3. Improve cybersecurity resilience to ensure business continuity.
4. Collaborate and contribute to the cybersecurity community.
5. Acquire more personal, professional, and leadership cybersecurity certifications.
6. Modernize the organization’s cybersecurity and physical security operations.
7. Implement a robust framework for identity and access management by establishing clear policies for authentication, authorization and user lifecycle management.
Yaroth Chhay – Senior Vice President and Head of Information Security Division, CISO (ACLEDA Bank Cambodia)
My prediction for 2024 is an increase in sophisticated social engineering using GenAI, leading to account takeovers or loss of credentials via phishing. It will be able to eliminate typical indicators of phishing such as awkward formatting or grammatical errors, making it even harder to detect.
Yohannes Glen Dwipajana – Vice President, Head of IT Security (INDODAX Nasional Indonesia)