As AI adoption accelerates across Southeast Asia, leaders are navigating the complex demands of robust regulation and advanced cybersecurity, while confronting a growing shortage of skilled talent. Enterprise IT News talked with Palo Alto Network experts in the region who highlight how the evolving legislative landscape is directly influencing enterprise security strategies.
Legislation inspired by financial crime controls and ASEAN’s digital maturity
Drawing on decades of regional regulatory and cyber risk experience in the financial services sector, analysts note that financial crime has always been subject to strict reporting requirements – real-time monitoring and mandatory reporting are now informing proposed regulations for AI and cybersecurity across ASEAN. What’s notable, they explain, is how methods developed to fight money laundering are shaping rules for AI governance.
Contrary to common beliefs, specialists point out that Southeast Asia is often ahead of so-called developed economies in terms of digital adoption, with real-time payments and online apps prevalent throughout the region. Regulators are deemed open-minded, but a major gap persists in enabling small and medium enterprises (SMEs) to monitor and report threats in real time, as existing capabilities often favor large enterprises.
Can Zero Trust address AI-powered threats?
AI’s growing influence is a double-edged sword: it empowers both defenders and attackers. Experts describe an “arms race” as generative AI rapidly spreads through businesses—fuelling productivity but also enabling sophisticated fraud and cyberattacks. Shadow AI (unsanctioned tools used by employees) introduces new vulnerabilities.
Zero trust security, they argue, is far more than a technical architecture – it’s a mindset of continuous verification for users, devices, and requests. This mindset resembles airport security: a traveller’s identity is checked multiple times by different parties before boarding. In digital domains, identity and intent need persistent revalidation, regardless of past approvals to ensure security.
For zero trust approaches to work, Palo Alto Networks emphasise ongoing real-time monitoring for unsanctioned AI tools, enforcement of clear internal technology policies, and frequent, scenario-based employee training.
Progress is being made, with international bodies like INTERPOL working to enhance cross-border coordination – a gradual but noteworthy shift given historical silos.
Incidents such as finance staff being deceived by deepfakes in virtual meetings illustrate how behavioural analytics can play a pivotal role in detecting unusual, policy-inconsistent activity. Ultimately, the challenge is human – habits, shortcuts, and misplaced trust can undermine even the most robust technical controls.
Successful zero trust requires unity across process, technology, and organisational culture.
Trust, collaboration, and execution
Regarding regulatory progress, Malaysia’s forthcoming AI legislation is praised for its comprehensive, internationally informed design. However, execution remains the challenge – no single government, industry, or vendor can provide the complete array of skills and safeguards needed. Effective approaches demand collaboration.
At the legislative heart are issues of data sovereignty and cross-border cooperation. Cybercriminals do not heed borders, yet regulations often do, creating enforcement gaps. Progress is being made, with international bodies like INTERPOL working to enhance cross-border coordination – a gradual but noteworthy shift given historical silos.
However, a key bottleneck remains – the shortfall of over 20,000 skilled cybersecurity professionals in the region. Strong regulation and advanced technology alone cannot succeed without enough talent. AI will automate some tasks, but strategic, high-value cybersecurity work will still require skilled humans.
Conclusion
Robust AI regulation, advanced security technology, and ongoing workforce development must progress together. Defenders must be relentless, as attackers only need to succeed once. The platform approach to security – integrating data and tools for a comprehensive view – helps minimise blind spots and reduces risk, as most security incidents stem from system gaps or human error.
The message is clear. In this asymmetrical fight, hackers only need to succeed once; defenders must get it right every time. It’s a challenge that requires vigilance, collaboration, and relentless upskilling to counter AI-powered attacks.
Palo Alto Networks experts opine that the platform approach, where all relevant data is stitched together to offer a complete view and minimise blind spots, is relevant to meet the evolving threats of the AI era.
Also, robust AI regulation, advanced security technology, and continuous human investment must go hand-in-hand.