Malware is the most common form of cyber-attack in ASEAN across all industries, followed by exploitation of vulnerabilities and intrusion attempts such as phishing, password attack. The most attacked sectors are Manufacturing, Finance and Government (*see table 1, figure 1).

These attacks have already caused serious troubles for many organizations, especially by malware-based attacks like ransomware, which demand payment to restore data or the system. Here are a few examples:

• SingHealth (Singapore-healthcare) was fined for a malware attack of around $11million, and 1.5 million Patient records were breached. (see reference 1)
• NDC (Indonesian government) attackers demanded $8 million ransom, and it took a lot of time to recover with business disruption (see reference 2)
• CDK (Global-automotive) experienced a ransom demand for $50 million; this attack disrupted the system and impacted approximately 15,000 dealerships (see reference 3)

Based on NRI Thailand’s research and expert interviews, we’ve found that while the top three most-targeted sectors—Manufacturing, Finance, and Government—have different priorities and pain points, they tend to focus their cybersecurity efforts on similar core areas:

• Raising cybersecurity awareness and training among employees
• Ensuring compliance with security regulations and legal standards

Below is an overview of each sector’s unique challenges and the common measures they are implementing to improve cybersecurity resilience:

Manufacturing:

Challenges:

1. Reliance on legacy systems
2. High operational risks and costs
3. Outdated infrastructure

Measures in-place:

1. Enhancing OT (Operational Technology) security and migration to a cloud-based system
2. Conducting annual security testing
3. Strengthening IT security (access level, anti-virus, data loss prevention aka DLP)

Recommended Technologies:

1. SASE(Secure Access Service Edge):
   Adopt a cloud-based SASE framework that integrates networking and security to provide secure, seamless access to applications and data—regardless of location. It’s especially effective for monitoring IoT devices and protecting remote access environments.
2. DLP(Data Loss Prevention):
   Use DLP tools to detect and prevent the unauthorized access, use, or transmission of sensitive data—helping safeguard intellectual property and reduce the risk of data breaches.

Finance:

Challenges:

1. Store intellectual property and sensitive financial data
2. Strong demand for advanced cybersecurity and digital privacy systems

Measures in-place:

1. Improving IT security (e.g., threat detection, managed security, monitoring tool)
2. Outsource consultant services and hire security personnel
3. Performing annual security testing for the system and application, along with security audits

Recommended Technologies:

1. SIEM (Security Information and Event Management):
   Deploy a SIEM platform to collect, analyze, and correlate security data across your IT environment—enabling real-time threat detection and response.
2. UEBA (User and Entity Behavior Analytics):
   Leverage AI-powered UEBA tools to monitor user and device behavior, identifying unusual patterns that could indicate insider threats or compromised accounts.
3. SOAR (Security Orchestration, Automation, and Response):
   Implement SOAR tools to automate and coordinate security operations. These systems streamline the handling of suspicious traffic, improving the speed and consistency of threat resolution.

Government:

Challenges:

1. Storing vast amounts of citizen data
2. Budget constraints in cybersecurity investment
3. Dependence on legacy systems and complex governance operations

Measures in-place:

1. Protecting critical infrastructure
2. Improving security standards through consultant services
3. Strengthening network security (e.g., firewall, backups, managed security services)

Recommended Technologies:

1. IAM (Identity and Access Management):
   Use IAM solutions to ensure that the right individuals have access to the right resources at the right time—crucial for managing large volumes of sensitive personal data.
2. DLP (Data Loss Prevention):
   Implement DLP tools to detect and prevent unauthorized access, use, or transfer of sensitive or confidential information, helping protect citizen data and prevent data leaks.

There are also several challenges that are common across industries. These shared issues continue to make it difficult for organizations to build and maintain strong cybersecurity defenses.

Among the most pressing challenges are:

• Shortage of skilled cybersecurity professionals:
  The demand for cybersecurity expertise far exceeds the supply, leading to fierce competition for talent. Many organizations face high turnover and struggle to recruit or retain experienced security professionals.
• Low cybersecurity awareness and poor hygiene practices:
  Despite growing threats, many employees are still not fully aware of how their actions can put systems at risk. As companies adopt new technologies, continuous user education and secure behavior are more important than ever.
• Outdated tools and systems:
  Legacy infrastructure and outdated security frameworks leave organizations vulnerable. Poorly configured tools and aging systems are easier for attackers to exploit, putting data and operations at risk.

While advanced tools and frameworks are essential, one of the most effective defenses remains human awareness. Across ASEAN and beyond, a major weakness in cybersecurity remains insufficient staff training—both in general awareness and technical literacy.
To build true resilience, organizations must regularly assess their digital assets, close knowledge gaps, and foster a culture of vigilance. This includes adopting models like Zero Trust, implementing AI-powered monitoring, and ensuring that all employees—from frontline staff to executives—understand their role in maintaining system security.
With the right tools, consistent training, and a proactive mindset, organizations can significantly reduce their risk and stay ahead of evolving threats.

1. https://www.kas.de/documents/288143/14393910/4.1+Prevention+is+No+Cure.pdf/
2. https://www.centraldatatech.com/blog-news/ransomware-strikes-national-data-center-the-importance-of-disaster-recovery/
3. https://www.techtarget.com/whatis/feature/The-CDK-Global-outage-Explaining-how-it-happened
4. https://global.ptsecurity.com/en/research/analytics/cybersecurity-threatscape-in-southeast-asia/#Navigation-36
5. https://edge.sitecorecloud.io/krollllc17bf0-kroll6fee-proda464-0e9b/media/Kroll/PDFs/Publications/apac-state-of-incident-response-2022.pdf
6. 5 Must-Know AI-Powered Cybersecurity Tools and Services