Identity has emerged as the primary cybersecurity battleground in the Asia-Pacific (APAC) region. As attackers shift away from system-centric exploits toward directly targeting people. According to new industry research, URL-based threats now occur four times as often as attachment-based attacks. Once an attacker compromises an identity, they can bypass controls, move laterally across networks, and monetize access quickly.
Security analysts warn that threat actors are exploiting psychological triggers such as urgency, authority, and financial incentives to manipulate victims across email, SMS, and collaboration platforms. The expanding attack surface now includes not only usernames and passwords but also cloud tokens, API keys, OAuth credentials, certificates, and embedded secrets. A report from the Identity Defined Security Alliance found that 90% of organizations experienced an identity-related incident in the last year.
Proofpoint’s State of the Phish 2025 further highlights the human factor, identifying credential phishing and business email compromise as dominant attack vectors. More than 10% of endpoints show exposed privileged passwords, making identity misuse one of the most common—and dangerous—risks.
As organizations introduce AI agents into workflows, new vulnerabilities are emerging. AI assistants can be manipulated through prompt engineering or by poisoning their inputs. Once compromised, can execute harmful actions at machine speed. Security leaders now argue that identity protections must extend beyond humans to include the AI systems acting on their behalf.
Experts emphasize that “human resilience” remains a decisive defensive layer, requiring stronger awareness training, phishing-resistant MFA, and rapid reporting mechanisms. A multi-layered strategy integrating identity controls, threat intelligence, secure device practices, and robust PII protection is necessary as attackers traverse multiple channels to abuse trust.
The message for APAC organizations is clear. Identity is the new perimeter, and strengthening it is now central to security, compliance, and digital trust.
Source:
https://www.itnews.asia/news/identity-is-now-the-new-cybersecurity-battlefield-622384
