Opinion

By Eric Kong

AS DIGITAL TRANSFORMAtion accelerates across the Asia-Pacific (APAC) region, the cybersecurity landscape evolves at an unprecedented pace. Organizations in APAC and beyond face a complex web of internal and external threats, challenging traditional security models. A recent SailPoint survey of over 100 chief information security officers (CISOs) and vice-presidents of information security reveals a definitive shift in focus: identity security is emerging as the cornerstone of a cybersecurity strategy, particularly in combating the rising tide of sophisticated attacks driven by artificial intelligence (AI).

In Asia-Pacific, where digital ecosystems are rapidly expanding, the hyper-connected nature of today’s business environment demands a fundamental rethinking of security architecture. Some 78% of enterprises rank identity security as extremely or very central to their cybersecurity priorities. This shift reflects a profound understanding that identity — encompassing both human and digital entities — is the new security control plane.

THE IMPORTANCE OF IDENTITY SECURITY
Identity security is critical today due to the growing sophistication and prevalence of identity-based attacks, including credential theft, phishing, and increasingly AI-driven exploits. External threats consistently rank highest on the risk radar of surveyed CISOs, surpassing concerns like insider threats and compliance issues. The rise of AI-powered cyberattacks introduces unprecedented challenges, as attackers leverage AI to craft real-time, targeted phishing campaigns that evade traditional detection methods.

Some 60% of organizations are very concerned about the evolving nature of AI-driven cyberthreats, highlighting the urgency for adaptive defense mechanisms. The stakes are particularly high in the Philippines and the wider Asia-Pacific region, where financial services and technology sectors represent lucrative targets for threat actors.

AI: BOTH A CHALLENGE AND A SOLUTION
As threat actors harness AI to enhance the precision and scale of their attacks, security teams must leverage AI to stay ahead. The survey identifies role mining and anomaly detection powered by AI as game-changing capabilities that enhance identity governance. Role mining, set to be implemented by 62% of organizations surveyed, uses AI to continuously analyze access permissions and optimize role structures, uncovering hidden risks and reducing unnecessary permissions that could be exploited in a breach.

Moreover, AI-driven outlier detection is transforming threat mitigation by surfacing unusual access patterns that would otherwise go unnoticed. Organizations that deploy these advanced AI tools report significantly higher confidence in their ability to contain risks from compromised accounts. By integrating AI into identity security, enterprises move from reactive defense toward a proactive, intelligent posture capable of anticipating and neutralizing threats before they escalate.

OPERATIONALIZING ZERO TRUST THROUGH IDENTITY
The survey highlights that standard identity-centric controls — role-based access control (RBAC), self-service access requests, and automated provisioning — are now ubiquitous, with 90% of respondents reporting active deployment. These foundational controls operationalize zero trust principles by enforcing least privilege access and automating lifecycle management to minimize human error and reduce the attack surface.

Yet, the evolving threat landscape demands continuous refinement. Static access models must give way to dynamic, AI-powered frameworks that align with business realities and adapt in near real-time. This evolution moves identity security from a static gatekeeper to an intelligent, adaptive security layer that continuously verifies and assesses risk.

CHALLENGES AND THE ROAD AHEAD
While significant progress has been made, the path forward is not without challenges. AI-powered attacks are becoming increasingly sophisticated, raising the risk of account takeovers that can bypass traditional defenses. Additionally, managing identities such as employees, third party vendors and machines across hybrid environments and cloud services adds complexity to security operations.

Future investments will have to prioritize AI and machine learning capabilities within identity governance, focusing on risk-based access recommendations, automated policy adjustments, and proactive enforcement mechanisms. Security leaders must recognize these advancements as essential to maintaining resilience in a rapidly evolving threat landscape, and partner closely with IT, risk management, compliance, and business units to cultivate a culture where identity security becomes embedded as a core component of enterprise risk management.

For the Philippines and the broader APAC region, identity security has shifted from a secondary concern to the forefront of cybersecurity defense. As AI-powered threats grow in sophistication within an increasingly borderless digital landscape, AI-driven identity security architectures are essential for resilience. These dynamic solutions are vital for containing breach impacts, protecting critical assets, and confidently navigating the evolving cyber frontier. By adopting adaptive, continuous validation approaches, identity security remains central to safeguarding digital environments against emerging threats.

 

Eric Kong is the Managing Director for ASEAN, SailPoint

RELATED ARTICLESMORE FROM AUTHOR