{"id":241297,"date":"2026-07-08T06:40:00","date_gmt":"2026-07-08T10:40:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/08\/cybersecuritys-hard-truths-for-asia-pacific\/"},"modified":"2026-07-08T06:55:09","modified_gmt":"2026-07-08T10:55:09","slug":"cybersecuritys-hard-truths-for-asia-pacific","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/08\/cybersecuritys-hard-truths-for-asia-pacific\/","title":{"rendered":"Cybersecurity&#8217;s hard truths for Asia-Pacific"},"content":{"rendered":"<p><a href=\"https:\/\/www.frontier-enterprise.com\/cybersecuritys-hard-truths-for-asia-pacific\/\">Cybersecurity&#8217;s hard truths for Asia-Pacific<\/a><\/p>\n<p><a href=\"https:\/\/www.frontier-enterprise.com\/cybersecuritys-hard-truths-for-asia-pacific\/\">https:\/\/www.frontier-enterprise.com\/cybersecuritys-hard-truths-for-asia-pacific\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-08 06:40:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.frontier-enterprise.com\">www.frontier-enterprise.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>\u201cCybersecurity is foundationally, fundamentally, and systemically broken.\u201d<\/p>\n<p>That was how Andrew Rubin, founder and CEO of Illumio, opened a standing-room-only panel featuring an impressive line-up of security leaders at RSAC 2026. While the discussion took place in Silicon Valley, the implications discussed extend far beyond the United States<\/p>\n<p>For organisations across Asia-Pacific, the diagnosis will feel familiar. The region is now among the most targeted in the world. Critical infrastructure, financial services, and government agencies from Singapore to Sydney are contending with breaches that move faster, cost more, and prove harder to contain with every passing year.<\/p>\n<p>The panel, \u201cHard Truths in Cybersecurity: Fear, Liability, and the Industry\u2019s Biggest Lies,\u201d brought together Theresa Payton, former White House CIO; Sherrod DeGrippo, Microsoft\u2019s head of threat intelligence; Tim Brown, CISO of SolarWinds; and David Boda, Chief Security Officer of Nationwide Building Society. Rubin chaired a conversation that pulled few punches.<\/p>\n<p>Across the region, security budgets have grown consistently. Teams are larger, tooling is more sophisticated, and vendor categories have multiplied to address increasingly specific threats. On paper, the industry has been doing its job.<\/p>\n<p>The data tells a different story. Breaches are not slowing. They are spreading further, hitting harder, and exposing assumptions about secure environments that were never tested until it was too late. According to IBM\u2019s 2025 Cost of a Data Breach Report, the average breach now costs ASEAN organisations US$3.67 million, with detection and containment times remaining stubbornly high.<\/p>\n<p>The pace of change is staggering. Just a few months ago at RSAC, systems like Mythos were not part of the conversation. Today, AI capabilities are advancing so quickly that organisations are struggling to keep pace, further raising the stakes for security teams.<\/p>\n<p>What the panel made clear is that the industry has been optimising for the wrong things. Prevention has dominated investment and thinking for years. Containment, the ability to limit what an attacker can reach once they are already inside, has been treated as secondary. That has to change.<\/p>\n<p>The four takeaways below set out why the current model is not working and what a more honest security strategy looks like for APAC organisations in 2026.<\/p>\n<p>1. Activity isn\u2019t the same as progress<\/p>\n<p>The panellists agreed the industry hasn\u2019t struggled from lack of effort. It has been optimising for the wrong outcomes.<\/p>\n<p>Tim Brown said, \u201cMaturity oftentimes is measured in terms of activity instead of reduction of threat surface.\u201d<\/p>\n<p>The distinction matters. Security teams stay busy, implement controls, follow frameworks, and fill dashboards with alerts. To the board, it can look like progress. But breaches happen in the gaps between controls, not in dashboards. There is a real difference between checking a box and actually reducing exposure.<\/p>\n<p>Compliance quietly reinforces the problem. Frameworks bring structure but also false confidence. Organisations meet requirements, pass audits, and still face the incidents those controls were meant to prevent.<\/p>\n<p>If success only means stopping every attack, every breach looks like failure. Shift the definition to include limiting fallout, and the focus moves to reducing how far an attacker can go.<\/p>\n<p>2. Risk isn\u2019t binary, so why do we treat it that way?<\/p>\n<p>Rubin pressed on a deeper problem: The industry still treats outcomes as binary. You are either secure or you are breached.<\/p>\n<p>In most disciplines, risk lives on a spectrum. Rubin used the analogy of a doctor\u2019s diagnosis. A cold gets treated as a cold. A more serious condition demands a more serious response. Cybersecurity has not adopted that mindset, with strategies still built around eliminating all risk, even though that is not achievable.<\/p>\n<p>David Boda approached it from a resilience perspective. \u201cWe\u2019re not always able to secure. We\u2019re building our ability to be resilient in the face of the threats that come.\u201d<\/p>\n<p>Resilience changes how organisations prepare. It means designing systems that absorb disruption without letting it spread, and it aligns directly with containment strategies that keep incidents small rather than allowing them to escalate.<\/p>\n<p>3. Protecting everything is a strategy that doesn\u2019t exist<\/p>\n<p>Theresa Payton brought a perspective shaped by environments where the stakes are immediate. At the White House, protection cannot be applied evenly across every asset.<\/p>\n<p>\u201cIt\u2019s impossible to protect everything,\u201d she said.<\/p>\n<p>That constraint forces clarity. Teams must decide what matters most, whether that is regulatory exposure, customer trust, or proprietary data, and focus accordingly. Without visibility across the environment, that prioritisation becomes guesswork. Payton compared it to \u201cMonty Python\u2019s search for the holy grail,\u201d which drew a laugh but made the point.<\/p>\n<p>When teams do have clarity, they can isolate critical systems, restrict communication paths, and tightly control access. If something goes wrong, the damage stays contained rather than spreading across the environment.<\/p>\n<p>4. AI is handing attackers a serious advantage<\/p>\n<p>Sherrod DeGrippo described where the threat landscape is heading: \u201cI believe we will see the advent very soon of the unicorn threat actor \u2014 an apex-level threat actor that has incredible capability with one human.\u201d<\/p>\n<p>Tasks that once required coordinated teams can now be handled by individuals using AI-driven tools. The barrier to entry keeps dropping while potential impact keeps rising.<\/p>\n<p>Tim Brown tied it back to incentives. \u201cYou still can make plenty of money and not go to jail.\u201d<\/p>\n<p>AI enables long-running, patient campaigns that observe systems over time, adapt, and strike when the moment is right. Detection remains important, but it is no longer enough. The question leaders need to answer is what happens after an attacker gains access, and how far that access can extend.<\/p>\n<p>The industry needs a new definition of success<\/p>\n<p>More tools and more activity have not reduced the overall impact of breaches. AI is adding speed and scale to an already difficult problem, and the current model is not changing outcomes. For organisations across APAC, where attack volumes are rising and regulatory pressure is tightening, the gap between activity and impact is one the region can no longer afford to ignore.<\/p>\n<p>What the panel made clear is that success must include the ability to withstand attacks and keep operating, to limit the spread of an incident, and to protect what matters most. Containment belongs at the centre of modern security strategy, not as an afterthought to prevention.<\/p>\n<p>Cybersecurity changes when organisations stop measuring activity and start measuring impact. In Asia-Pacific, that shift is overdue.<\/p>\n<p>&#8211; Advertisement &#8211;<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity&#8217;s hard truths for Asia-Pacific https:\/\/www.frontier-enterprise.com\/cybersecuritys-hard-truths-for-asia-pacific\/ Publish Date: 2026-07-08 06:40:00 Source Domain: www.frontier-enterprise.com Author: Using&#8230;<\/p>\n","protected":false},"author":1,"featured_media":241298,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/p7q8s5f8.rocketcdn.me\/wp-content\/uploads\/2026\/04\/Andrew-Kay-Director-of-Systems-Engineering-at-Illumio-APJ.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,24,34],"class_list":["post-241297","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-cybersecurity","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241297"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=241297"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241297\/revisions"}],"predecessor-version":[{"id":241299,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241297\/revisions\/241299"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/241298"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=241297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=241297"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=241297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}