Daily NewsGovernance & ComplianceThreat Detection & Defense

Ensign Warns: Indirect Attacks Just as Worrisome as Sophisticated, AI-Assisted Threats Emerging Fast

Because Organisations Can No Longer Rely Solely on Perimeter Defences or Traditional Assumptions About Attackers

There is a trade-off to a rapidly booming digital economy: the threat of a cyberattack grows exponentially. Worse, according to Ensign InfoSecurity Malaysia Senior Director Jeremy Moke, attacks are becoming increasingly discreet, to the point that organisations are sometimes lulled into a false sense of security.

“Large organisations may feel secure against traditional categories of ‘state actors’ or ‘cybercrime’, yet are blindsided by persistent, indirect attacks that occur within the cyber supply chain,” said Moke, who also warned of attacks that expose sensitive data without triggering alarms.

That is because threat actors are taking their time, moving slowly but deliberately to avoid detection and remain within systems for as long as possible to ensure long-term access and successful data exfiltration.

Ensign Finds Alarming Trend Across Asia Pacific

Alarmingly, this is exactly what is happening across Asia Pacific. According to Ensign’s latest Cyber Threat Landscape Report, maximum dwell time has increased from 49 days to more than 200 days year-on-year. That prolonged period allows attackers to go undetected while quietly setting up access and extracting data.

“These timeframes give threat actors enough room to steal data, move laterally, and entrench themselves before containment even begins,” Moke explained.

Complicating matters further is third-party access, which Moke described as a major weak point. What happens, according to Moke, is that cyber adversaries no longer need to attack organisations directly. Instead, they look for the least protected vector and pounce on that weakness—quietly and one step at a time. By the time the targeted organisation can take steps towards containment, the damage has already been done.

“In highly interconnected markets like Malaysia, attackers increasingly exploit the weakest link rather than the primary target itself,” Moke pointed out. “A compromise at a law firm, consultancy, software provider, or even an IoT or OT hardware vendor can ripple through corporate networks…”

Artificial Intelligence Changes Cybersecurity Calculus, Says Ensign

Then there is Artificial Intelligence (AI). Moke expects AI-powered threats to increase overall attack volume in Southeast Asia, as it lowers the barrier to entry for threat actors. Moreover, AI “enables threat actors to expand their operations by making advanced techniques easier to use and repeat,” according to Moke, making an already dangerous cybersecurity landscape even more perilous.

A natural response would be to deploy AI-enabled security tools. However, this is not a silver bullet in today’s threat-infested environment, Moke cautioned, warning that the use of AI for defence can introduce new issues and even unnecessarily expand the attack surface.

“Poorly governed or superficially integrated AI can automate bad decisions and introduce new attack surfaces,” Moke said.

As cyber threats grow more subtle, persistent, and interconnected, organisations can no longer rely solely on perimeter defences or traditional assumptions about attackers. Moke’s warning underscores the need for stronger governance, deeper visibility across supply chains, and a more measured approach to adopting emerging technologies such as AI.

And in an environment where attackers are patient and increasingly indirect, resilience will depend not just on advanced tools, but on disciplined strategy, vigilance, and informed risk management.

Martin Dale Bolima

Martin has been a Technology Journalist at Asia Online Publishing Group (AOPG) since July 2021, tasked primarily to handle the company’s Disruptive Tech Asia and Disruptive Tech News online portals. He also contributes to Cybersecurity ASEAN and Data&Storage ASEAN, with his main areas of interest being artificial intelligence and machine learning, cloud computing and cybersecurity. A seasoned writer and editor, Martin holds a degree in Journalism from the University of Santo Tomas in the Philippines. He began his professional career back in 2006 as a writer-editor for the University Press of First Asia, one of the premier academic publishers in the Philippines. He next dabbled in digital marketing as an SEO writer while also freelancing as a sports and features writer.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *