Across Southeast Asia, the cyber threat landscape is undergoing a dramatic shift. Recent advanced persistent threat (APT) campaigns such as UNC3886 and Earth Kurma represent a clear escalation. These aren’t just high-profile cyber attacks, they are highly targeted, long-term operations designed to evade detection for months, sometimes years.
When sophisticated threat actors can maintain undetected access to critical networks for extended periods, as uncovered by Trend Research, with Earth Kurma operating across the Philippines, Vietnam, Thailand and Malaysia since 2020, traditional "detect and respond" approaches become dangerously inadequate. The real danger lies not just in the breaches themselves, but in the complacency of reactive security strategies that are no longer enough.
Singapore's recent decision to raise its National Cyber Threat Alert Level and mandate APT incident reporting further reflects a harsh reality: the threat landscape has fundamentally shifted, and business-as-usual security is failing.
For Southeast Asian organisations and business leaders, this is not just a cybersecurity issue, it is a strategic business risk. The question is no longer “Will we be targeted?”, but “Are we structurally prepared to prevent, prioritise and respond before attackers succeed?”
The high cost of reactive security
Unlike traditional cybercriminals who strike fast and move on, groups like Earth Kurma have demonstrated the ability to remain undetected inside networks for years. Our research shows they have actively targeted government and telecommunications organisations, using advanced rootkits and cloud-based tools to blend seamlessly into normal operations. For example, APT groups like UNC3886 have deployed custom open-source malware specifically designed to evade detection and maintain long-term persistence within targeted environments.
See also: CSA launches quantum readiness index and handbook to guide shift to quantum-safe systems
This persistence compounds business damage. According to the Ponemon Institute’s Cost of a Data Breach Report 2024, the average breach costs US$4.88 million. But when attackers remain embedded over time, the impact multiplies, exposing competitive intelligence, client strategies and sensitive internal plans.
For businesses, this means damage goes far beyond financial loss. It affects competitive positioning, regulatory standing and long-term brand equity.
Singapore's regulatory response also shows how seriously governments are treating these threats. The new reporting requirements are not just bureaucratic updates, they reflect growing recognition that persistent, undetected attacks pose systemic risks to national and economic stability. In Southeast Asia’s interconnected economy, this means rising compliance demands, but more importantly, it signals that tolerating security blind spots is no longer an acceptable business risk.
See also: Singapore teams up with Google, AWS and TRM Labs to harden national cyber defences
Sophisticated threats demand proactive response
For business leaders, the path forward starts with embracing Cyber Risk Exposure Management (CREM) as a strategic business capability. That means moving beyond the question, “How do we respond faster to breaches?” and instead asking, “How do we prevent sophisticated threats from impacting our business in the first place?”
Traditional approaches, such as deploying defensive tools, waiting for alerts and responding after the fact, no longer match the nature of these threats. APT campaigns like UNC3886, which combine advanced techniques with strategic targeting, warrant heightened vigilance. As such, what worked against opportunistic attacks fails against persistent, patient adversaries who specialise in avoiding detection.
Organisations that stay reactive are operating under a false sense of security, assuming that their most valuable assets are not already being monitored or targeted.
To stay ahead, enterprises must shift from defending against opportunistic threats to confronting targeted, persistent adversaries with strategy, speed and coordination. CREM enables that shift by embedding proactive defence into core operations.
This evolution transforms security teams from passive responders to active defenders. Instead of waiting for alerts, they proactively hunt for indicators of compromise, reducing dwell time and limiting the window for adversaries to do damage. This transformation is essential in a threat landscape where invisibility is a tactic, not a side effect.
And this is not just about preventing breaches. It is about protecting business continuity, safeguarding intellectual property and maintaining trust in supply chain relationships. In today’s environment, organisations that adopt proactive risk management will outperform their peers. While others react to crises, they will preserve continuity, retain strategic edge and build stakeholder confidence.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
The choice is clear
The escalation is real. The threats are persistent. And they will only grow more sophisticated.
Organisations must act now, become proactive, transform their security posture and embed cyber risk exposure management into core strategy. CREM enables continuous exposure assessment, threat intelligence integration and proactive mitigation. It evolves cybersecurity from an episodic, reactive function into a continuous business process.
Those that fail to adapt will face growing cost, complexity and reputational risk. Those that move now, embedding risk exposure management into their core strategy, will not only stay secure, but stay ahead.
David Ng is the managing director of Singapore, Philippines and Indonesia at Trend Micro
