30 July 2025
As mobile networks become the digital spine of Southern and Southeast Asia's rapidly transforming economies, they are also drawing increasing attention from cyber adversaries. From sophisticated malware campaigns to the lurking presence of rogue base stations, the region’s mobile operators are under siege from multiple vectors — forcing a shift from passive defense to proactive, deeply integrated cybersecurity strategies.
A shifting threat landscape
The security challenges in throughout the Southern Asian region are as diverse as its geography.
According to Anand Renukanand, APAC Regional Director at F-Secure, mobile networks in the region face threats such as “fake or rogue base stations, SIM card cloning and fraud, man-in-the-middle attacks, and DDoS campaigns increasingly targeting critical infrastructure.”
He notes that these risks are amplified in markets with “high penetration of prepaid services and less stringent identity verification.”
David Ng, Trend Micro
Ransomware and data interception over unsecured networks are now commonplace, reports David Ng, Managing Director for Singapore, Philippines & Indonesia at Trend Micro. He highlights an emerging significant concern, namely advanced persistent threats (APTs), following a recent campaign called Earth Kurma, which targeted Southeast Asia’s telecom and government sectors with rootkits and cloud-based data exfiltration.
“Affected organisations faced severe risks, including potential compromise of sensitive government and telecommunications data, with attackers maintaining prolonged, undetected access to their networks. This highlights the growing sophistication of targeted attacks in the region and the dangers of insufficient network security defences in the face of increasingly stealthy and persistent threats,” warns Ng.
In this volatile environment, experts agree that proactive defence is no longer optional. “AI-driven threat detection enables organisations to anticipate attacks,” says Ng. “Zero Trust approaches and employee training build resilience at both the network and human layers.”
Anand Renukanand, F-Secure
The regulation game: patchwork or progress?
The region’s regulatory frameworks are evolving fast — but not always in sync.
“Regulatory landscape is evolving as threats in Singapore, Thailand, Philippines, Vietnam, Hong Kong, Malaysia and Indonesia have established comprehensive cybersecurity laws with clear compliance requirements, while others are still developing their regulatory frameworks. This creates a complex compliance landscape for organisations operating across multiple jurisdictions,” says Renukanand.
“Regulations such as Singapore’s Cybersecurity Act and Malaysia’s Cyber Security Act 2024 impose rigorous mandates on critical information infrastructure. At the same time, enhanced data protection laws in some markets require vigilant monitoring of network activity for anomalies and early signs of compromise,” adds Ng. “This creates significant complexity for organisations operating across multiple jurisdictions, as they must balance evolving security needs with ensuring compliance in each market.”
As often the case, Singapore is leading by example by setting up Anti scam centre with the Singapore police force. This has now been adopted in other countries like Thailand where the local regulators and the police have joined forces to mitigate and prevent such large-scale attacks.
Ng believes regulatory pressure is spurring a paradigm shift, from reactive measures to proactive network security. With governments across the region introducing more stringent controls, a passive, ‘wait-for-a-breach’ approach is no longer viable.
"Regulatory landscape is evolving as threats in Singapore, Thailand, Philippines, Vietnam, Hong Kong, Malaysia and Indonesia have established comprehensive cybersecurity laws with clear compliance requirements, while others are still developing their regulatory frameworks. This creates a complex compliance landscape for organisations operating across multiple jurisdictions."
“Organisations must now embed security deep within all layers of their wireless networks — moving beyond perimeter defence toward continuous threat anticipation and risk reduction,” says Ng. “Organisations should adopt a forward-looking strategy focused on continuous threat anticipation, risk reduction, and regulatory alignment. This calls for close collaboration between cybersecurity and legal teams, as well as active participation in public-private partnerships to stay informed on regulatory developments. Leveraging Cyber Risk Exposure Management also enables organisations to continuously evaluate, prioritise, and mitigate risks — not just within networks but across the entire digital infrastructure. In doing so, they can move beyond mere compliance, building not only stronger network security but also greater overall cyber resilience.”
The rural cybersecurity conundrum
Deploying secure mobile infrastructure in rural or underserved areas is an entirely different beast.
“Deploying secure mobile and enterprise networks in rural Southeast Asia presents unique security challenges,” says Ng. “The primary obstacle is inconsistent and often outdated infrastructure. Some areas still rely on legacy 2G or 3G networks, which lack the robust, built-in security of modern 5G. This makes both public and corporate communications inherently more vulnerable to interception and man-in-the-middle attacks, compromising enterprise data and remote operations.”
Ng agrees that the lack of reliable power and logistical difficulties also complicate deploying and maintaining on-site security hardware for IT and operational technology (OT) systems.
“Furthermore, a workforce with lower digital literacy can be more susceptible to social engineering, turning employees into unwitting entry points for attacks against corporate networks. This creates a blended threat where consumer-grade vulnerabilities directly impact enterprise security postures,” adds Ng. “These factors create an environment where security operations often become reactive.”
There’s also the issue of cost, as flagged by Renukanand and Phua.
“Limited internet connectivity affects the ability to implement cloud-based security solutions and receive real-time threat intelligence,” notes Renukanand. “The cost of deploying comprehensive security infrastructure in low-population-density areas can be prohibitive.”
"A workforce with lower digital literacy can be more susceptible to social engineering, turning employees into unwitting entry points for attacks against corporate networks. This creates a blended threat where consumer-grade vulnerabilities directly impact enterprise security postures,” adds Ng. “These factors create an environment where security operations often become reactive."
Phua adds that traditional endpoint security simply doesn’t scale in these areas: “low ARPU, infrastructure limitations, and high cyber vulnerability make security solutions both technically and commercially challenging.”
Emerging tech: friend, foe, or frenemy?
“Emerging technologies are both an enabler and a disruptor. 5G brings ultra-low latency and network slicing, but also decentralises the architecture, making it harder to control,” asserts Phua. “IoT devices are often deployed without basic security, opening new attack vectors. AI, meanwhile, is being used on both sides: by attackers to automate campaigns, and by defenders for smarter threat detection and mitigation.”
Ng sees these technologies as transformative: “the adoption of 5G, IoT, and AI across Southeast Asia introduces powerful advancements in network security alongside complex new risks. On one hand, AI and machine learning are foundational to modern threat intelligence, powering predictive analytics and automated responses that can neutralise sophisticated attacks before they escalate. The high-speed, low-latency connectivity of 5G also enables organisations to deploy and manage security policies across vast, distributed networks in real time. On the other hand, this expanded connectivity creates new vulnerabilities. The surge in IoT devices offers threat actors countless additional entry points. Adversaries are also harnessing AI to design and deploy increasingly sophisticated, automated attacks at unprecedented scale and speed — making them far more difficult to detect.”
Navigating this evolving landscape demands a cybersecurity strategy that balances innovation with risk management. Organisations must prioritise end-to-end visibility and rapid response capabilities to stay ahead of emerging threats, claims Ng. Embracing technologies can unlock significant business value, but it is equally critical to address the new vulnerabilities they introduce, for example by adopting robust 5G encryption and enforcing IoT-specific security frameworks ensuring network resilience and security remain at the core of digital transformation efforts.
"The adoption of 5G, IoT, and AI across Southeast Asia introduces powerful advancements in network security alongside complex new risks. On one hand, AI and machine learning are foundational to modern threat intelligence, powering predictive analytics and automated responses that can neutralise sophisticated attacks before they escalate."
Renukanand posits that 5G networks have catapulted the adoption of IoT, AI based solutions.
However, “these 5G networks introduce network slicing capabilities that can enhance security through isolation but also create new attack vectors. The increased network complexity requires more sophisticated security monitoring and management systems,” warns Renukanand. “The proliferation of IoT devices creates massive security management challenges due to device diversity, limited security capabilities on many IoT endpoints, and the difficulty of managing security across millions of connected devices. Many IoT devices lack robust security features, creating potential entry points for network attacks. Organisations have a huge uphill task in adoption of these technologies as there is not enough training or understanding of what AI is able to achieve with such automation in mission critical infrastructure.”
Building a resilient framework
Renukanand recommends a “unified framework that prioritises ongoing improvement, regular review, and collaborative security — regardless of cultural differences — can help organisations in Southern and Southeast Asia effectively safeguard mobile and wireless networks while advancing digital transformation and economic growth.”
Ng echoes the need for agility and continuous assessment: “with mobile and wireless networks growing in size and complexity, organisations need a proactive, multi-layered defence strategy. A critical part of this strategy is a Zero Trust approach, which ensures that no device, user, or application is automatically trusted — whether inside or outside the network perimeter. Organisations should also leverage AI-driven threat detection that moves beyond traditional signature-based methods. Utilising advanced machine learning and behavioural analytics empowers them to detect emerging threats and zero-day exploits early, preventing attacks before they cause damage. Regular patching and vulnerability management across all mobile and wireless assets should also be enforced to minimise exploitable weaknesses, especially in fragmented device ecosystems common in Southeast Asia.”
Phua outlines actionable practices for telcos:
1. Start at the network core – Implement AI/ML-based threat detection to stop malware and phishing at the source with our comprehensive global threat intelligence database.
2. Offer tiered security services – Allowing super affordable basic bundled protection, upsell mid- and premium tiers with family protection, DDOS protection, or business features.
3. Ensure zero-touch activation – Enable easy onboarding, especially app-based solutions have low adoption.
4. Align with regulators early – Turn compliance into a service, not a cost.
5. Educate users – Use real-time alerts and security report to create engagement and value perception.
6. Bundle for upsell – Integrate security into existing mobile/broadband/SMB plans as a differentiator.
"The key is centralised visibility, continuous compliance monitoring, and automated policy management across hybrid environments. By aligning access controls with regional laws and eliminating unnecessary exposure, organisations can safeguard data privacy while remaining agile as regulations evolve across diverse jurisdictions in the region."
Even network policy management must be rethought, says says Hari Bhullar, SVP International Sales, FireMon.
“To protect user data and meet data sovereignty requirements in Southern and Southeast Asia, organisations must ensure their network security policies are tightly governed. Misconfigured or overly permissive firewall rules can expose sensitive data or violate local regulations,” asserts Bhullar. “The key is centralised visibility, continuous compliance monitoring, and automated policy management across hybrid environments. By aligning access controls with regional laws and eliminating unnecessary exposure, organisations can safeguard data privacy while remaining agile as regulations evolve across diverse jurisdictions in the region.”
“Eeven with strong preventative measures, organisations must prepare for incidents where attackers manage to bypass defences,” adds Ng. “This makes it essential to develop and regularly test breach containment and incident response plans. Having rapid response protocols, automated containment capabilities, and clear escalation procedures in place would also help minimise impact and support quick recovery when breaches occur.”
Security as a growth engine
The takeaway is clear: cybersecurity is no longer just about keeping threats out — it’s about enabling growth, building trust, and differentiating in a crowded market. As Phua aptly sums up: “security today is not just about threat mitigation. It’s about customer value, churn reduction, and ARPU growth.”
In the end, the region’s mobile network operators must adapt to survive. But those that lead on security may do more than survive — they may define the next era of digital transformation.
