Cyber Security

Cyber has found its way into everything

It wasn't the scale of DDoS attacks that caught my attention. It was this.

Paul Mah

Paul Mah

2 min read
Cyber has found its way into everything
Photo Credit: Paul Mah. Fireside chat with (left to right) Nan Hao, Benjamin, Ben Munroe.

DDoS attacks are now hyper-volumetric and incredibly sophisticated, says Cloudflare. But that wasn't what caught my attention.

I dropped by the Cloudflare office this morning where field CTO Nan Hao Maguire shared about the evolving AI and cybersecurity landscape in APAC.

What struck me wasn't the scale of DDoS attacks or their sophistication—they tend to be randomised, multi-vector, and mimic legitimate traffic—but how cyber has found its way into everything.

Here are three thoughts that came to mind during the briefing and the fireside chat with Benjamin Ang, who helms the Centre of Excellence for National Security at RSIS.

Resilience goes beyond IT

Unlike in the past where IT was in charge of ensuring the company website stays up or Internet access is stable, business resilience is far more complicated today.

Benjamin frames resilience as the ability to bounce back, even if performance is degraded, as long as the same objectives are met. Computers failed? Switch to manual processes. Trains down? Call in the buses. Power out? UPS system cuts in.

Yet these aren't calls made by IT or even the ops team.

Resilience must hence be engineered into the architecture, not as an afterthought, explained Nan Hao, which surely requires executive involvement or direction.

Track record beats SLAs

Real, demonstrated resilience beats promised uptime or even a legal commitment any day. In short, service level agreements (SLAs) are the bare minimum.

Nan Hao said: "It's an easier conversation to the board if they see that a particular service has a proven failover time, rather than [a promised SLA]."

Shadow AI, the new shadow IT

We all know shadow AI and shadow IT can potentially expose our organisations to threats. Yet we often don't think it could happen to us.

This is a mistake. Shadow deployments happen not for malicious reasons, but when workers try to get the job done or be more productive.

When the business isn't ready to offer the needed controls or doesn't have cybersecurity systems in place, however, this is when exposure and risk go up, says Benjamin.

What are the top challenges you see in cybersecurity in 2026?

Read more