09/06/2025

LYFE MONDAY | JUNE 9, 2025

24

o Malaysian IT security teams face resource constraints Smarter cyber threats emerging

ARTIFICIAL intelligence (AI) is gradually becoming part of everyday working life, promising productivity gains and a transformation of working methods. Between enthusiasm and caution, companies are trying to harness this revolutionary technology and integrate it into their processes. But behind the official rhetoric, a different reality is emerging. Many employees have chosen to take the initiative, adopting these tools discreetly, out of sight of their managers. A recent survey, conducted by software company Ivanti, revealed the extent of this under-the-radar adoption of AI. One-third of employees surveyed use AI tools without their managers’ knowledge. There are several distinct reasons for this covert strategy. For 36% of them, it is primarily a matter of gaining a “secret advantage” over their colleagues. Meanwhile, 30% of respondents fear that revealing their dependence on this technology could cost them their jobs. This fear is understandable, considering that 29% of employees are concerned that AI will diminish the value of their skills in the eyes of A sharp escalation in both the volume and sophistication of cyber threats across Malaysia and the Asia Pacific region are being leveraged by attackers using artificial intelligence (AI) to scale stealthy, fast-moving attacks. These are resulting in cyber teams being stretched thin when it comes to detecting and responding to the attacks in a timely manner. This discovery comes from a new Fortinet-commissioned survey by the International Data Corporation. The results reveal a threat landscape that is not only evolving in complexity but also shifting towards gaps in visibility, governance and infrastructure. The rise of AI-enabled cybercrime is no longer theoretical, as nearly 50% of the organisations in Malaysia said they have encountered AI-powered cyber threats in the past year. These threats are scaling fast, with a twofold increase reported by 54% and threefold increase by 24% of the organisations. Exploiting weaknesses This new class of threats are harder to detect and often exploit weaknesses in human behaviour, misconfiguration and identity systems. In Malaysia, the top AI-driven threats reported include: 0 AI-automated exploit development targeting zero-day vulnerabilities These are vulnerabilities that exist but are not known to developers, so they A more evolved form of malware, these AI-generated malware are programmed to always mutate its signature with each attempted infection, making it hard for traditional antivirus software to detect and remove. 0 AI-assisted credential stuffing and brute force attacks Traditional brute force attacks use credential stuffing through trial and have not been patched. 0 Polymorphic malware

Shifting cyberspace landscape The cybersecurity landscape has shifted from episodic crises into a state of constant exposure, leaving organisations and consumers in Malaysia increasingly vulnerable to threats that operate in the shadows. The most reported threats include ransomware (64%), software supply chain attacks (54%), insider threats (52%), cloud vulnerabilities (46%) and phishing (40%). The most disruptive threats are no longer the most obvious. These threats are particularly damaging because they often go undetected by traditional defences. As a result, these quieter, more complex risks are now viewed as more dangerous than well-known threats such as ransomware or phishing. The consequences are no longer limited to downtime. The top business impacts of cyberattacks include data theft and privacy violations (64%), regulatory penalties (48%), loss of customer trust (44%) and operational disruption (40%). Financial damage is also real: 50% of respondents experienced breaches that resulted in monetary loss, with one in three costing over US$500,000 (RM2.1 million). Meanwhile, security teams in Malaysia continue to face significant resource constraints, as on average, just 7% of an organisation’s workforce is dedicated to internal IT and only 13% of that is focused on cybersecurity. According to Fortinet Asia and ANZ marketing and communications vice president Rashish Pandey, there is a clear shift in how organisations are approaching investment into cybersecurity, even if it is still lagging behind, as the focus is moving beyond infrastructure to more strategic areas such as identity, resilience and access.

AI-powered deepfake email scams are on the rise, exploiting human behaviour and bypassing traditional cybersecurity defences. – FREEPIKPIC

same organisation. Despite the rise in AI-driven attacks, only 19% of organisations say they are very confident in their ability to defend against them. Meanwhile, 27% admit that AI threats are outpacing their detection capabilities and 20% of organisations in Malaysia have no ability to track AI-powered threats at all.

more efficiently simply means doing more work, many prefer to keep their productivity gains to themselves. This mistrust is accompanied by an AI-fuelled impostor syndrome, with 27% of users saying they do not want their abilities to be questioned. This situation highlighted a huge gap between management and employees. Although 44% of professionals surveyed said their company has invested in AI, they simultaneously complained about a lack of training and skills to use these technologies effectively. This disconnect betrays a poorly orchestrated technological In the face of this silent revolution, Johnson advocates a proactive approach: “To mitigate these risks, organisations should implement clear policies and guidelines for the use of AI tools, along with regular training sessions to educate employees on the potential security and ethical implications.” This survey suggested that companies should completely rethink their integration of AI, rather than turning a blind eye to this transformation. Integrating AI adversarial AI part is when attackers use AI to carry out the attack on other AI. 0 Deepfake impersonation in business email compromise Attackers use AI to generate convincing deepfakes of a certain company’s employees. These deepfakes are then deployed to compromise others in the

their employer. The figures reveal an explosion in clandestine use. 42% of office workers said they use generative AI tools such as ChatGPT at work (+16 points in one year). Among IT professionals, this proportion reaches an impressive 74% (+8 points). Now, nearly half of office workers use AI tools not provided by their company. Underestimating risks This covert use exposes organisations to considerable risks. Indeed, unauthorised platforms do not always comply with security standards or corporate data protection requirements. From confidential data to business strategies to intellectual property, anything and everything can potentially be fed into AI tools unchecked. “It is crucial for employers to assume this is happening, regardless of any restrictions, and to assess the use of AI to ensure it complies with their security and governance standards,” emphasised Ivanti chief legal counsel Brooke Johnson. The survey also revealed a troubling paradox. While 52% of office workers believe that working error to guess passwords. By using AI, the attacks shift towards using probability and patterns based on the victim. 0 Adversarial AI and data poisoning Data poisoning involves attackers compromising the training data of a machine learning model to then “take control” of it through the model’s manipulation. The

AI becoming secret weapon for workers

According to the survey, 42% of office workers use generative AI tools (such as ChatGPT) at work. – PEXELSPIC

legion of secret users. The stakes go beyond mere operational optimisation: the most successful organisations will need to balance technological use with the enhancement of human potential. By encouraging open dialogue, employers can foster transparency and collaboration, ensuring that the benefits of AI are harnessed safely

and effectively. Ignoring this silent revolution runs the risk of deepening mutual distrust between management and employees, to everyone’s detriment. This survey was conducted by Ivanti in February 2025 among more than 6,000 office workers and 1,200 IT and cybersecurity professionals. – ETX Studio