Ensign InfoSecurity: Taking a proactive cybersecurity approach addresses all concerns

For Teo Xiang Zheng, Ensign’s Vice President of Advisory, Ensign InfoSecurity, the increasing number of cyberattacks in the region requires businesses to take proactive approach that addresses all areas of the organization.

Across Asia Pacific, Ensign InfoSecurity’s sixth Cyber Threat Landscape Report (CTLR) 2025 revealed a thriving underground cyberthreat economy and growing supply chain vulnerabilities.

While AI can help with cybersecurity management, Teo believes it’s still a double edge sword if organizations do not use it properly. He believes AI from the adversary's perspective can iterate exploit tools, identify targets faster and can-do research better. For defenders, AI can better understand the situation.

“It's just whether we employ it properly. And then hopefully accommodate it into the defense posture. We are at that explosion curve when it comes to AI and its possibilities. If I have a diverse solution set, I need to invest into many people studying so many different technology stacks and whether it's viable or not. In our trade landscape report, we alluded towards this problem, which is especially true in our region where we are kind of East meets West. So increasingly we are seeing Eastern stack becoming more defined and prominent,” he explained.

Teo also pointed out that most organizations are living with Western technology stack as a predominance, but if looking towards places like the EU, they are also advocating for open source or open source adapted solutions.

“In that mix and spectrum, many organizations will have some combination of this. And then out of necessity, they will integrate it together, whether by hook or by crook, to make it work so that everything can have function. In this force field, there will be integration vulnerabilities that we cannot detect. And it's not at the product level only but the integration as well. So that is only magnified and then becomes an exponential problem for us to solve. We hope that AI can help to address this and at least prune it down,” he added.

Being outcome centric

For Teo, this is where Ensign InfoSecurity comes in. Being a services-oriented company, Ensign is outcome centric. This means essentially to be able to support clients' defense against the threat.

“From the very beginning when Ensign was formed, a threat-informed defense concept was the first thing that we put into our DNA. And in that, you would note that we are one of the most prominent organizations in cybersecurity that invests and builds up intelligence capability. We do our own research. We do our own collection sources, both proprietary and commercial as well as open source. But we harness that to contextualize the threats and the corresponding solutions that our clients should have,” Teo explained.

Teo also pointed out that the solutions Ensign provides includes augmenting how processes work, training customers to become better, transforming customer frame of mind in terms of how they are seeing the cyber defense problem and connecting that to business.

“We do all that whole spectrum of that through our vertical pillars, managed security services, SOCs, system integration by integrating solutions and making sure that they achieve an integrated outcome, not just a point-based outcome. Then we have our consulting capability, where we bring all the processes, frameworks and all that and transform, enabling them towards a better state. Our last pillar is more R&D where we are horizon scanning and then developing emerging solutions to emerging problems,” he explained.

“So, all this is then in one house, which is Ensign, where we have a thousand plus cyber professionals. I think from that scale itself and the breadth, we are by far the largest in the region already. So, from there, we look deep into our clients to point out their problems and how we can stitch and make sure they are having a connected story in cybersecurity” Teo said.

Findings from the report

According to the report, there is thriving underground economy that continues to power persistent threats in the region. Specifically, threat actors including ransomware groups, Initial Access Brokers (IABs), and hacktivists work in tandem with each specializing in a piece of an attack while pursuing multiple income streams.

Apart from that, there has also been an increased sophistication in supply chain compromises, where hardware, software, and service providers are specifically targeted to gain stealthy access to organizations. Business and Professional Services (BPS) firms, such as legal, accounting, and consulting, have become prime targets as they often possess large amounts of sensitive client data and typically lack deep defensive capabilities.

State-sponsored threat groups across APAC are on the rise, accounting for a notable number of cyberattacks in 2024. These groups are usually well-resourced and have high-level capabilities. Their modus operandi is characterized by stealth, persistence, and strategic patience, positioning themselves for future operations.

“Our report is conditioned to January to December of 2024, but you can see how the situation in 2025 a combination of those observations is. We are starting to see ransoms being asked for any kind of breach because this operational playbook is now becoming more pervasive in nature. Ransomware is essentially a ransom resulting from a malware related compromise. And this malware has a few characteristics. It encrypts and then it at least avails opportunity for decryption,” Teo said.

It’s all about being prepared

Increasingly, Teo mentioned that Ensign is starting to see global trends whereby most organizations are digitally enabled to the extent of easily more than 90% of their effects are digital operations. The challenge with this is that to ask them to switch into manual operations, they have no skill of manpower or human resources to be able to deliver those operations. Teo pointed out that even at degraded mode, it is a significantly degraded perspective as good as the company doesn't exist.

“Ransomware attacks today can drag on for weeks or even months. We saw this earlier in the year when UK retailers like Marks & Spencer and Harrods suffered prolonged disruptions. For digital businesses with limited manpower, sustaining such intense operations over months can push them to the brink of bankruptcy. Faced with this uncertainty, many feel pressured to consider paying the ransom as a matter of business survival. What was once seen as a last-resort exception is increasingly becoming the main reason companies decide to pay,” he explained.

Teo also stated that the level of awareness at the organization cannot be limited to technology and cyber teams.

“At Ensign, we advocate that the whole organization comes together and recognises the beast for what it is. We borrow ransomware as a case study. Ransomware and its symptoms and effects do not just target technology teams and cyber teams. In fact, for many of the incidents that we see post-mortem, the technology teams actually do very well in the response and recovery aspects. But it is the whole of the organization response, the comms, the PR aspects, the ability to engage different stakeholders, the ability to engage regulators, the general public, that makes them fall short,” he said.

Teo also mentioned that Ensign is increasingly advocating for organizations to not just see cybersecurity as a technology problem.

“It's a more reactive kind of approach to it instead of taking a proactive approach. The cognitive relation between a cyber event leading to a whole business issue is not there yet. Some organizations are starting to connect the dots and that's where they are a bit more successful coming out of it,” he concluded.