Cybercrime becoming quieter and quicker with AI

Fortinet survey reveals that only 19% of organizations in APAC are very confident in their ability to defend against AI Powered threats.

AI-powered cyberattacks are on the rise, and businesses are now finding it harder to detect and deal with these attacks. Despite investing heavily in cybersecurity, many organizations feel they are not capable of dealing with AI-powered threats.

The findings from an IDC survey commissioned by Fortinet also revealed that 27% of organizations admit that AI threats are outpacing their detection capabilities. Looking specifically at findings from Malaysia, nearly 50% of organizations In Malaysia said that they have encountered AI-powered cyber threats in the past year. These threats are scaling fast, with a 2X increase reported by 54% and a 3X increase by 24% of organizations.

Findings from the survey also revealed unpatched and zero-day exploits, followed closely by insider threats, cloud misconfigurations, software supply chain attacks, and human error among the most disruptive threats. These threats are particularly damaging because they often go undetected by traditional defences, exploiting internal weaknesses and visibility gaps. As a result, these quieter, more complex risks are now viewed as more dangerous than well-known threats like ransomware or phishing.

The consequences from these threats are also no longer just limited to downtime. 50% of respondents admit that breaches have resulted in monetary loss, with one in three costing over US$500,000. Other business impacts include data theft and privacy violations (64%), regulatory penalties (48%), loss of customer trust (44%), and operational disruption (40%).

The bigger concern is the capability of security teams to manage the increasing cyberattacks. In Malaysia, only 15% of organizations have a standalone CISO, and most (63%) continue to combine cybersecurity responsibilities with broader IT roles. Just 6% of organizations have specialized teams for functions like threat hunting and security operations.

When it comes to investing in cybersecurity, organizations are increasingly shifting from infrastructure-heavy spending to more strategic investments. The top five priorities include identity security, network security, SASE/Zero Trust, cyber resilience, and cloud-native application protection—indicating a shift toward access-centric, risk-based security planning.

At the same time, around 80% of organizations are focused on consolidating their cybersecurity as they more towards a more platformized approach. Yet, many cite tool management as a major challenge, indicating that the problem is no longer the number of tools, but the fragmentation and lack of integration across them.

According to Kevin Wong, Country Manager, Fortinet Malaysia, complexity is now the new battleground in cybersecurity—and AI is both the challenge and the frontline defence. A

“As threats grow quieter and more coordinated, Fortinet is helping organizations across Malaysia stay ahead with a unified, platform-based approach that brings together visibility, automation, and resilience. In today’s threat environment, speed, simplicity, and strategy matter more than ever. Our focus is on helping customers shift from piecemeal defences to AI-powered security that’s built for scale and sophistication,” said Wong.

Picking the right platform

As organizations look to consolidate and move towards a more platformized approach in cybersecurity, the question now is, which areas do they actually consolidate and how can they be sure they are making the right decisions when taking this approach?

For Rashish Pandey, Vice President of Marketing and Communications, Asia & ANZ, cybersecurity has often been procured on an ad hoc basis over the years. Pandey believes this is the reason why there are many bests of breed solutions that are in silo.

“The way we see it is most companies are going from like 40 vendors to an intermediary stage where they consolidate to about seven or eight different sorts of core capabilities. But over time, we are seeing the more advanced customers get to about two or three platforms. We're not saying it's going to be one platform, and that's going to be Fortinet. Most customers will end up with two or three platforms with very integrated products that talk to each other. The easiest place to start, we always tell our customers, is to start with what you have,” explained Pandey.

Pandey strongly believes organizations should look at the solutions they already have and maximize its value before investing in something new. He also advises customers to patch all their systems and have a strategic method of ensuring it because unpatched products are often the doorway for bad actors to get in.

“And last but not least, we do advise our customers to spend some time with your platform vendors, understand the capabilities, instead of being carried away by the latest and the greatest and the shiniest object,” added Pandey.

When asked if businesses should then consider their AI investments and focus more on cybersecurity, Pandey said cybersecurity investment versus innovation investment, whether it's AI or business transformation or digitization, is not an either or.

“We think for digitization to move faster, you need to have cybersecurity built in, because then it gives you the confidence to go faster. Otherwise, you might go very fast on digitization, and if there's a breach, there’s a lack of trust, and it slows you down. So, it's not an either or, but it is a conversation we have with customers all the time,” said Pandey.

Pandey also highlighted that AI plays a strong role in cybersecurity, especially on the defensive side. Specifically, there are three use cases which Fortinet is seeing very strongly. First, it's on threat landscape mapping whereby an AI strategy can help by providing a holistic view of all this. Second, it is the role of AI in managing security operations.

“If we can take away the basic work that an analyst has to do, whether it is triaging alerts, chasing false positives, etc, we leave that to the AI system to carry. It can be solved at machine speed. Then the analysts that we have can be focused more on driving level two, level three kind of threats. More importantly, we can use their time to create more proactive way of thinking about cybersecurity,” said Pandey.

The third use case that Fortinet is seeing in on AI protecting the AI infrastructure itself. Pandey highlighted that customers are saying attacks are happening on the underlying training data or on the LLM infrastructure itself and they tant to be able to protect that.