Aug 2025
by Lim May-Ann
From “Smart Nation” initiatives in Singapore to the industrial hubs in Vietnam and Indonesia, IoT has been driving digital transformation and efficiency narratives in the public sector over the last decade. This acceleration has also had the side effect of expanding the possible attack surface created by IoT-enabled interconnected, intelligent devices.
The security of IoT has sometimes been treated as an afterthought, plagued by hardcoded passwords and unpatched firmware. This blase attitude could be due to the “islanding” or “orphaning” of IoT devices after deployment – such as a device deployed on an object that travels globally (such as a container aboard an international vessel). When we inject AI into this mix, particularly agentic AI, where we allow devices to make autonomous decisions based on real-time data, the stakes often escalate from data privacy concerns, to broader risks such as physical safety and national security risks.
The Vulnerability of Connectivity: Regional Lessons
In 2024 Cyfirma reported a surge in attacks in Southeast Asia, particularly targeting smart building management systems across Southeast Asia. In several instances, hackers exploited legacy IoT sensors – such as those used for climate control and lighting – to gain a foothold in corporate networks. Because these devices lacked basic encryption, they served as an unmonitored backdoor into the system.
An increasing urgent cyberrisk example is the increasing frequency of AI-driven botnets. Unlike traditional botnets that follow static commands, AI-enhanced malware can now “learn” to bypass specific firewalls by mimicking legitimate user traffic patterns. Recent 2025 reports from Japan’s cybersecurity agencies highlighted how AI-driven DDoS attacks have become more sophisticated, specifically targeting IoT-heavy infrastructure like smart grids to maximize economic impact.
In India, the healthcare sector’s pivot to IoT-enabled remote patient monitoring has also highlighted significant cybersecurity gaps. Between 2022-2023, several major hospitals faced ransomware threats where the entry point was identified as unsecured medical IoT devices. The integration of AI for diagnostics means that if the underlying data from these devices is tampered with—an “adversarial AI” attack—the consequences could include misdiagnosis or incorrect treatment protocols.
Dual Use Technologies: The AI Double-Edged Sword
As with any dual-use technologies, AI is both the threat and the solution. In Asia’s financial hubs, such as Hong Kong and Singapore, AI is being deployed to monitor IoT traffic in real-time. These systems use machine learning to establish a “baseline” of normal device behavior; if a smart camera suddenly begins transmitting data to an unknown server at midnight, the AI triggers an immediate isolation protocol.
A Call for Regional Alignment on IoT and AI Deployment
To secure our future, CCAPAC puts forward regional alignment on IoT and AI Deployment for the Asian cybersecurity community. Three critical goals could be proposed:
- Mandatory Security-by-Design: We can no longer treat IoT devices as “disposable” tech. Governments in the ASEAN region could explore further alignment in security standards across the region, ensuring that any IoT device sold in our markets meets a minimum international standard and threshold of encryption, password complexity, and patchability.
- Adversarial AI Readiness: Organisations – particularly SMEs – should begin testing their AI models against “adversarial” inputs. It is not enough to secure the device; we must secure the logic that governs it. A possible approach for the region to consider could be a standardised approach towards testing AI models.
- Collaborative Threat Intelligence: Cyber threats do not respect borders, and an attack on a smart port in Busan provides vital data that can protect a similar facility in Mumbai. A best practice and regional approach could be for a cybersecurity “clearinghouse” where real-time threats and threat signatures can be shared (through CERTS, for example) without compromising corporate secrets.
Conclusion
The convergence of AI and IoT is the backbone of Asia’s “Fourth Industrial Revolution.” It promises cleaner cities, more efficient factories, and better healthcare. Yet, this backbone is only as strong as our weakest link. As industry leaders, our task is to ensure that while our devices become smarter, our defense strategies become even more intelligent. We must transition from a reactive posture to a predictive one, ensuring the continued growth and digital prosperity of Asia.