Akamai Technologies has released the Defenders’ Guide 2025: Fortify the Future of Your Defense. This first-of-its-kind state of the internet report delivers practical research around risk management to identify, assess, and mitigate threats; how to reinforce network architecture to create defence barriers and contain potential breaches; and guidance around implementing host security to prevent unauthorised access and malware at endpoints. It provides novel insights to help organisations in the Asia Pacific region strengthen their cybersecurity posture.
The Asia Pacific cybersecurity landscape remains highly complex and fragmented, as it is a diverse region of emerging economies and developed markets. The region is also increasingly under siege. Last year, Asia Pacific became the second most attacked region in the world regarding web application DDoS attacks, with attacks growing fivefold compared to the previous year.
While other regions have centralised cybersecurity oversight, Asia Pacific lacks a unified governing body to establish standardised protocols, leaving organisations to navigate threats with varying levels of preparedness. In response, chief information security officers and IT decision-makers across Asia Pacific actively seeking knowledge and resources to fortify their organisations against evolving threats.
“Asia Pacific continues to be a key growth driver for businesses, fueled by rapid digital transformation and a dynamic economic landscape,” said Akamai’s Parimal Pandya. “However, as organisations accelerate their digital initiatives, the region remains a prime target for increasingly sophisticated cyber attacks, particularly AI-driven attacks. Security must be a fundamental enabler of business growth, not a barrier.”
“Akamai’s latest research empowers security leaders across Asia Pacific with actionable insights into critical threats, ranging from VPN vulnerabilities to advanced malware techniques, so they can build resilient, research-driven defences that support their business objectives.”
Despite broad agreement on its usefulness to tackle the increasingly diverse and sophisticated threat landscape, risk scoring has sparked ongoing debate in the security community due to the complexities of its execution. The rise of artificial intelligence and the accessibility of hacking tools are making cyber attacks easier for hackers – both amateurs and skilled actors – to launch cyber attacks. This means organisations are facing a more unpredictable and dangerous digital threat landscape than ever before.
The Defenders’ Guide 2025 offers a new risk-scoring model that quantifies organisational vulnerabilities by evaluating application importance, network complexity, and likelihood of compromise. It includes recommendations such as endpoint impact analysis, segmentation strategies, and methods for mitigating internal and external risks.
The guide also offers malware metamorphosis, which provides insights into botnet families like NoaBot and RedTail by highlighting advanced tactics such as peer-to-peer architectures and fileless malware. The report offers practical steps for mitigating these threats, including patch management and employee training.
As remote and hybrid work models continue to be the norm, many organisations in Asia Pacific have heavily invested in VPNs to facilitate efficient and secure remote access. Despite the global push towards zero trust network access, many organisations still rely on legacy VPNs due to their substantial existing investments and the ongoing prevalence of hybrid work models.
However, legacy VPNs present significant security vulnerabilities. The new VPN abuse research in the Defenders’ Guide 2025 reveals vulnerabilities in VPN appliances often exploited by advanced threat actors. Guidance is also provided on mitigating these threats by adopting practices such as secure LDAP protocols, custom encryption, and frequent firmware updates.
Web applications rely on user input, but improper handling can lead to cross-site scripting vulnerabilities, where malicious scripts execute in a user’s browser due to inadequate input validation or weak content security policies. Even trusted data sources can become compromised due to upstream changes or third-party integrations, making cross-site scripting a critical security risk and the second most common attack vector driving growth in web application and API attacks in Asia Pacific.
While modern frameworks and peer code reviews can help mitigate the risk, they are not foolproof. The only reliable approach to addressing this issue is a ‘defence in depth’ strategy, layering multiple security measures to reduce the chances of successful exploitation. The cross-site scripting research in this guide demonstrates the critical need for layered defences to address vulnerabilities in user input processing.
As containers are frequently adopted today due to its flexibility, lightweight, and ease of deployment, it also presents new security challenges. This explains the necessity of host security and why implementing it requires careful planning and a deep understanding of potential risks to create a robust defence that can adapt to an ever-changing digital landscape.
Due to the increased reliance on Kubernetes in the corporate world and amongst businesses, the Defenders’ Guide offers an analysis of six Kubernetes vulnerabilities from 2023–2024 and outlines the risks of command injection attacks. The report emphasises proactive patching and vigilance against emerging threats in containerised environments.
The Defenders’ Guide 2025 is a useful resource for organisations that aim to stay ahead in an increasingly complex digital landscape, taking a different approach than conventional reports, delivering actionable intelligence rather than abstract trends.
The report offers security practitioners insights from cybersecurity experts and data scientists who are working on the front lines to combat threats on a daily basis.
You can read the full report here.
