Breaking News
Natasha
Natasha
Aug 18 2025
19Gone are the days of managing Information Technology (IT) and Operational Technology (OT) separately. The once siloed domains are now becoming inseparable in Asia Pacific (APAC), as the region’s digitalisation drive continues to rev up. This merge opens up cybersecurity loopholes that can only be addressed by smarter and layered defenses.
At present, the Asia Pacific IT/OT convergence market is valued at USD 13.41 billion. It is projected to balloon to USD 62.17 billion by 2030, according to market forecasts, at a compound annual growth rate (CAGR) of 24.5%.
APAC has been leading the digital transformation charge globally. Industries here embrace automation, real-time data, and connected infrastructure, integrating IT and OT systems is becoming essential to improve efficiency and business outcomes.
On the other hand, this convergence also brings new cybersecurity risks. As the dividing line between IT and OT systems blur, the attack surface expands, creating fresh challenges for organisations in the region.
“According to our recent Kaspersky Industrial Control Systems (ICS)-CERT data, key subregions in ICS computers in APAC continue to face a barrage of cyberattacks. In the first quarter of 2025, Southeast Asia is second, Central Asia is third, and South Asia is sixth place in the global ranking by percentage of ICS computers on which malicious objects were blocked,” says Adrian Hia, Managing Director for Asia Pacific at Kaspersky.
In terms of the overall percentage of ICS computers on which malicious objects were blocked, APAC is nearly 3% higher at 23% compared with the global average at 20.54% in Q2 2025.
In Q2 2025, a new wave of phishing was blocked on ICS computers in the oil and gas sector in APAC. This time, known spyware families like FormBook, AgentTesla, and Noon were directly attached to the emails. All these attacks were blocked by Kaspersky solutions.
Kaspersky’s ICS CERT data also reveals that APAC is one of the top regions by percentage of viruses detected, 2-3 time higher compared to world average. Although viruses are often considered legacy threats, they can cause operations disruption in the event of an outbreak — and they definitely drive-up maintenance costs.
The most affected APAC industries by virus threats in Q2 2025 were power energy, building automation, oil & gas, manufacturing and ICS engineering and integration.
The most affected countries in terms of virus attacks on ICS computers in Q2 2025 were Vietnam, Afghanistan, China, Bangladesh, Pakistan, Myanmar, Laos, Cambodia, Indonesia, and Nepal.
To respond to the escalating threats targeting critical infrastructure in APAC, Kaspersky urges adopting a layered cybersecurity framework with smarter Security Operation Center (SOC) at its heart.
In his presentation, Hia explained that this framework starts with prevention, using threat intelligence tools such as brand protection, attribution engines, and indicators of compromise to identify threats before they strike.
The second layer focuses on protection through advanced tools like EDR (Endpoint Detection and Response), MDR (Managed Detection and Response, and XDR (Extended Detection and Response) platforms. Some of which now support both IT and OT environments. These solutions are designed to detect, contain, and respond to threats across hybrid infrastructures.
“When incidents occur, response becomes critical. Every minute can equate to dollars lost. We observed that organisations in APAC are increasingly relying on expert services such as incident response, vulnerability assessments, penetration testing, and cyber drills to minimize damage and recover quickly. To truly protect the IT and OT merge, all of these layers should be tied together through a centralized and intelligence-based Security Operations Center (SOC) integrated with SIEM and real-time threat intelligence. These systems provide real-time visibility and coordination, enabling security teams to monitor threats across the entire IT and OT environment,” Hia explains.
He adds that with IT and OT integration set to accelerate in the years ahead, cybersecurity strategies in APAC must continue evolving, bridging both domains to secure operations and ensure resilience in an increasingly connected world.
For industrial companies to be protected from various threats, Kaspersky experts recommend:
· Conducting regular security assessments of OT systems to identify and eliminate possible cyber security issues.
· Performing timely updates for the key components of the enterprise’s OT network; applying security fixes and patches or implementing compensating measures as soon as it is technically possible is crucial for preventing a major incident that might cost millions due to the interruption of the production process.
· Improving the response to new and advanced malicious techniques by building and strengthening teams’ skills in incident prevention, detection, and response. Dedicated OT security trainings for IT security staff and OT personnel is one of the key measures helping to achieve this.
· Use dedicated solutions – for industrial companies, Kaspersky provides, for example, a unique ecosystem that seamlessly integrates specialized OT-grade technologies, expert knowledge, and invaluable expertise. Kaspersky Industrial Cybersecurity (KICS) as the cornerstone of this OT ecosystem, offers advanced asset inventory, security audit and extended threat and anomaly detection, and can be scaled across distributed infrastructure.
· For securing businesses in areas where industrial and corporate environments overlap use comprehensive solutions like Kaspersky Next XDR Expert, which enables for operational scenarios that include seamless interactions with third-party solutions, enhancing investigative and response capabilities.
· Build a unified Security Operations Center (SOC) that has visibility across both IT and OT systems. This includes advanced solutions and services like SIEM, threat intelligence , training courses for analysts that help recognize industrial threats. These measures allow to establish clear incident response procedures that address both business and operational technologies.
To know more about Kaspersky’s products and services, visit www.kaspersky.com.
You Must be Registered Or Logged in To Comment Log In?
