As cyber threats grow more advanced, resilience requires more than just updated tools—it demands a new mindset. In this interview, Corinium’s Vanessa Jalleh speaks with Justin Ong, APAC CISO at Panasonic, about tackling AI-driven attacks, expanding threat surfaces, and the growing skills gap. 

In a threat landscape defined by speed, scale, and surprise, Justin Ong brings a pragmatic and forward-thinking perspective shaped by his leadership at one of the world’s most recognisable brands. In this conversation, he answers five key questions about what it takes to build true cyber resilience today—from adopting attacker-perspective tooling and navigating AI-fuelled threats to balancing short-term defence with long-term strategic investment.

Which current cybersecurity trends do you believe will have the greatest impact on organisations over the next few years, and why?

The cybersecurity landscape is in a state of rapid transformation, marked by trends whose implications will reverberate across organisations for years to come. Chief among these is the accelerating sophistication of threat actors, empowered by advances in artificial intelligence (AI) and machine learning (ML). We are already witnessing the emergence of AI-driven malware, automated social engineering campaigns, and adaptive ransomware that can dynamically change tactics to evade defences.

This trend is compounded by the proliferation of connected devices—the so-called Internet of Things (IoT)—which is expanding the attack surface exponentially. As more operational technology (OT) converges with traditional IT infrastructure, vulnerabilities multiply, especially in sectors like healthcare, manufacturing, and energy that depend on legacy systems. Shadow IT and the migration to hybrid and multicloud environments continue to muddy visibility, making it harder for organisations to gain a unified view of their risk posture.

Another critical trend is the weaponisation of data. Attackers are leveraging stolen information for targeted extortion, disinformation campaigns, and even to train their own malicious AI models. Meanwhile, regulatory pressures are mounting, with governments worldwide enacting stricter data protection and cybersecurity standards—raising the stakes for compliance failures.

Finally, the talent shortage in cybersecurity is becoming acute. As adversaries become more formidable, the gap between the skills needed and available expertise is widening. In the coming years, organisations that cannot adapt to these realities by investing in automation, zero-trust architectures, and ongoing staff development will find themselves increasingly vulnerable.

AI is transforming both attack methods and defence tools. What’s one area where defenders can realistically gain the upper hand in the next 1–2 years?

A promising avenue where defenders can realistically gain the upper hand in the next 1–2 years is through the integration of AI-driven Security Operations Centers (SOCs) with Continuous Threat Exposure Management (CTEM). By leveraging machine learning for behavioural analytics, AI-enabled SOCs already enhance detection, automate response, and reduce analyst fatigue. However, the addition of CTEM—especially when incorporating external scanning platforms that provide an attacker’s-eye view—represents a transformative leap forward.

These external scanning platforms continuously assess the entire IT value chain, mapping digital assets from the outside in, just as a sophisticated adversary would. Critically, they don’t merely amass vulnerability data—they intelligently prioritise the top 5% of exposures that present the most credible risk of exploitation. This focus enables security teams to cut through the noise and concentrate remediation efforts on the vulnerabilities that truly matter, addressing the all-too-common pain of being overwhelmed by endless lists of lower-priority issues.

When combined with AI-powered correlation of telemetry from endpoints, network traffic, cloud services, and user activities, this approach accelerates the identification of subtle, evolving threats. Automated orchestration can then swiftly isolate compromised systems or revoke credentials as soon as danger is detected, further reducing attackers’ dwell time.

The real breakthrough comes in pairing these technologies with skilled human analysts. While advanced automation and attacker-perspective scanning surface and prioritise critical risks, it is human expertise that contextualises incidents and refines strategic responses. Organisations that invest in upskilling analysts to work hand-in-hand with intelligent automation and continuous exposure management will be best positioned to transform raw security data into actionable, proactive defence—turning the tide on attackers and reducing vulnerability across the entire enterprise landscape.

Cyber threats are evolving fast, often from unexpected sources. How can organisations move beyond static playbooks to build truly adaptive resilience?

Traditional playbooks—though valuable for codifying response to known threats—are inherently limited in their ability to address agile, novel attacks. To achieve adaptive resilience, organisations must embrace a mindset and operational model that prioritises flexibility, learning, and continuous improvement.

The foundation of this approach is threat-informed defence: leveraging real-time threat intelligence to dynamically adjust controls, priorities, and response strategies as the threat environment shifts. This means not only subscribing to external intelligence feeds but also developing internal mechanisms for capturing and analysing near-misses, failed attacks, and emerging vulnerabilities.

Simulated attacks (red teaming) and ongoing adversary emulation exercises enable organisations to test and refine their defences under realistic conditions, uncovering weaknesses that static policies might overlook. These exercises should be complemented by incident “post-mortems” that focus not just on technical remediation, but on process and communication improvements.

On the technological front, adaptive security architectures—such as zero trust, microsegmentation, and automated threat hunting—allow for real-time policy enforcement and rapid reconfiguration in response to evolving risks. Cloud-native and serverless environments, for example, can be instrumented to self-heal or automatically roll back to a secure state when compromise is detected.

Finally, building a culture of collaboration and empowerment is vital. Cross-functional teams, clear escalation paths, and regular training foster organisational muscle memory, ensuring that when the unexpected occurs, responses are both swift and effective.

How do you balance immediate cyber risks with long-range strategic thinking, especially when dealing with unpredictable or novel threats?

Balancing the imperative for immediate action against the demands of long-term strategy is a perennial challenge in cybersecurity. Successful organisations approach this balance through structured risk management frameworks, underpinned by a clear understanding of business priorities and threat landscapes.

In the short term, this means maintaining vigilant monitoring, rapid response capabilities, and a well-rehearsed incident response plan that can be activated at a moment’s notice. These “hygiene” practices—patching, vulnerability management, regular backups, and least-privilege controls—are non-negotiable in keeping day-to-day risks in check.

Yet, true resilience depends on looking further ahead. Strategic investments should focus on building adaptable infrastructure, nurturing talent, and fostering external partnerships. Scenario planning—imagining not just the most likely risks, but also so-called “black swan” events—helps organisations identify gaps in preparedness and allocate resources accordingly.

It’s equally important to cultivate an environment where experimentation is encouraged and lessons from both successes and failures are systematically captured. Cyber threats will never be fully predictable, but organisations that learn faster than their adversaries will be best equipped to thrive in uncertainty.

Looking at today’s signals, where would you advise cybersecurity teams to focus deeper investment — whether in talent, tooling, or partnerships — before 2026?

Given current trends, I would recommend a balanced portfolio of investments across three axes: talent, tooling, and partnerships.

• Talent: Develop and retain multidisciplinary teams that blend technical prowess with soft skills such as communication, problem-solving, and critical thinking. Upskill existing staff in cloud security, AI/ML, and secure software development. Encourage diversity of background and perspective, as attackers are increasingly exploiting human factors.
• Tooling: Prioritise tools that deliver visibility and automation at scale. This includes extended detection and response (XDR), security orchestration, automation and response (SOAR), and cloud-native security platforms. Ensure that tools are interoperable, capable of integrating data streams across on-premises and cloud environments, and adaptable to evolving threats. A particularly crucial area for investment is Continuous Threat Exposure Management (CTEM), which relies on external scanning platforms that simulate an attacker’s perspective. These platforms continuously evaluate your organisation’s external attack surface, identifying exposures and vulnerabilities before adversaries can take advantage. By providing a real-time, attacker’s-eye view of your infrastructure, external scanning tools empower security teams to proactively prioritise and remediate risks, strengthening overall cyber readiness.
• Partnerships: Forge strong ties with peer organisations, industry groups, and government agencies to share intelligence, coordinate responses, and learn from one another. Consider joint exercises, shared threat feeds, and collaborative research initiatives to accelerate innovation and improve collective defence.
  
  

Above all, view cybersecurity as a core business enabler, not just a compliance function. By investing strategically in people, technology, and collaboration now, cybersecurity teams can position themselves “ahead of the curve”—prepared not just for today’s threats, but for the challenges that lie beyond the horizon.

Don’t miss the opportunity to hear more from Justin Ong at CISO Singapore 2025 (19-20 August) at the Equarius Hotel, Sentosa.

Alongside this event, we have two exciting events AppSec & DevSecOps Singapore 2025 (20 August) and Cloud Security Singapore 2025 (20 August) happening in the same space.

If you would like to share your experience and insights at our events, feel free to reach out to Vanessa Jalleh.

Main Photo by Fahrul Azmi on Unsplash