New research highlights key threats and strategies to help organisations combat cyber risks
Akamai Technologies (NASDAQ: AKAM), a leading cybersecurity and cloud computing firm, has released its latest research report, Defenders’ Guide 2025: Fortify the Future of Your Defence. The report provides security professionals across the Asia-Pacific and Japan (APJ) region with critical insights into emerging cyber threats, including VPN abuse, cross-site scripting vulnerabilities, and advanced malware techniques. With practical recommendations, the guide aims to help organisations strengthen their security posture and stay ahead of evolving cyber risks.
Growing Threat Landscape In APJ
The cybersecurity landscape in APJ is becoming increasingly complex. As a region made up of both emerging economies and developed markets, APJ lacks a centralised cybersecurity framework, leaving organisations to navigate threats with varying levels of preparedness. This has made the region a prime target for cybercriminals. In 2024, APJ ranked as the second most attacked region in the world for web application distributed denial-of-service (DDoS) attacks, with incidents rising fivefold compared to the previous year.
With no unified governing body to set standardised security protocols, Chief Information Security Officers (CISOs) and IT decision-makers (ITDMs) in APJ are actively seeking strategies to mitigate these risks.
“APJ continues to be a key growth driver for businesses, fuelled by rapid digital transformation and a dynamic economic landscape. However, as organisations accelerate their digital initiatives, the region remains a prime target for increasingly sophisticated cyber-attacks, particularly AI-driven attacks,” said Parimal Pandya, Senior Vice President and Managing Director of Akamai Technologies APJ.
“Security must be a fundamental enabler of business growth, not a barrier. Akamai’s latest research empowers security leaders across APJ with actionable insights into critical threats, ranging from VPN vulnerabilities to advanced malware techniques, so they can build resilient, research-driven defences that support their business objectives.”
Addressing Risk Management With Data-Driven Insights
As cyber threats become more sophisticated, risk management has never been more crucial. However, the concept of risk scoring—quantifying the potential impact of threats—remains a topic of debate within the security community due to the complexity of its implementation. The growing use of artificial intelligence and the increasing availability of hacking tools have made it easier for both amateur and professional hackers to launch cyberattacks, creating an unpredictable digital environment.
The Defenders’ Guide 2025 introduces a new risk scoring model designed to help organisations assess vulnerabilities based on factors such as application importance, network complexity, and likelihood of compromise. The model provides actionable strategies, including endpoint impact analysis, network segmentation techniques, and best practices for mitigating internal and external risks.
The report also explores the evolution of malware, offering insights into botnet families like NoaBot and RedTail, which use advanced techniques such as peer-to-peer networks and fileless malware. By understanding these threats, organisations can adopt better security measures such as regular patch management and employee cybersecurity training.
Strengthening Network Security In Hybrid Work Era
As remote and hybrid work models continue to be the norm, many organisations in APJ have heavily invested in virtual private networks (VPNs) to facilitate secure remote access. While there is a global push towards Zero Trust Network Access (ZTNA), many APJ businesses still rely on traditional VPNs due to past investments and the ongoing need for remote work solutions.
However, outdated VPNs pose significant security risks. The Defenders’ Guide 2025 highlights vulnerabilities in VPN appliances that cybercriminals often exploit. The report suggests mitigation strategies such as using secure LDAP protocols, custom encryption methods, and frequent firmware updates to enhance VPN security.
Another major concern is cross-site scripting (XSS) vulnerabilities, which occur when web applications fail to properly validate user inputs. This allows attackers to execute malicious scripts in users’ browsers, leading to data theft and other security breaches. The report identifies XSS as the second most common attack vector driving the rise of web application and API attacks in APJ.
Modern security frameworks and peer code reviews can reduce the risk of XSS, but they are not foolproof. The only reliable solution is a “defence in depth” strategy—using multiple layers of security controls to minimise the risk of exploitation. The research in the guide highlights the importance of layered defences in protecting user input processing systems.
Enhancing Host Security Amid Kubernetes Vulnerabilities
With the increasing adoption of containerised environments for their flexibility and ease of deployment, host security has become a critical concern. Containers streamline software deployment, but they also introduce new security risks.
Due to the widespread use of Kubernetes in enterprise environments, the Defenders’ Guide 2025 analyses six major Kubernetes vulnerabilities from 2023–2024. The report outlines how these flaws could be exploited through command injection attacks, which allow attackers to execute malicious commands within a system. To mitigate these risks, Akamai recommends proactive patching, continuous monitoring, and adopting secure coding practices to protect containerised environments.
Practical Guide For Cybersecurity Teams
Unlike conventional reports that focus on abstract trends, the Defenders’ Guide 2025 delivers hands-on intelligence and actionable insights that cybersecurity professionals can use to strengthen their organisations’ defences. The report provides perspectives from cybersecurity experts and data scientists who deal with cyber threats daily, offering in-depth analysis of real-world attack methods and defence strategies.
For businesses looking to stay ahead in an increasingly complex digital landscape, the full report is an essential resource.
