Beyond Zero Trust: Navigating AI Innovations in Cyber Security for OT and IT Environments
The cyber threat landscape is shifting faster than ever. Malware, ransomware, DDoS and other attack vectors are no longer siloed, nor are they aimed solely at large organisations. As mentioned previously by YBhg. Dato’ Ts Dr Haji Amirudin Bin Abdul Wahab, CEO of CyberSecurity Malaysia:
“Digital threats now target everyone—from multinational enterprises to individuals—and attackers are blending methods to achieve their goals.”
At the same time, emerging technologies introduce fresh vulnerabilities:
“Today it’s AI and ML; in 18–24 months, quantum will join the spectrum of threats”
- Suresh Sankaran Srinivasan, Group Head of Cybersecurity & Data Privacy, Axiata Group
Against this backdrop, our workshop, co-hosted with CyberSecurity Malaysia: “Beyond Zero Trust: AI Innovations in Cyber Security and Risk Management for OT and IT Environments” convened cross‑sector leaders to explore three core themes:
The Evolving Threat Landscape: IT/OT Convergence and New Risks
AI in Action: Enhancing Detection, Risk Management, and Human‑Machine Collaboration
Overcoming Integration Hurdles and Charting the Path to Cyber Resilience
1. The Evolving Threat Landscape: IT/OT Convergence and New Risks
As organisations blur the lines between IT and Operational Technology (OT), they also merge the linguistic and cultural silos that once separated them.
“We need a risk‑led discussion, not a risk‑driven one—tying security by design from the boardroom all the way down to technical verification.”
-Yu Long (Tyler) Tang, Director Enterprise Information Security, softScheck
Quantum computing looms as the next frontier of risk, alongside AI‑generated threats such as data poisoning. Many Malaysian enterprises allocate under 5 percent of their IT budgets to cyber security, even as malicious phishing and ransomware remain pervasive locally, highlighting a significant underinvestment in crucial security measures.
2. AI in Action: Enhancing Detection, Risk Management, and Human‑Machine Collaboration
Participants agreed that developments in AI now require a shift from reactive to proactive cyber security frameworks.
“Generative AI is evolving into agentic AI—not just telling us what happened but taking actionable steps on our behalf.”
James Fong, Technology Workflow, Risk & Security Solutions Leader-ASIA, ServiceNow
Key enablers include:
Integrated data platforms that collapse siloed logs and correlate attacks to business impact.
Governance “control towers” to oversee how AI models ingest data, manage access and enforce compliance.
Human‑AI collaboration, where AI handles repetitive tasks (e.g., triaging alerts) and humans retain oversight on strategy and ethics.
3. Overcoming Integration Hurdles and Charting the Path to AI-driven Cyber Security
Enthusiasm for AI‑driven security is high, but practical obstacles remain:
Differing “languages” between IT and OT teams, which hampers data sharing and unified threat modelling
Legacy systems that lack modern APIs and resist integration with AI platforms
Talent shortages in both AI engineering and OT cyber security, creating skills gaps
Management buy‑in, particularly around accepting AI‑driven “hallucinations” and residual risk
AIBP’s latest report, Cybersecurity in ASEAN: Deep Dive into IAM and PAM, highlights 52% of organisations in Southeast Asia now prioritise cybersecurity in their digital transformation projects, a significant increase from 22% in 2019. In our live poll, 63% of Malaysian leaders identified the shortage of experienced personnel as the primary barrier to integrating AI‑powered cyber security across IT/OT systems (poll snapshot below).
To overcome these hurdles, participants recommended:
Embed security by design into every AI initiative—incorporating procurement controls, data‑source verification and compliance checks from day one.
Form a small, cross‑functional AI steering team—bringing together business leaders, security experts and enterprise architects to assess risks and benefits continuously.
Invest in modular, future‑proof platforms that can absorb new AI capabilities without requiring wholesale overhauls of core OT infrastructure.
Looking Ahead
As software ecosystems fuse IT, OT, IoT and physical security, roles will evolve—CISOs may become CSOs overseeing a single, integrated “security mesh.” Close collaboration between enterprise architects and cyber security teams will be vital to build robust AI “control towers” that both accelerate insights and enforce guardrails.
By moving beyond mere zero‑trust postures and embracing AI‑driven, business‑aligned security, organisations can not only defend against today’s threats but also build the resilience to face tomorrow’s unknowns.
“Don’t wait, we should be proactive—if there’s no code of practice, we can always refer to the US (HIPAA). We should start this initiative early.”
- Ts. Mohd Zabri Adil Bin Talib, Vice President & Principal Specialist, Responsive Technology & Services Division, CyberSecurity Malaysia:
Want to Take This Conversation Further?
Our upcoming AIBP Conference & Exhibition in Malaysia (9-10 July, 2025) will feature discussions on key themes such as Strategies for Resilience Against Evolving Cyber Threats and Scaling AI Transformation. For in-depth insights into the cybersecurity and AI challenges and opportunities, sign up now!
