Tenable warns of rising cloud risks in Singapore, Southeast Asia
A report released by cybersecurity firm Tenable on June 19, 2025, highlights major cloud security risks in Singapore and Southeast Asia.
The “2025 Cloud Security Risk Report” reveals issues like misconfigured storage systems and embedded secrets in workloads, which may lead to data breaches and regulatory violations.
It found that 9% of cloud storage resources contain sensitive data, and nearly 10% of publicly accessible storage has confidential information due to weak access controls.
The report also shows that 54% of organizations using AWS ECS task definitions have embedded secrets, creating risks of cloud environment takeovers.
Additionally, 3.5% of AWS EC2 instances have embedded credentials, increasing the threat of privilege escalation.
Ari Eitan, Tenable’s director of Cloud Security Research, warned, “Complacency is costly.” He stressed the need to protect sensitive data and credentials.
.source-ref{font-size:0.85em;color:#666;display:block;margin-top:1em;}a.ask-tia-citation-link:hover{color:#11628d !important;background:#e9f6f5 !important;border-color:#11628d !important;text-decoration:none !important;}@media only screen and (min-width:768px){a.ask-tia-citation-link{font-size:11px !important;}}🔗 Source: Tenable
The cloud vulnerabilities identified by Tenable aren’t theoretical concerns, as they reflect persistent security issues that have already resulted in significant breaches across the region.
In 2019, Sephora suffered a major breach exposing personal data of customers across Singapore, Malaysia, Indonesia, Thailand, the Philippines, Hong Kong, Australia, and New Zealand, including names, birth dates, and encrypted passwords 1.
That same year, Malindo Air disclosed a breach affecting approximately 30 million passengers when former employees of an Indian contractor improperly accessed sensitive data, including passport numbers, home addresses, and phone numbers 2.
These historical incidents demonstrate the very real consequences of cloud security vulnerabilities in Southeast Asia, particularly the risks associated with third-party contractors and misconfigured access controls, which align with the issues highlighted in Tenable’s findings.
The region’s growing digitalization has only increased the attack surface, with cybersecurity firm Palo Alto Networks reporting a nearly fivefold increase in daily cloud-based security alerts by the end of 2024, including a 235% increase in high-severity alerts targeting identity access management tokens 3.
Tenable’s findings on cloud vulnerabilities are particularly concerning given the increasingly stringent and diverse data protection regulations across Southeast Asia.
Indonesia’s Personal Data Protection Law enacted in 2022 now imposes penalties of up to 2% of annual revenue for non-compliance, while Malaysia’s PDPA amendments require organizations to appoint data protection officers and notify authorities of breaches, with fines reaching 1 million ringgit 4.
Singapore’s robust regulatory framework under the PDPA and Cybersecurity Act emphasizes consent and accountability for data handling, with penalties up to S$1 million, creating a high compliance bar for businesses operating in the region 4.
The implementation of Thailand’s PDPA in 2022 added another layer of complexity by requiring consent for sensitive data processing and introducing penalties including both fines and potential imprisonment 4.
This regulatory patchwork means that the cloud vulnerabilities identified by Tenable, particularly the 9% of storage resources containing sensitive data and the 54% of organizations with embedded secrets, represent not just security risks but significant compliance and financial liabilities across multiple jurisdictions.
Tenable’s findings come at a crucial juncture as Southeast Asia emerges as a key battleground for cloud computing infrastructure and services.
Billions of dollars are being invested in building digital infrastructure across the region, with countries like Singapore and Indonesia leading in digital transformation efforts that rely heavily on secure cloud environments 5.
The region has become a strategic focus in the competition between U.S. and Chinese cloud service providers, elevating the importance of security as a key differentiator in winning market share 5.
As Southeast Asian nations develop their digital economies, robust cybersecurity practices are becoming essential for fostering trust in cloud services, particularly given the intensifying focus of attackers on identity access management and data exfiltration identified in recent threat research 3.
Singapore’s initiatives like the Cloud Outage Incident Response (COIR) framework mentioned in the Tenable report reflect the recognition that cloud security is not just an organizational concern but a national economic and security priority in the region’s digital transformation journey.
Read full article on Tech in Asia
Technology Cybersecurity
One-stop lifestyle app dedicated to making life in Singapore a breeze!
English
简体中文
Comments
Leave a comment in Nestia App