Cloud security gaps threaten regional businesses
The report uncovers alarming security gaps in cloud environments, from misconfigured storage exposing sensitive data to embedded secrets in workloads, that could lead to data breaches, financial losses and regulatory repercussions, the company says.
The findings are particularly relevant for organisations operating in regulated sectors or managing cross-border data flows.
In Singapore, where data protection and cybersecurity are tightly governed under frameworks such as the Cybersecurity Act, Personal Data Protection Act (PDPA) and Monetary Authority of Singapore (MAS) technology risk management guidelines, poor visibility into cloud assets and misconfigurations can have serious compliance repercussions.
Similarly, Indonesia's Personal Data Protection Law, the PDPA in Thailand and Malaysia, and the Philippines' Data Privacy Act all impose stringent requirements on data protection, cross-border transfers and cloud security.
"Together, these regulations highlight the urgent need for organisations across Southeast Asia to prioritise strong cloud governance and security to meet evolving compliance and cybersecurity demands," said the report.
The research reveals a significant and widespread risk, finding that 9% of all analysed cloud storage resources contain restricted or confidential information. In environments housing vast volumes of data, this seemingly small percentage translates to millions of sensitive records potentially exposed.
Even more alarming, nearly one in 10 publicly accessible storage locations holds sensitive data, driven by common misconfigurations, weak access controls and limited visibility. This can expose organisations across industries to serious security and compliance threats in line with local or regional data residency expectations.
The risks do not end there. Tenable's findings show that 54% of organisations with AWS ECS (Amazon Web Services Electronic Clearing Services) task definitions have a secret embedded within them, exposing businesses to the threat of full cloud environment takeovers or exploitation activities like unauthorised crypto mining.
Even within AWS EC2 instances, 3.5% contain credentials embedded in user data, giving attackers a clear pathway to escalate privileges and compromise environments.
"Secrets are the keys to the kingdom, yet many organisations are unknowingly leaving them unguarded across their cloud infrastructures," said Ari Eitan, director of cloud security research at Tenable.
"In today's threat landscape, complacency is costly. Organisations must treat secrets with the highest level of security hygiene to prevent attackers from gaining footholds that can spiral into full-blown breaches."
With Singapore continuing to scale up cloud adoption, supported by national initiatives like the Infocomm Media Development Authority's Cloud Outage Incident Response framework and regional efforts to enable secure digital economies, the report highlights the urgent need for a proactive, risk-driven security strategy.
"The cloud offers incredible agility, but without strong controls and continuous monitoring, it also opens the door to significant exposures," Mr Eitan said. "Understanding where your sensitive data and credentials are and who can access them must now be a board-level priority."
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Bangkok Post
24-07-2025
- Bangkok Post
Panel, agencies seek biometric guidelines
The Personal Data Protection Committee (PDPC) convened with related public and private agencies to seek ways to establish clearer guidelines to regulate the collection and use of biometric data, particularly iris scans, over concerns pertaining to the use of personal data. This follows widespread public participation in an iris scan activity carried out by Tools For Humanity Thailand in exchange for digital asset rewards as part of a campaign. Pol Col Suraphong Plengkham, secretary-general of the PDPC, said the eye scanning campaign raised concerns as to whether the data collected could be misused or whether or not the campaign complied with the law. The committee early this week invited key stakeholders from both the public and private sectors, including Tools For Humanity Thailand, to jointly establish regulatory guidelines on this matter. Participating agencies included the Electronic Transactions Development Agency (ETDA), the Securities and Exchange Commission, the Cyber Crime Investigation Bureau, the Department of Special Investigation and National Telecom. Representatives from the private sector included TIDC Worldverse Co Ltd, M Vision Plc, Bitkub Online Co Ltd, Com7 Plc and J.I.B. Computer Group Co Ltd. The use of biometric data from iris scans is classified as sensitive personal data under Section 26 of the Personal Data Protection Act. The meeting concluded that the PDPC will examine the company's process of requesting consent from the owners of the personal data regarding the iris scans to ensure transparency. The ETDA will verify whether the company's app is legally registered, while the SEC will investigate whether foreign apps are being used to generate income within Thailand's financial system. DATA 'NOT STORED IN APP' Pakapol Thangtongchin, country manager of Tools For Humanity Thailand, told the Bangkok Post that the company provided an update on its local operations during the meeting. He told the meeting that the company does not verify "identities" but rather provides "proof of humanity", meaning retina data is not stored in the company's app. The PDPC also requested additional documents from the company to conduct an in-depth technical review, Mr Pakapol added. The SEC wishes to ascertain whether the company's Worldcoin cryptocurrency has been traded legally. Mr Pakapol confirmed that the company trades the coins within five licensed cryptocurrency exchanges in Thailand. The ETDA is concerned about mini apps within the company's app ecosystem, particularly those related to financial services, which may not be authorised in Thailand. "We will closely monitor and address any regulatory concerns," Mr Pakapol added. He also noted that the rising value of cryptocurrencies and current economic challenges have led to an increasing amount of public interest in applying for the company's World app in order to receive free Worldcoin in exchange for having an eye scan. Currently, 10,000 people a week have been getting their eyes scanned via its Orb devices in public locations. However, he warned that some unauthorised individuals may engage in illegal activities, such as in-person meetups to exchange digital assets for cash outside the authorised exchanges. "We will educate our coin users on how to use the wallet properly and encourage them to trade only through authorised exchanges," he said. He said that before operating in Thailand, the company had already sought consultations with three regulators as to whether its service is legitimate or complies with the law.
Bangkok Post
22-07-2025
- Bangkok Post
Bank profits up 3.97% in H1
Thailand's banking industry reported a modest increase in net profit for the first half of 2025, weighed down by a decline in net interest margin, lower interest rates, and sluggish loan growth. According to financial statements submitted to the Stock Exchange of Thailand (SET), 11 SET-listed banks and their subsidiaries posted a combined net profit of 134.5 billion baht for the first half of 2025, marking a year-on-year increase of 3.97%. Among the six domestic systemically important banks (D-SIBs), only SCB X -- the holding company of Siam Commercial Bank (SCB) -- and Bangkok Bank (BBL) recorded net profit growth. SCB X reported the highest net profit growth in the sector, rising 18.7% year-on-year to 25.2 billion baht. BBL followed with a net profit of 24.4 billion baht, up 9.5%. The remaining four D-SIBs -- Krungthai Bank (KTB), Kasikornbank (KBank), Krungsri (Bank of Ayudhya), and TMBThanachart Bank (ttb) -- posted either flat or declining net profits. KBank reported the highest net profit among all banks at 26.2 billion baht, but this figure represented a 0.98% decline from the same period last year. The marginal increase in the sector's overall net profit was primarily driven by non-interest income and effective cost control measures. However, the overall industry saw a decline in net interest income (NII), reflecting the downward trend in interest rates and weak loan demand in line with Thailand's economic conditions. The six D-SIBs reported a combined NII of 327 billion baht for the first half of 2025, down 6.57% year-on-year. As of June 2025, the banks reported total outstanding loans of 13.2 trillion baht, a 0.97% decrease from the end of 2024. Five of the six D-SIBs recorded loan contractions. Only BBL, Thailand's largest lender by total assets, reported marginal loan growth of 0.73%. Kanjana Chockpisansin, head of banking and financial sector research at K-Research, noted that the banking industry is expected to continue facing challenges in the second half of the year due to both domestic and external pressures. Ongoing global uncertainties, particularly stemming from the impact of US tariffs on Thai exports, are expected to weigh on Thailand's economic growth and loan expansion in the second half of the year. Additionally, the declining interest rate environment is likely to continue pressuring the sector's NII. K-Research projects that total loan growth for the banking sector will contract by 0.6% in 2025, in line with a weakening economic outlook in the second half of the year. The centre forecasts Thai GDP growth of just 1.4% for this year. Arthid Nanthawithaya, chief executive of SCB X, said in the financial statement to the SET that despite persistent macroeconomic uncertainties and the prolonged household debt issue, SCB X remains committed to supporting all borrowers through various ongoing assistance measures, including its "You Fight, We Help" debt relief programme.
Bangkok Post
15-07-2025
- Bangkok Post
Safety key to nuclear goal
Nuclear energy has little support among Thai people. The recent news about a conservation group criticising the latest bilateral cooperation between the US and Thai government to upscale plans for small reactor module (SMR) technology is evidence of this. The latest anti-nuclear online mutterings are a reaction to the rekindled interest among Thai policymakers and investors in pursuing the controversial energy resource. Recently, the government and investors launched collaboration with foreign governments such as Denmark and the US, while local investors such as SET-listed Global Power Synergy (GPSC), the PTT group's power flagship, and Saha Pathanapibul International are also supporters of SMRs. They are joined by Thai academic institutes such as King Mongkut's University of Technology, which is promoting similar nuclear energy courses at its Lat Krabang and North Bangkok campuses. Today in Bangkok, the government and its backers will hold a seminar titled "A Global Dialogue on SMR Deployment". This development is good and welcome. Thailand must prepare to tap new energy resources to cater for the demand by manufacturers to produce low-emission goods. As well as fossil-power energy and intermittent renewable energy, the country must think about acquiring a stable power source to feed the exponential demand from data centres and AI operations. Much smaller in size -- around 15-300 megawatts, SMR technology is being touted as the next game changer for industrial sectors that require an on-site clean and stable energy supply. That means the public must be better informed. There must be a healthy debate on whether and how the country can make use of nuclear energy, given its inherent risks. It is essential that supporters of moves to embrace nuclear energy open their ears to public concerns instead of resorting to platitudes about how beneficial and safe the new technology will be. Likewise, opponents must open their hearts to new information. After all, the world has changed. For five decades, Thailand has tried and failed to develop nuclear energy. Those efforts have been marred by fearful reactions caused by the catastrophic nuclear accidents at Chernobyl in Ukraine in 1986 and Japan's Fukushima plant in 2011. But the real problem has always been a lack of trust in Thai officials and investors to handle public safety standards. It is certainly a valid point. In 2000, it took officials at the Atomic Energy Commission for Peace 17 days to find a spent cobalt-60 cylinder stolen from a warehouse by scrap metal workers who later opened it in one of their homes in Samut Prakan. Three later died from radiation sickness, while 1,872 community members were exposed to different levels of radiation. In 2023, a tube containing radioactive element Caesium-137 went missing from the National Power Plant 5A Company's facility in Prachin Buri province before later being found burned in a scrap metal factory. That means the public education drive must not be a PR campaign to force acceptance, either. After all, countries with good public approval ratings of their nuclear energy policies are all societies with trustworthy infrastructure, transparency and well-tested safety standards. Simply promoting new technology is not enough. Without public trust in officials' ability to handle safety, Thailand's quest for nuclear power plants will remain the same pipe dream it has been for the past five decades.
