5 days ago
Cybersecurity demands proactive identity verification to counter AI threats
Cybersecurity is a race to outpace scammers, and secure identity verification must be at the forefront, says Jen Liang, CEO of Australia-based IDMeta Group.
During the Cybersecurity Summit 2025 on Friday (July 25), Liang said artificial intelligence reshapes fraud tactics, with deepfakes posing a growing threat, making identity verification the foundation of digital trust.
"Fraudsters use AI to manipulate IDs, mimic voices, and create deepfake videos, but we also use AI for fraud detection. Our biometric technology can detect deepfakes not just at onboarding but during live interactions," he said during the panel discussion titled "Digital Trust and Resilience: Strengthening Cyber Confidence in Malaysia."
He highlighted cases where people unwittingly engaged with deepfakes on video calls. In 2024, a finance employee at a multinational company in Hong Kong was deceived into transferring $25mil after fraudsters used deepfake technology to impersonate the company's CFO during a video conference call.
"It's really concerning. Fake meetings are being set up with deepfakes that are 85% to 95% accurate," he said.
Liang said the challenge lies in staying ahead of cybercriminals and adapting faster than they do. "Cybersecurity has always been about staying one step ahead. The difference now is the tools are far more powerful for both sides."
He emphasised the importance of scalable, secure identity verification in sectors like fintech and gaming.
"Fintech and gaming are typically the spaces we're very much involved in. Verification is critical when onboarding customers securely and ensuring they are who they say they are.
It's also key to preventing scams and fraudulent accounts, which is especially important today," he said.
Operating in multiple jurisdictions, Liang acknowledged that navigating data privacy laws and compliance is one of the company's greatest challenges. "Every country has its own regulatory framework. In Australia, the privacy act is very strict."
He noted that both Australia and Indonesia require in-country data servers, with no allowance for cross-border storage.
"The Philippines is moving in that direction too, but they don't yet have the infrastructure to support it. Without local data centres like Google or Amazon Web Services, requiring in-country servers could overwhelm their current systems," he said.
Liang added that while regulations are becoming more standardised, such as biometric validation and email screening, enforcement is key. "It's not just about laws being in place. It's about how consistently those laws are enforced."
He also acknowledged Malaysia's evolving digital policy landscape. "On this trip, we've had conversations with several stakeholders here. The direction is there, but the execution and development are still maturing. It's something we're keeping a close eye on," he said.
In response to a question on educating youth about cyber threats, Liang stressed the need to empower them to navigate digital ecosystems responsibly.
"Young people today are far more experiential. They have broad access to information, and they're not afraid to challenge what they're told. We just need to provide them a wider scope of guidance, not control," he said.
Other speakers echoed Liang's concerns, particularly around resilience and preparedness in the face of rising threats.
Amal Wikramasinghe, Head of Governance Risk and Compliance - Cybersecurity and Data Privacy at Axiata Group, described how the company managed a rare and unforeseen third-party outage that impacted four of its operating companies.
He emphasised the need for real-time crisis communication and damage assessment protocols.
Zainol Zainuddin, CTO of NTT DATA eCommerce Solutions, warned that infrastructure resilience is only as strong as an organisation's cybersecurity culture. He highlighted how phishing, still the most common entry point for hackers, thrives in organisations where awareness is treated as a checklist, not a mindset.
"Even the best technology won't protect you if your people don't know how to spot a phishing email. You have to create a blame-free, transparent culture where mistakes can be reported early," he said.
Moderator Jaco Benadie, Partner, Technology Consulting – Cyber at Ernst & Young Consulting Sdn Bhd, summarised that building digital trust requires a proactive, resilient strategy that spans technology, people, and culture, while prioritising user privacy and navigating cross-border regulatory challenges.
