The identification infrastructure of companies in the Asia-Pacific region (APAC) is struggling to cope with the current level of threats posed by artificial intelligence. This was stated by Keeper Security CEO Darren Guccione in a column for SMBtech.
AI has simplified the scaling of attacks on accounts and access systems, and the quantum threat is no longer a “problem of the distant future,” the expert stated, citing the Keeper Security Identity Security at Machine Speed report.
According to the report, 83% of cybersecurity and IT leaders in APAC pointed to the increasing complexity of potential threats. Nearly half of the respondents (47%) directly linked this to AI attacks.
Another issue is cloud security. In the region, 46% of companies consider it the main weak point in their defenses.
Guccione also noted the rise in the number of new “digital identities.” 38% of companies in APAC are under pressure due to the increase in accounts and associated identifiers.
Furthermore, 53% of organizations reported issues with interacting with non-human users—service accounts, API tokens, and credentials for automation. These are appearing faster than companies can establish control.
Many organizations continue to use SMS authentication. In APAC, this method is used by 36% of companies, and in China—by 40%.
The expert considers SMS one of the most vulnerable elements of protection. He highlighted the risks of SIM swapping, real-time phishing, and social engineering using AI.
Against this backdrop, 41% of companies in the region have already implemented phishing-resistant MFA—FIDO2, hardware security keys, and passkeys. However, only 26% of organizations have fully transitioned to the latest and most secure type of protection.
Meanwhile, 64% of companies worldwide still lack a fully operational PAM system. In APAC, such a mechanism is implemented in 38% of organizations, and in Japan—only 22%.
Quantum Threat and New Standards
The second part of the column addresses the quantum threat. According to Guccione, the harvest now, decrypt later scenario cannot be considered purely theoretical. Malefactors are already accumulating encrypted data, intending to crack it once powerful quantum computers become available.
At risk is information with a long lifespan: financial reports, intellectual property, and identification infrastructure.
Guccione noted that in August 2024, the NIST approved the first post-quantum cryptography standards—FIPS 203, FIPS 204, and FIPS 205.
In March 2025, the British NCSC released a roadmap for migration to post-quantum encryption. The document suggests:
- conducting an inventory of crypto-dependent systems by 2028;
- completing priority migrations by 2031;
- finalizing the transition by 2035.
SMBtech cites this timeline as a signal that preparation can no longer be postponed.
Following the publication of NIST standards, Cloudflare called them a significant milestone for protecting modern communications in the world of quantum computing. The OpenID Foundation also warned that the threat affects tokens, certificates, and TLS—the basic elements of modern identification infrastructure.
Practical suggestions for improving security include:
- abandoning SMS authentication;
- accelerating the implementation of passkeys and MFA;
- inventorying cryptographic dependencies before transitioning to hybrid and post-quantum schemes.
Back in May, Cisco’s Global Director of Innovation Guy Diedrich announced that the company would prepare its network infrastructure ahead of the quantum leap.