.jpeg)
On February 2, 2026, Niki Luhur, Founder and Group CEO of VIDA, delivered a powerful keynote at CISO Malaysia 2026 in Kuala Lumpur, challenging security leaders to fundamentally rethink their defense strategies.
The message was clear: digital scams in Southeast Asia has evolved from isolated, opportunistic scams into highly commercial operations run by sophisticated, organized syndicates.“Fraud today is no longer about individuals seeking quick profits; it has become a business, a billion-dollar business,” said Niki Luhur. “When crime operates like an industry, security cannot rely on assumptions built for a different era.”
Artificial Intelligence (AI) is the key engine of this transformation, automating, repeating, and scaling criminal activity into a structured industry complete with supply chains, specialized roles, and cross-border infrastructure that mirrors the efficiency of modern, legitimate businesses. The AI-Powered Threat & The Regulatory Imperative
The result is an industrialized threat landscape. AI-powered attacks—such as large-scale deepfake attacks, synthetic identity fraud, and automated device farms—are effectively eroding traditional security models. These attacks are no longer random; they are strategically timed to target moments of high trust and liquidity, such as salary payments or festive bonus periods.
This urgency is magnified in Malaysia. Bank Negara Malaysia's (BNM) mandate to phase out SMS OTPs by June 2026 recognizes that legacy authentication is insufficient against modern threats like SIM swap fraud and AI-powered social engineering. This regulatory shift forces banking security leaders to fundamentally redesign their fraud defense strategies now. The answer: Layered and Coordinated Identity Defense.
Many organizations remain stuck in fragmented defense models, attempting to address individual attack vectors. But as Niki Luhur argued, "Modern attacks don't come one layer at a time. Syndicates combine compromised devices, manipulated biometrics, stolen credentials, and human psychology in a single flow. If defenses aren't connected, attackers will always find the weakest point.”
This reality demands a Layered and Coordinated Identity Defense. This strategy is about unification, integrating multiple independent checks into a cohesive system where each layer reinforces the next.
The core pillars of a resilient defense strategy include:
- Blocking Attacks at the Point of Entry (Device Trust): Detects emulated, compromised, or tampered devices before biometric or identity checks even occur.
- Mitigating Deepfake and Injection Attacks (Presence Detection): Verifies the presence of real humans using advanced liveness detection technology.
- Replacing Vulnerable SMS OTPs (PKI Authentication): Uses cryptographic proof of identity tied to the device for stronger security, integrity, and non-repudiation.
- Identifying Coordinated Syndicate Activity (Fraud Analysis): Analyzes transaction behavior and patterns to detect organized fraud operations at scale.
As fraud syndicates continue to scale and coordinate their operations, the discussion emphasized that security can no longer be treated as a collection of standalone tools. Modern defense must be designed as an integrated system, where signals across identity, device, and behavior are continuously connected and reinforced.
With AI-generated content making fraud increasingly difficult to detect, organizations can no longer depend on user awareness as a primary line of defense. Protection must be engineered to hold even when human judgment is compromised, particularly during high-pressure moments involving financial access and sensitive transactions.
VIDA’s engagement at CISO Malaysia 2026 reflects our commitment to supporting security leaders across Southeast Asia to achieve rapid growth of digital economy. Resilient digital identity systems will be essential to reinforcing trust and enabling sustainable economic growth across the region.
.png)
