2023 will be a year where battle lines are drawn, then redrawn, along a threat landscape stuck in a state of in-between: no longer are organizations scrambling to find their footing amid the disruption caused by COVID-19, but for all this talk of the “new normal”, we have yet to arrive on the other side of the pandemic. Critical events across the world such as uncertain political climate, erratic supply chains, and inflation will continue to affect the global economy. These ambiguous conditions compel everyone, including cybercriminals, to shelter in place and mainly rely on tried and tested methods.
Our semi-annual Cyber Risk Index report found organizations in Malaysia are at elevated risk for cyberattacks, with 72% compromised multiple times over the last 12 months. The country experienced several high-profile cyber breach incidents in 2022 including the data leak of 22.5 Malaysians on the dark web and employee data breach in one of the local airlines. According to the Ministry of Communications and Digital, almost RM600 million in losses were recorded throughout 2022 as a result of cybercrimes in the country.
Malaysia has taken a strong stand to enhance existing legal provisions to protect digital assets against cyber threats. Cybersecurity is essential for our government in protecting data, investments, and citizens that are critical to the nation. Aside from governance, the country must continue to invest in improving public awareness across sectors especially small and medium businesses while building cybersecurity skills and expertise. It is more important than ever for countries, governments, and the public and private sectors to come together and collaborate to improve our cyber-resilience.
Besides the government sector, banking, financial services and insurance (BFSI) and healthcare industries are among the most targeted industries.
The BFSI industry has always been a hotbed of cyberattacks. Despite, making cybersecurity to be of paramount concern, the evolving attacks and threats that cybercriminals use to compromise financial companies, their third-party partners and suppliers, and their customers have intensified. Cybercriminals are taking full advantage of the increasing use of online collaborative tools and applications, and the dramatic rise in online financial transactions. While most of the top-tier banks in Malaysia are at a stage where a strategic cybersecurity plan enables them to mitigate, response, and move forward with minimal impact on their operations, we encourage the smaller players within the BSFI industry to move in the same direction.
Similarly, healthcare organizations are at elevated risk, as they are a crucial component of public infrastructure. The fight against the pandemic holds vast amounts of sensitive patient data and personal identifiable information (PII). We found that COVID-19 is still being used in a variety of malicious campaigns including email spam, BEC, malware, ransomware, and malicious domains. Campaigns that use the disease as a lure have been on the rise in the past two years. The repercussions of a system compromise are huge and far-reaching. Healthcare institutions must shift their Security Mindset from ‘Incident Response’ to ‘Continuous Response’. To prevent alert fatigue, a proper Security Operations Center team must be in place while leveraging a unified platform for better risk insights to detect, investigate, and respond to threats more effectively.
Overall, we continue to see the acceleration of IT modernization across industries as organizations in Malaysia adapt to a new business landscape and hybrid work model to keep operations in motion which has led to an increase in the digital attack surface. Renewed threat actor focuses on unpatched virtual private networks (VPNs), connected mobile devices, and back-end cloud infrastructure.
Also, one of the key challenges faced by organizations today is social engineering which requires know-how to identify between fake and real. Organizations need to embrace this vulnerability by ensuring their all employees are educated on their security policies, especially in a hybrid work environment.
Hiring the right cybersecurity professionals can be challenging in Malaysia due to a growing cybersecurity workforce gap and the fact that some enterprises may not have the resources to recruit a large team. Under the Malaysia Digital Economy Blueprint (MyDIGITAL), Malaysia requires not less than 20,000 cybersecurity knowledge personnel by the end of 2025. However, as of July 2022, there is only 13,851 cybersecurity knowledge personnel to handle the current cyber threats. Therefore, working with the right vendor and security partners that offer managed services is an effective way to augment teams while maximizing security posture.
Here are a few things organizations can incorporate into their business growth plans to improve preparedness against today’s threats:
Adopt zero trust models; first level is not to trust anything at all as such it is critical to know what goes in and out of the system
Improve attack surface discovery capabilities to know the physical location of business-critical data assets and applications
Make appropriate investments in leading-edged security technologies such as analytics or artificial intelligence tools back with threat researchers and risk insights on a unified cybersecurity platform
Ensure there is a security team with appropriate tools in place for monitoring and detection so that any threats can be mitigated with timely response to contain the threats
More importantly, cybersecurity should be, if it is not already, at the very top of business growth plans and budgeting for organizations of all sizes. Placing the importance and value of investing in cybersecurity is the best option and a promising long-term frontier for businesses to stay ahead of the cybersecurity game.
As the government pushes toward reforms within the economy in anticipation of global recession and improving livelihoods, we hope cybersecurity initiatives will be ‘adequately funded’ as one of the key high-impact projects to further strengthen the nation’s cybersecurity posture in the upcoming revised Budget 2023. By emphasizing on the importance and value of investing in cybersecurity to mitigate cyberattacks regardless of the economic situation ahead of the Budget 2023 tabling on February 24, it will lead the way for other local organizations to follow as we drive towards a digital economy and a digitally connected nation.
By Goh Chee Hoh, Managing Director, Trend Micro Malaysia & Nascent Countries
