Cybersecurity incidents could potentially cause catastrophic economic losses for large organisations in Malaysia, a recent study from Microsoft and Frost & Sullivan says.
A large organisation could stand to lose US$22.8 million (RM 92.5 million), resulting in a total combined loss of US$12.2 billion (RM 42.5 billion).
The combined total loss is more than 630 times the average economic loss for a mid-sized organisation – and more than 4% of Malaysia’s total GDP.
Those are the figures from the Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World report, which found that 17% of the 1300 surveyed organizations had experienced a cybersecurity incident.
A further 36% didn’t know if they had experienced an incident because they did not conduct a data breach assessment or forensic testing.
Furthermore, 42% of respondents see cybersecurity strategy purely as a means of protecting their company, rather than a strategic business enabler. Only 20% see security as a digital transformation enabler.
Microsoft Malaysia national technology officer Dr Dzahar Mansor says companies are taking on more opportunities – and more risks.
“With traditional IT boundaries disappearing the adversaries now have many new targets to attack. Companies face the risk of significant financial loss, damage to customer satisfaction and market reputation—as has been made all too clear by recent high-profile breaches.”
The survey says that 62% of respondents have delayed digital transformation due to the fear of cyber risks.
Employees’ jobs are also on the line: 61% of the organisations that have experienced a cybersecurity incident have also faced job losses as a result of those attacks.
Malaysia’s specialist cybersecurity agency CyberSecurity Malaysia CEO Dato’ Dr. Haji Amirudin Bin Abdul Wahab says the findings provide insight about the economic impact of cyber attacks on Malaysia.
“As cyber security specialists, we are grateful for the efforts taken by Microsoft in spreading awareness on the importance of cyber security and we hope our efforts in creating a safer cyberspace for Malaysia will continue to align.”
Malaysia organizations view the inclusion of artificial intelligence in cybersecurity as an important protection factor.
The study found that 73% of respondents have either adopting or will adopt an AI-based approach to boost cybersecurity.
Microsoft says there are five best practises that organisations can use to improve their cybersecurity defences:
Position cybersecurity as a digital transformation enabler
Disconnect between cybersecurity practices and digital transformation effort creates a lot of frustration for the employees. Cybersecurity is a requirement for digital transformation to guide and keep the company safe through its journey. Conversely, digital transformation presents an opportunity for cybersecurity practices to abandon aging practices to embrace new methods of addressing today’s risks;
Continue to invest in strengthening your security fundamentals
Over 90% of cyber incidents can be averted by maintaining the most basic best practices. Maintaining strong passwords, conditional use of multi-factor authentication against suspicious authentications, keeping device operating systems, software and anti-malware protection up-to-date and genuine can rapidly raise the bar against cyberattacks. This should include not just tool-sets but also training and policies to support a stronger fundamental;
Maximize skills and tools by leveraging integrated best-of-suite tools
The best tools are useless in the hands of the amateur. Reduce the number of tools and the complexity of your security operations to allow your operators to hone their proficiency with the available tools. Prioritizing best-of-suite tools is a great way to maximize your risk coverage without the risk of introducing too many tools and complexity to the environment. This is especially true if tools within the suite are well-integrated to take advantage of their counterparts;
Assessment, review and continuous compliance
The organization should be in a continuous state of compliance. Assessments and reviews should be conducted regularly to test for potential gaps that may occur as the organization is rapidly transforming and address these gaps. The board should keep tab on not just compliance to industry regulations but also how the organization is progressing against security best practices; and
Leverage AI and automation to increase capabilities and capacity
With security capabilities in short supply, organizations need to look to automation and AI to improve the capabilities and capacity of their security operations. Current advancements in AI has shown a lot of promise, not just in raising detections that would otherwise be missed but also in reasoning over how the various data signals should be interpreted with recommended actions.
Such systems have seen great success in cloud implementations where huge volumes of data can be processed rapidly. Ultimately, leveraging automation and AI can free up cybersecurity talents to focus on higher-level activities.