Story image

Malaysia could lose up to RM$49.5 billion from cyber attacks - report

18 Jul 2018

Cybersecurity incidents could potentially cause catastrophic economic losses for large organisations in Malaysia, a recent study from Microsoft and Frost & Sullivan says.

A large organisation could stand to lose US$22.8 million (RM 92.5 million), resulting in a total combined loss of US$12.2 billion (RM 42.5 billion).

The combined  total loss is more than 630 times the average economic loss for a mid-sized organisation – and more than 4% of Malaysia’s total GDP.

Those are the figures from the Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World report, which found that 17% of the 1300 surveyed organizations had experienced a cybersecurity incident.

A further 36% didn’t know if they had experienced an incident because they did not conduct a data breach assessment or forensic testing.

Furthermore, 42% of respondents see cybersecurity strategy purely as a means of protecting their company, rather than a strategic business enabler. Only 20% see security as a digital transformation enabler.

Microsoft Malaysia national technology officer Dr Dzahar Mansor says companies are taking on more opportunities – and more risks.

 “With traditional IT boundaries disappearing the adversaries now have many new targets to attack. Companies face the risk of significant financial loss, damage to customer satisfaction and market reputation—as has been made all too clear by recent high-profile breaches.”

The survey says that 62% of respondents have delayed digital transformation due to the fear of cyber risks.

Employees’ jobs are also on the line: 61% of the organisations that have experienced a cybersecurity incident have also faced job losses as a result of those attacks.

Malaysia’s specialist cybersecurity agency CyberSecurity Malaysia CEO Dato’ Dr. Haji Amirudin Bin Abdul Wahab says the findings provide insight about the economic impact of cyber attacks on Malaysia.

“As cyber security specialists, we are grateful for the efforts taken by Microsoft in spreading awareness on the importance of cyber security and we hope our efforts in creating a safer cyberspace for Malaysia will continue to align.”

Malaysia organizations view the inclusion of artificial intelligence in cybersecurity as an important protection factor.

The study found that 73% of respondents have either adopting or will adopt an AI-based approach to boost cybersecurity.

Microsoft says there are five best practises that organisations can use to improve their cybersecurity defences:

Position cybersecurity as a digital transformation enabler

Disconnect between cybersecurity practices and digital transformation effort creates a lot of frustration for the employees. Cybersecurity is a requirement for digital transformation to guide and keep the company safe through its journey. Conversely, digital transformation presents an opportunity for cybersecurity practices to abandon aging practices to embrace new methods of addressing today’s risks;

Continue to invest in strengthening your security fundamentals

Over 90% of cyber incidents can be averted by maintaining the most basic best practices.  Maintaining strong passwords, conditional use of multi-factor authentication against suspicious authentications, keeping device operating systems, software and anti-malware protection up-to-date and genuine can rapidly raise the bar against cyberattacks. This should include not just tool-sets but also training and policies to support a stronger fundamental;

Maximize skills and tools by leveraging integrated best-of-suite tools

The best tools are useless in the hands of the amateur. Reduce the number of tools and the complexity of your security operations to allow your operators to hone their proficiency with the available tools. Prioritizing best-of-suite tools is a great way to maximize your risk coverage without the risk of introducing too many tools and complexity to the environment. This is especially true if tools within the suite are well-integrated to take advantage of their counterparts;

Assessment, review and continuous compliance

The organization should be in a continuous state of compliance. Assessments and reviews should be conducted regularly to test for potential gaps that may occur as the organization is rapidly transforming and address these gaps. The board should keep tab on not just compliance to industry regulations but also how the organization is progressing against security best practices; and

Leverage AI and automation to increase capabilities and capacity

With security capabilities in short supply, organizations need to look to automation and AI to improve the capabilities and capacity of their security operations. Current advancements in AI has shown a lot of promise, not just in raising detections that would otherwise be missed but also in reasoning over how the various data signals should be interpreted with recommended actions.

Such systems have seen great success in cloud implementations where huge volumes of data can be processed rapidly. Ultimately, leveraging automation and AI can free up cybersecurity talents to focus on higher-level activities.

Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.
Hackers increasingly ‘island hopping’ – so what does it mean?
Carbon Black's Rick McElroy discusses this new trend and what it means for the new age of cybercrime.
Trust without visibility is blind – Avi Networks
Enterprises are wanting to gain the trust of their customers, but are often found blindly defending themselves.
How to avoid becoming a cryptojacking victim - Bitglass
Large-scale cryptojacking is a lucrative business due to the popularity and value of cryptocurrencies like Bitcoin and Ethereum.
Symantec, Ixia combine efforts to secure hybrid networks
Ixia’s CloudLens and Symantec Security Analytics now feature complete integration, which allows Symantec customers to gain real-time visibility into their hybrid cloud environments.