Story image

Malaysia could lose up to RM$49.5 billion from cyber attacks - report

18 Jul 18

Cybersecurity incidents could potentially cause catastrophic economic losses for large organisations in Malaysia, a recent study from Microsoft and Frost & Sullivan says.

A large organisation could stand to lose US$22.8 million (RM 92.5 million), resulting in a total combined loss of US$12.2 billion (RM 42.5 billion).

The combined  total loss is more than 630 times the average economic loss for a mid-sized organisation – and more than 4% of Malaysia’s total GDP.

Those are the figures from the Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World report, which found that 17% of the 1300 surveyed organizations had experienced a cybersecurity incident.

A further 36% didn’t know if they had experienced an incident because they did not conduct a data breach assessment or forensic testing.

Furthermore, 42% of respondents see cybersecurity strategy purely as a means of protecting their company, rather than a strategic business enabler. Only 20% see security as a digital transformation enabler.

Microsoft Malaysia national technology officer Dr Dzahar Mansor says companies are taking on more opportunities – and more risks.

 “With traditional IT boundaries disappearing the adversaries now have many new targets to attack. Companies face the risk of significant financial loss, damage to customer satisfaction and market reputation—as has been made all too clear by recent high-profile breaches.”

The survey says that 62% of respondents have delayed digital transformation due to the fear of cyber risks.

Employees’ jobs are also on the line: 61% of the organisations that have experienced a cybersecurity incident have also faced job losses as a result of those attacks.

Malaysia’s specialist cybersecurity agency CyberSecurity Malaysia CEO Dato’ Dr. Haji Amirudin Bin Abdul Wahab says the findings provide insight about the economic impact of cyber attacks on Malaysia.

“As cyber security specialists, we are grateful for the efforts taken by Microsoft in spreading awareness on the importance of cyber security and we hope our efforts in creating a safer cyberspace for Malaysia will continue to align.”

Malaysia organizations view the inclusion of artificial intelligence in cybersecurity as an important protection factor.

The study found that 73% of respondents have either adopting or will adopt an AI-based approach to boost cybersecurity.

Microsoft says there are five best practises that organisations can use to improve their cybersecurity defences:

Position cybersecurity as a digital transformation enabler

Disconnect between cybersecurity practices and digital transformation effort creates a lot of frustration for the employees. Cybersecurity is a requirement for digital transformation to guide and keep the company safe through its journey. Conversely, digital transformation presents an opportunity for cybersecurity practices to abandon aging practices to embrace new methods of addressing today’s risks;

Continue to invest in strengthening your security fundamentals

Over 90% of cyber incidents can be averted by maintaining the most basic best practices.  Maintaining strong passwords, conditional use of multi-factor authentication against suspicious authentications, keeping device operating systems, software and anti-malware protection up-to-date and genuine can rapidly raise the bar against cyberattacks. This should include not just tool-sets but also training and policies to support a stronger fundamental;

Maximize skills and tools by leveraging integrated best-of-suite tools

The best tools are useless in the hands of the amateur. Reduce the number of tools and the complexity of your security operations to allow your operators to hone their proficiency with the available tools. Prioritizing best-of-suite tools is a great way to maximize your risk coverage without the risk of introducing too many tools and complexity to the environment. This is especially true if tools within the suite are well-integrated to take advantage of their counterparts;

Assessment, review and continuous compliance

The organization should be in a continuous state of compliance. Assessments and reviews should be conducted regularly to test for potential gaps that may occur as the organization is rapidly transforming and address these gaps. The board should keep tab on not just compliance to industry regulations but also how the organization is progressing against security best practices; and

Leverage AI and automation to increase capabilities and capacity

With security capabilities in short supply, organizations need to look to automation and AI to improve the capabilities and capacity of their security operations. Current advancements in AI has shown a lot of promise, not just in raising detections that would otherwise be missed but also in reasoning over how the various data signals should be interpreted with recommended actions.

Such systems have seen great success in cloud implementations where huge volumes of data can be processed rapidly. Ultimately, leveraging automation and AI can free up cybersecurity talents to focus on higher-level activities.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.