Story image

Malaysia could lose up to RM$49.5 billion from cyber attacks - report

18 Jul 18

Cybersecurity incidents could potentially cause catastrophic economic losses for large organisations in Malaysia, a recent study from Microsoft and Frost & Sullivan says.

A large organisation could stand to lose US$22.8 million (RM 92.5 million), resulting in a total combined loss of US$12.2 billion (RM 42.5 billion).

The combined  total loss is more than 630 times the average economic loss for a mid-sized organisation – and more than 4% of Malaysia’s total GDP.

Those are the figures from the Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World report, which found that 17% of the 1300 surveyed organizations had experienced a cybersecurity incident.

A further 36% didn’t know if they had experienced an incident because they did not conduct a data breach assessment or forensic testing.

Furthermore, 42% of respondents see cybersecurity strategy purely as a means of protecting their company, rather than a strategic business enabler. Only 20% see security as a digital transformation enabler.

Microsoft Malaysia national technology officer Dr Dzahar Mansor says companies are taking on more opportunities – and more risks.

 “With traditional IT boundaries disappearing the adversaries now have many new targets to attack. Companies face the risk of significant financial loss, damage to customer satisfaction and market reputation—as has been made all too clear by recent high-profile breaches.”

The survey says that 62% of respondents have delayed digital transformation due to the fear of cyber risks.

Employees’ jobs are also on the line: 61% of the organisations that have experienced a cybersecurity incident have also faced job losses as a result of those attacks.

Malaysia’s specialist cybersecurity agency CyberSecurity Malaysia CEO Dato’ Dr. Haji Amirudin Bin Abdul Wahab says the findings provide insight about the economic impact of cyber attacks on Malaysia.

“As cyber security specialists, we are grateful for the efforts taken by Microsoft in spreading awareness on the importance of cyber security and we hope our efforts in creating a safer cyberspace for Malaysia will continue to align.”

Malaysia organizations view the inclusion of artificial intelligence in cybersecurity as an important protection factor.

The study found that 73% of respondents have either adopting or will adopt an AI-based approach to boost cybersecurity.

Microsoft says there are five best practises that organisations can use to improve their cybersecurity defences:

Position cybersecurity as a digital transformation enabler

Disconnect between cybersecurity practices and digital transformation effort creates a lot of frustration for the employees. Cybersecurity is a requirement for digital transformation to guide and keep the company safe through its journey. Conversely, digital transformation presents an opportunity for cybersecurity practices to abandon aging practices to embrace new methods of addressing today’s risks;

Continue to invest in strengthening your security fundamentals

Over 90% of cyber incidents can be averted by maintaining the most basic best practices.  Maintaining strong passwords, conditional use of multi-factor authentication against suspicious authentications, keeping device operating systems, software and anti-malware protection up-to-date and genuine can rapidly raise the bar against cyberattacks. This should include not just tool-sets but also training and policies to support a stronger fundamental;

Maximize skills and tools by leveraging integrated best-of-suite tools

The best tools are useless in the hands of the amateur. Reduce the number of tools and the complexity of your security operations to allow your operators to hone their proficiency with the available tools. Prioritizing best-of-suite tools is a great way to maximize your risk coverage without the risk of introducing too many tools and complexity to the environment. This is especially true if tools within the suite are well-integrated to take advantage of their counterparts;

Assessment, review and continuous compliance

The organization should be in a continuous state of compliance. Assessments and reviews should be conducted regularly to test for potential gaps that may occur as the organization is rapidly transforming and address these gaps. The board should keep tab on not just compliance to industry regulations but also how the organization is progressing against security best practices; and

Leverage AI and automation to increase capabilities and capacity

With security capabilities in short supply, organizations need to look to automation and AI to improve the capabilities and capacity of their security operations. Current advancements in AI has shown a lot of promise, not just in raising detections that would otherwise be missed but also in reasoning over how the various data signals should be interpreted with recommended actions.

Such systems have seen great success in cloud implementations where huge volumes of data can be processed rapidly. Ultimately, leveraging automation and AI can free up cybersecurity talents to focus on higher-level activities.

Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.