Malaysian executives assume their company will never be attacked – Sophos Malaysia

    In the last two years, the COVID-19 pandemic has served as a major catalyst for businesses to transform digitally, greatly accelerating Malaysia’s digital economy. However, this has also resulted in an increase of targeted cyberattacks and cybercrimes on organisations. Malaysia’s Ministry of Home Affairs revealed in 2021 that more than 20,000 cybercrime cases were reported, totalling losses of RM560 million to the victims.

    Despite the rising ransomware incidences, impact and cost, according to the third edition of Sophos’ annual survey report, The Future of Cybersecurity in Asia Pacific and Japan, there continues to be a lack of boardroom awareness of cybersecurity and a broad assumption from executives that their company will never get attacked.

    Photo for illustrative purposes only. | NHA File Photo/Luis Villasmil and Markus Spiske/Unsplash
    Photo for illustrative purposes only. | NHA File Photo/Luis Villasmil and Markus Spiske/Unsplash

    Subscribe to our Telegram channel to get a daily dose of business and lifestyle news from NHA – News Hub Asia!

    Cybersecurity education is needed at the top

    At Sophos, we have seen cybersecurity expenditure and self-assessed maturity increase across the region. Yet, the report still finds that in Malaysia only 29 per cent of companies surveyed believe their board understands cybersecurity very well. Furthermore, the top frustration expressed by local cybersecurity professionals is that they cannot keep up with the pace of security threats, which grow more complex and harder to prevent.

    Ninety-three per cent of surveyed companies agree that their biggest security challenge in the next several years will be the awareness and education of employees and leadership.

    As this is the case, if businesses continue to place digitalisation at the forefront of their strategies, executives must pay heed to the importance of cybersecurity. Failure to do so will prove costly on numerous fronts including the theft of sensitive data, disruption to business operations and loss of business or revenue and critical damage to reputation.

    Malaysia’s skills shortage continues to wreak havoc

    The shortage or mismatch of cybersecurity skills continues to be a growing problem that needs to be addressed in Malaysia. Seventy per cent of companies surveyed expect to have some problems with recruiting cybersecurity employees over the coming years, with 26 per cent expecting to face a major challenge.

    With recruiting continuing to pose issues, companies have identified the priority areas they feel skills and capabilities need to be increased for internal security specialists. These include staying up to date with the latest threats, policy compliance and reporting and employee and executive training.

    Cybersecurity professionals’ top frustrations

    Indeed, cybersecurity professionals have an enormous task ahead to keep companies safe and secure. With concerns around the ability to keep up with the pace of evolving security threats, and not having enough skilled cybersecurity specialists to combat these threats, the real challenge comes from low levels of cybersecurity understanding among company boards.

    This low awareness may lead to fewer funds being invested in necessary programmes to alleviate the risks. The issue is not technology, it is education.

    Cybersecurity education can help you stay on top of ransomware

    Often company boards and executives do not understand how cyber issues can affect the bottom line. At present, cybersecurity education must become a focus for all. The following is a five-step approach from Sophos to help bring organisations up to speed on cybersecurity education:

    1. Boards need help to understand it’s impossible to protect everything and learn to prioritise the most critical information, data, and systems to protect.
    2. Education courses on basic principles, the genuine likelihood of an attack, attack vectors, threat actors, and other terminology should be available to all staff.
    3. Once the basics are clearly defined, organisations need to develop strategies and integrate them with digital transformation programmes.
    4. The focus then becomes more operational in nature: applying legislation, breach response protocol, ransom payment policy, gap assessments, and future roles and obligations.
    5. Businesses need to clearly understand compliance, the regulatory environment under which the business operates, what’s legally required when breached and what are the appropriate controls around data security and management.

    Until these issues are addressed by company leaders, Malaysian businesses will continue to fall victim to cybercrime leading to loss of revenue, data and reputation. By educating employees and management of the risks and what they can do to mitigate them, together we can put up a good fight against cybercrime.

    *This article was written by Wong Joon Hoong, Country Manager, Sophos Malaysia.