KUALA LUMPUR: IBM Malaysia Sdn Bhd today urged local organisations to embed security, governance, and compliance tools throughout the cloud architecture for digital initiatives given the increase in cybersecurity breaches in recent years.
Managing director and technology leader Catherine Lian said being cloud-ready is essential to Malaysia's digital transformation agenda.
"The cloud computing market has grown tremendously in the region, mainly driven by the fact that it costs less, coupled with the greater awareness of data security and the underlying technology supporting it," Catherine told The New Straits Times.
"Organisations tend to dabble with several different clouds as they rush to 'cloudify' everything to keep the business running due to the pandemic.
"As a result, it creates complexity and disconnected piece parts, potentially opening them up to major security threats. An organisation's security needs to be designed with one single point of control or a 'singular view' that provides a holistic view of threats," she said.
Catherine recommended embracing hybrid cloud models, which she described as 'being more than just a strategy and the reality in time to come.
"Organisations with comprehensive cybersecurity strategies, governed by best practices and automated using advanced analytics, artificial intelligence (AI) and machine learning, can fight cyber threats more effectively and reduce the lifecycle and impact of breaches when they occur," she said.
IBM recently released its annual X-Force Threat Intelligence Index, which unveiled how ransomware and vulnerability exploitations together could 'imprison' businesses in 2021.
While phishing was the most common cause of cyberattacks in general in the past year, IBM Security X-Force observed a 33 per cent increase in attacks caused by vulnerability exploitation of unpatched software, a point of entry that ransomware actors relied on more than any other to carry out their attacks in 2021, representing the cause of 44 per cent of ransomware attacks.
The 2022 IBM Security X-Force Threat Intelligence Index maps new trends and attack patterns IBM Security observed and analysed from its data – drawing from billions of data points ranging from network and endpoint detection devices, incident response engagements, phishing kit tracking and more.
According to the study, Asia was the most-attacked region globally in 2021, receiving 26 per cent of attacks X-Force observed last year.
The most common attacks comprise server access attacks (20 per cent), ransomware (11 per cent), data theft (10 per cent), remote access Trojans (9 per cent) and adware (9 per cent).
The most common initial access vectors (entry points) were through vulnerability exploitation (43 per cent), phishing (43 per cent), brute force (7 per cent), use of stolen credentials (7 per cent).
In Asia, finance and insurance organisations were attacked most frequently, making up 30 per cent of the incidents X-Force remediated, followed closely by manufacturing (29 per cent) and then more distantly by professional and business services (13 per cent) and transportation (10 per cent).
Catherine encouraged organisations to keep up with threat intelligence and build strong response capabilities to mitigate threats in the evolving landscape.
"Rather than react to threats, organisations should leverage threat intelligence to understand threat actor motivations and tactics better to prioritise security resources.
'For example, planning for a ransomware attack, including a plan that addresses blended ransomware and data theft extortion techniques, and regularly drilling this plan can make all the difference in how your organisation responds in the critical moment," she said.
Meanwhile, LE Global Services Bhd (LGMS) managing director Fong Choong-Fook concurred with Catherine's view and encouraged organisations to move faster and ahead of cyberthreat trends.
"Organisations need to adopt 'zero trust', have a greater understanding of the security threat environment while having response action plans," he said, adding that consumers need to adopt multi-factor authentication as additional safety measures.
Fong, a cybersecurity expert, cited data from MyCERT (Malaysia Computer Emergency Response Team), which states that more than 10 thousand reported cybersecurity incidents in 2021, adding that many more cyber breaches had gone unreported.
IBM Malaysia managing director and technology leader Catherine Lian (left) and LE Global Services Bhd (LGMS) managing director Fong Choong-Fook.