Malaysian companies are doing better in combating online threats but with 5G on the horizon, bigger challenges loom, writes Nur Zarina Othman
MALAYSIAN companies are showing progress in terms of their awareness and preparations against cyber threats.
Based on Cisco’s 2019 Asia-Pacific CISO Benchmark study, 26 per cent of Malaysian companies said they faced security breaches resulting in more than US$1 million loss last year.
However, this is a big decline from 2018, whereby 50 per cent reported similar financial impact or more.
“We won’t be surprised if the number is higher this year,” says Kerry Singleton, Cyber security sales director for Asean at Cisco Global Security Sales Organisation (GSSO).
The study gathered feedback from close to 2,000 security professionals from the region, with 44 per cent of respondents reported receiving 10,000 threat alerts a day and 36 per cent of them enduring more than 50,000 alerts daily.
The good news is that Malaysian companies are doing better on both fronts — investigation and remediation — compared with those from other parts of the region.
Cisco Malaysia managing director Albert Chai attributed it to increased cybersecurity awareness among businesses.
“This is crucial because the success of digital economy hinges on the ability of businesses to tackle cybersecurity risks,” he said.
The study shows emerging key trends, including barriers for adopting security technology in Malaysia. Lack of awareness of advanced security technologies and processes is among them.
Other hurdles include budget constraints, lack of trained personnel and a lackadaisical attitude towards cybersecurity.
“It’s going to be more challenging this coming year,” said Singleton, singling out multiple vendors, connectivity and ransomware as some of the factors that make the cybersecurity landscape challenging.
It is a common practice for large enterprises to use multiple security vendors but more may not necessarily be better when it comes to cybersecurity as they add to the complexity for security professionals.
The study found that 35 per cent of companies in Malaysia used more than 10 security vendors. Ninety per cent said they found it challenging to orchestrate alerts from multiple vendors.
“Complexity due to a multi-vendor environment and increased sophistication of businesses with OT (operational technology) networks and multi-cloud adoptions will continue to challenge security practitioners,” said Singleton.
He added that acting as a team, listening and responding as a coordinated unit may be the best simplified and systematic approach to reduce cybersecurity breaches.
Connectivity is also a big concern for security professionals.
Singleton said that with 5G rolling out soon, the country will see more devices get connected, which translates into more breach points, increasing cybersecurity fatigue.
“Having more devices connected to the server means there are more possible attack surfaces, bringing in a new set of issues.
“I believe sharing intelligence and data among the affected is one of the many ways to handle breaches,” he said, adding that hackers are sharing, and sharing is one of the many ways for cybersecurity to evolve.
According to Singleton, “zero trust” may address issues raised by “connectivity”.
“One example of ‘zero-trust’ today is the one popular in banking industry, in which banks no longer trust our logins but require us to verify an SMS code for every transaction we make.”
Other ways to reduce cybersecurity fatigue include training, automating manual processes and keeping software current.
“Keep your software updated as it halts at least half of breach possibility,” he said.
After presenting the study, Singleton and Chai shared what would be some of the challenges Malaysian businesses will face in this new decade.
“Ransomware will still be here and is evolving along with artificial intelligence (AI) and machine learning.”
The methods used by hackers are constantly evolving and ransomware will be the main cause for downtime this year.
On top of that, 5G or connectivity will also pose threats to cybersecurity.
“We are seeing a lot of integration in the ecosystem in the home and in enterprises.
“Having a strong ecosystem means device connectivity is high and thus vulnerability will increase. Looking at trends, it will be a challenging year for security professionals.”