Over the past decade, Asia’s technological capabilities have expanded rapidly. With many governments focusing on digital transformation as one of their key goals, it is becoming increasingly evident that countries and the organisations that operate in them need to make the pivot to digital to stay relevant. The Malaysia Digital Economy (MyDIGITAL) Blueprint is one such initiative that was designed to articulate the nation’s vision for the growth of the digital economy.
With greater digital acceleration and technological advancements, there is also a greater threat of cyber risks, which is why there is a need for governments and organisations to bolster their cybersecurity strategy. According to IDC, cybersecurity spending in 2022 is set to hit US$31 billion (RM136 billion), a 15.5% increment from last year. This rise will be driven by an uptick in cyberattacks including distributed denial-of-service (DDoS) attacks, increasing demands for hybrid working models, ensuring data privacy and regulatory compliance, and the general flight to digitalisation.
The Malaysian government recognises this, and in 2020, launched the Malaysia Cyber Security Strategy 2020-2025, signalling cybersecurity as an important point of consideration for the country’s growth. In Malaysia’s Budget 2023, the previous government had committed upwards of RM73 million to upgrade the nation’s cybersecurity posture, specifically in threat monitoring, detection and reporting, and to develop our cyber forensic capabilities.
State of cybercrime and cyberthreats
Cyberattacks not only cause businesses loss in revenue when these stall their operations, but consumers’ trust in these companies might also be lost. According to Cybersecurity Malaysia, from January to June 2022, Malaysians were targeted by 3,762 cybersecurity incidents, mainly dominated by fraud (70%), followed by malicious code (14%) and intrusion (10%).
Fraud includes phishing scams, which are among the top five forms of cyberattacks in Asia-Pacific. From January to December 2021, a total of 10,016 cases of cyber incidents were reported to Cyber999, the cybersecurity incident response centre operated by MyCERT (Malaysia Computer Emergency Response Team). Out of these cases, 71% were fraud related. Further to this, Trend Micro’s Cyber Risk Index revealed that 22% of businesses in Malaysia believed that they would likely be exposed to a cyberattack in the next 12 months and that 87% of businesses were victims of cyberattacks within the past 12 months.
According to the Close the Trust Gap Report by Deloitte and Twilio, consumers spend 25% more money on trusted brands on average, and one in five consumers spend upward of 50% more money on brands that they trust. Thus, protecting businesses from cyberattacks is a priority that is becoming more prominent with the digitalisation of businesses.
How Zero Trust comes in as a critical cybersecurity strategy
As the digital landscape evolves, cyberthreats are becoming more advanced, with attackers developing newer tactics to steal data and access sensitive information. With most attacks generated within organisations, the traditional approach of monitoring and prevention is no longer effective. What’s needed are advanced and stringent solutions to eliminate these threats. It is now imperative for businesses to have a foolproof security framework like Zero Trust to empower their digital transformation journey.
According to Cloudflare’s “Data security in the age of Zero Trust” report, 75% of companies in Malaysia have implemented the Zero Trust framework in their cyber investments, with 99% of the surveyed companies realising the relevance of Zero Trust security strategy to their organisation. The report also reveals that 63% of organisations in Malaysia have very positive views of Zero Trust and recognise that Zero Trust can improve their IT security across many areas.
A critical component of a comprehensive Zero Trust framework and cybersecurity strategy would include having an effective and predictable anti-phishing tool that detects cyberattacks in advance. Preventing phishing scams, one of the more prominent forms of cyberattacks, would thus be possible with a Zero Trust framework.
Cyber talent important for healthy cybersecurity posture
Alongside a robust Zero Trust framework to bolster cyber defences, organisations also need to ensure a strong pipeline of cyber talent so that they are well-equipped and able to respond nimbly in the face of potential cyberthreats.
As recently as last year, Malaysia had a shortfall of near 8,000 cybersecurity practitioners to handle cyberthreats. Dedicated cybersecurity teams are mostly available in multinational corporations while in medium-scale organisations, cybersecurity capabilities are embedded in their IT teams.
However, this is rarely the case for small and micro-organisations. As at July 1, there were 13,851 cybersecurity knowledge workers in the country. Based on this figure, the nation does not yet have enough cybersecurity personnel to handle cyberthreats.
Under the MyDIGITAL blueprint, Malaysia is striving towards training 20,000 cybersecurity knowledge personnel by the end of 2025. In addition, government schemes such as CyberGuru and the Global ACE Scheme under CyberSecurity Malaysia have the capability to train and certify people.
The lack of cyber expertise and trained professionals will be potentially damaging to an organisation’s overall cyber-preparedness if no action is taken. Companies need to invest in a strong talent management programme that uplifts and upskills employees, so these cyber professionals have the right skill sets to navigate the evolving threat landscape today.
As the threat of cyberattacks grows, businesses in Malaysia are stepping up their cybersecurity efforts. While having trained cybersecurity professionals and dedicated cybersecurity teams is ideal, achieving this takes time and money, a luxury not all companies are able to afford. They should also look to tap into the expertise and resources provided by cybersecurity companies that provide network security solutions built for enterprises that need to connect and secure their workforces.
Having the right people in place, alongside robust technology, can augment their capabilities in protecting systems. Clearly delineated processes that govern cybersecurity strategy and incident response are the key ingredients in ensuring that cybersecurity challenges are addressed.
Satyen Desai is vice-president for Southeast Asia and Korea at Cloudflare, a global network that provides integrated security and performance suites for web-based applications