Cyber threats – how can businesses prepare?

PETALING JAYA: Cybersecurity adoption is no longer an option, but critical to large and small businesses to carry out their normal operations as it keeps the business running successfully.

“Cybersecurity threats have been evolving for the past 20 years. It used to be common for a mass outbreak of worms or malware, however, this has evolved into targeted attacks via social engineering involving ransomware, which has happened to many organisations.

“Cyberattacks will continue to increase and grow more rampant as they have now become financially motivated,” Malaysia Digital Economy Corp (MDEC) digital infrastructure and services director Wan Murdani Wan Mohamad (pix) told SunBiz.

In the 12th Malaysia Plan (12MP), cybersecurity is listed as an issue or challenge that contributed to the slow growth of the digital economy. The high cost of adoption and the lack of awareness of the importance of cybersecurity hinder the adoption to improve cybersecurity.

The lack of awareness of cybersecurity has increased the vulnerability of businesses and communities to cyber threats. This adds to the concern that people and human behaviour is often the weakest link in security, regardless of advancements in cybersecurity technology.

The Malaysian Cyber Security Strategy (MCSS) announced in the 12MP is implemented to manage cyber threats and address the identified gaps in cybersecurity, cyberattacks, and cybercrime.

“Many organisations, especially small and medium-sized enterprises (SME), are short of resources, experience, tools, and budget to address growing cyber-attacks as compared to the larger organisations. Hence, SMEs become easy targets. MDEC encourages businesses to leverage relevant programmes offered by the government such as the Matrix Cybersecurity for SMEs.

“Matrix is a collaborative programme between the government and Malaysia’s cybersecurity industry partners designed for SMEs. Matrix covers four implementation areas such as 24/7 security monitoring, protection for critical assets, digital signature, and secure web access. It will bridge the gap in cybersecurity adoption and as a result, ensures that businesses can continue to operate in a risk mitigated, trusted and safer environment,” Wan Murdani said.

For regulated businesses, he said, Risk Management in Technology by Bank Negara Malaysia served as a reference for minimum cybersecurity requirements for businesses to adapt to mitigate cybersecurity risk. It could be practised by other regulated sectors.

“The introduction of the national strategy of MCSS led by National Cyber Security Agency has outlined five pillars to address national readiness in cybersecurity. These efforts will be able to guide businesses to the right readiness,” he said.

According to Kaspersky’s Global Research and Analysis Team 2020, the top targets for advanced persistent threats (APT) were governments, banks, financial institutions, and diplomatic, telecommunication, educational, defence, energy, military, and IT companies.

Kaspersky Southeast Asia general manager Yeo Siang Tiong recommended businesses to protect their businesses from cyberthreats through employees’ training, perform risk assessment, antivirus software, as well as choosing the right cybersecurity company, keeping software updated, backing up files regularly, enabling ransomware protection for all endpoints, and install Protection from targeted attacks (anti-APT) and Endpoint Detection and Response solutions that enable capabilities for advanced threat discovery and detection, investigation and timely remediation of incidents.

“Invest cybersecurity training for your employees. Research shows that 43% of data loss stems from internal employees who either maliciously or carelessly give cybercriminals access to your network.

“Evaluate potential risks that might compromise the security of your company’s networks, systems and information. Install anti-virus software that can protect all of your devices from viruses, spyware, ransomware, and phishing scams. Make sure the software not only offers protection but also technology that helps you clean computers as needed and resets them to their pre-infected state,” he said.