PETALING JAYA: SMEs lack sufficient cyber security awareness and acceptance in their businesses to deal with the growth of technology, said CyberSecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab.
He added that steps have been taken to alleviate the burden on SMEs, but they need to invest in such measures themselves.
“The acceptance and awareness (among SMEs) is still low. They believe they are too small to be targeted and many neglect the value of cyber security. Most do not see the importance of investing in such knowledge and continue to use outdated technology and software.”
Amirudin said the businesses were particularly vulnerable because of their lack of defences and knowledge to combat cyber attacks.
“SMEs have very limited resources compared with bigger companies. They do not have the budget to employ information technology professionals, which contributes to poorer protection compared with larger firms.
“They manage essential data such as customer information, financial records and corporate information. These can be taken advantage of for financial benefits, making them an appealing target for hackers.”
He also said there were several common types of cyber attacks used on vulnerable SMEs.
“The attacks (include) spam and phishing, where unsuspecting individuals respond to fraudulent requests that demand action.
“It is usually accomplished when (an individual) downloads or clicks a link from a digital message sent in the guise of an official source.”
He added that it is extremely important for SMEs to adopt cyber security measures because of their high growth rate and contribution to the economy.
“According to professional service provider Deloitte, unseen malware or methods employed by cyber attackers rose by 30% during the Covid-19 pandemic as opposed to 20% pre-pandemic.
“SMEs contributed 38.4% to the gross domestic product last year, while the digital economy contributed 23.2% in 2021. So, it is imperative to ensure that there are appropriate safeguards necessary for their protection as it affects national growth.”
He said SME vulnerability could have consequences on a national scale and on their day-to-day operations.
“SMEs are subject to various regulations and laws related to data protection and cyber security, such as the Personal Data Protection Act 2010.
“Businesses that neglect such measures could incur legal action from regulatory authorities and lead to reputation damage, fines, penalties and potential business closures.
“It could even lead to the revocation of licences and permits that are needed for operations.”
He also said customers who had their data exposed may experience subsequent financial fraud or identity theft, which would erode their willingness to engage with a business.
“One company suffered a data breach in 2018, which affected its e-commerce platforms. The personal information of customers (and SMEs who used the platforms) were exposed,” Amirudin said, adding that SMEs must no longer regard cyber security as an expense, but an asset.
“Cyber security should not be cost centred. It is an investment in fostering customer confidence.
“To help SMEs in their cyber readiness, the Communications (and Digital) Ministry initiated a Cyber Security Health Check Programme under CyberSecurity Malaysia, which offers free services for businesses with digital platforms.
“Each SME would be provided with two free certified cyber security training sessions to help them tackle such issues.”
