Businesses in Malaysia increase cybersecurity budget allocation in 2023

• Palo Alto Networks reports increased spending on cybersecurity in Malaysia.
• Malaysian organizations experienced a 50% increase in cyber incidents. 
• 80% of boardroom members of Malaysian businesses are also constantly having discussions on cybersecurity

When it comes to cybersecurity in Malaysia, the country is known for not having the strongest cybersecurity policies, especially when compared to other countries in the region. In fact, regulations in Malaysia still do not require businesses to report cybersecurity incidents, should they encounter any.

While the Malaysian government has pledged to boost cybersecurity in the country, it may be some time before the laws are actually tabled in parliament. Currently, the National CyberSecurity Agency of Malaysia (NACSA) is still drafting the regulations, a process which seems to be taking quite a bit of time to complete.

Realizing the need to protect their data and reputation, Malaysian businesses have now increased their budget allocation for cybersecurity. Palo Alto Networks’ 2023 State of Cybersecurity ASEAN report showed that 79% of organizations surveyed state that they are increasing their budget allocation for cybersecurity in 2023. This increased spending gives Malaysia the highest percentage across the ASEAN region.

Additionally, 33% of all Malaysian organizations reported more than a 50% increase in budget for 2023. Compared to 2022, it is a very positive trend as more organizations build resilience against cybersecurity threats. 80% of boardroom members of Malaysian businesses are also constantly having discussions on cybersecurity, either monthly or every quarter.

Unsurprisingly, this is because Malaysia experienced the highest number of disruptive attacks across ASEAN in the past year. A third of Malaysian organizations experienced a 50% or more increase in incidents, with malware (64%), ransomware attacks (64%), and password attacks (47%) the most concerning types of attacks.

At the same time, with the growing reliance on cloud-based services and applications, local businesses admit that they are most challenged in cybersecurity because of increased digital transactions. This exposes them to more cyber-risks (55%), and newfound risk from increased reliance on cloud-based services and apps (53%). Increased security risks from unsecured IoT devices connected to the network (49%) are also proving to be a key threat.

According to Dato’ Ts. Dr. Haji Amirudin Abdul Wahab, CEO of CyberSecurity Malaysia, the results from Palo Alto Networks’ report confirm that businesses are focusing on improving their cybersecurity.

“We do realize that Malaysia is behind when it comes to legislation. It’s not that we don’t have it but it is not being updated. The Communications and Multimedia Act is in in fact one of the first in the region. But now Malaysia has looked into the ecosystem, on the laws and acts in the region and decided that now is the time to update the act. We do not want to just copy exactly what other countries do. The law needs to understand the context of the country and the needs of the ecosystem.

Overall, the government agrees that the cybersecurity laws in Malaysia need to be updated. I believe in the next several months or year, it will be a busy time for Malaysia as it looks to make amendments to the regulation and legislation with regards to cybersecurity and data protection in the country,” said Dato Amirudin.

Cybersecurity challenges in Malaysia

In Malaysia, 29% of Malaysian businesses claim they have seen more than a 50% increase in disruptive attacks, the highest in the region. Malware remains the biggest challenge for businesses in Southeast Asia. Malaysia stands out among ASEAN countries, with 64% of businesses expressing fear of ransomware as a key concern in the upcoming year.

As such, the report also showed that 60% of Malaysian organizations are thinking of adopting big data or data lake applications as the top technology to mitigate cyber risks. And there are reasons for this. For one, it is because of the amount of data businesses are having to deal with today. Another reason is due to the increasing number of businesses moving their workloads to the cloud.

Moreover, businesses in ASEAN claim to have developed a 5G strategy but are concerned with securing 5G data and application layers. 50% of Malaysian organizations also see threats to cloud capabilities for virtualized 5G core as a concern, the highest in the region.

82% of Southeast Asian organizations admitted to having a common team that looks after IT and operational technology (OT) infrastructure and systems. While 60% detect OT incidents swiftly in two to three days, 40% face longer detection times of one to four weeks, with Malaysia taking the longest time.

David Rajoo, Head of Systems Engineering, ‎Palo Alto Networks, Malaysia revealed that this is because of the ability to detect a cyber incident happening in the environment. Most OT systems run in a silo environment, which makes detection longer.

“When an attack happens in OT, organizations only get a very myopic view of what’s happening. They don’t get a bigger picture in terms of how the event affects IoT and such. Siloed systems definitely lengthen the time in terms of the meantime to detect. But this can be shortened by automation or by collaborating as a team, to avoid the silos, both from a people perspective, as well as from a technology perspective. The telemetry a company gets off the OT security systems should also be merged or moved into an integrated data lake or platform itself,” said Rajoo.

Regionally, AI integration is the top technology that businesses across Southeast Asia are planning to adopt soon, particularly those in the telco, tech, and communications industries. Three key cybersecurity strategies are being considered by organizations in Malaysia. They are:

• Cloud security adoption (52%)
• Endpoint protection (43%)
• Securing IoT/OT (42%).

The report also stated that organizations in Malaysia are placing greater focus on endpoint protection compared to Southeast Asian countries.

Lack of cybersecurity workforce in Malaysia

While there has been increased allocation for the cybersecurity budget in Malaysia, there is still one problem many organizations are dealing with – the shortage of skills in cybersecurity. Most businesses in Malaysia still do not have a dedicated cybersecurity team, with vacancies reported in many industries.

The government is already working with tech companies and universities to solve the shortage. Some organizations are also outsourcing their cybersecurity to managed service providers. The lack of sufficient talent in cybersecurity has also led to smaller businesses feeling less confident in their cybersecurity.

Steven Scheurmann, Regional Vice President for ASEAN at Palo Alto Networks, pointed out that artificial intelligence (AI) in cybersecurity could solve these challenges. However, there is still some concern that AI in cybersecurity might replace human roles.

“The shortage in cybersecurity skills is not specific to Malaysia, it’s across ASEAN. It’s a global challenge. By automating and adopting AI and machine learning, you can automate the daily tasks, the daily configuration, and the daily compliance, and you can then eliminate the noise from all the threats and focus on the real potential attacks on your organization. The problem that organizations have now is the daily support activity.

There is also the time to go and investigate a potential threat. Most of the time, the investigation is chasing things that are not real. In the meantime, the real attackers come into your company and hurt you. As such, automation will allow you to do all the daily support activities. Security teams will be able to focus on more high-value-added types of activity. They can be more encouraged with their role and they can even build their skill sets,” explained Scheurmann.

Scheurmann acknowledges that burnout and turnover in cybersecurity are high. He also admits that the role is one of the highest priorities in the industry. If businesses continuously change staff to deal with threat response, they will never effectively manage threats.

“Automation will move this away. You will develop highly skilled individuals. People will become better tasked and be able to respond better. AI and machine learning is an excellent opportunity for us to all advance together. It’s not about replacing jobs. It’s about making us focused on the right things,” he concluded.

---

---

---

---