malaysian organizations

(Source – Shutterstock)

72% of Malaysian organizations breached in past year

A huge 72% of Malaysian organizations were breached at least once in the past year. What makes it more concerning is that there has been no serious action taken against any of the organizations that suffered from data breaches.

The findings come from Trend Micro’s semi-annual Cyber Risk Index (CRI) report, compiled by the Ponemon Institute from interviews with over 4,100 organizations across North America, Europe, Latin/South America, and Asia-Pacific.

Organizations in North America and Asia-Pacific saw an increase in their cyber risk in the second half of 2021. This means that the respondents feel more risk associated with preparing for cyberattacks as well as a higher risk of the current threats targeting them.

The report also revealed several other concerning findings. This include:

  • 29% suffered more than 7 breaches of customer data over the past year
  • 36% had more than 7 data breaches of information assets
  • 90% claimed to have suffered one or more successful cyberattacks in the past 12 months
  • 80% of organizations in Malaysia think they will be successfully attacked in the next 12 months; 22% are claiming this is “very likely” to happen.

“You can’t protect what you can’t see. But with hybrid working ushering in a new era of complex, distributed IT environments, many organizations are finding it difficult to eradicate growing security coverage and visibility gaps. To avoid the attack surface spiralling out of control, they need to combine asset discovery and monitoring with threat detection and response on a single platform,” commented Goh Chee Hoh, Managing Director of Trend Micro Malaysia and Nascent Countries.

As Malaysia’s CRI index moved from 0.37 in 2H 2021 to –0.04 in 1H 2022, it indicates that the risk has increased from moderate to elevated. This trend is also reflected elsewhere in the data whereby 62% of respondents surveyed said their organization is not able to contain most cyberattacks and only 44% is prepared to deal with data breaches and cybersecurity exploits.

In 2022, Malaysia has already experienced several major cybersecurity incidents. Among them include the data leak of 22.5 Malaysians on the dark web, with the data supposedly from the National Registration Department. Another major data incident involved a payment gateway service provider while several local bank customers have also reported that their accounts have been compromised by scammers.

Despite this, none of the organizations involved have been charged or faced any consequences for the data breaches. No fines were given as well. Cybersecurity Malaysia and the National Cybersecurity Agency, two government agencies that supposedly oversee data protection in the country also continue to state that they are not the body responsible for investigating data breaches.

The top four data types at the highest risk of loss or theft in Malaysia include financial information, consumer data, business communications (email), and human resource (employees) files. These data types are rated as critical to a business’s operations and livelihood.

From the business perspective, one of the biggest concerns is the misalignment between CISOs and business executives. Based on the scores given by the respondents, “My organization’s IT security objectives are aligned with business objectives” organizations in Malaysia recorded 5.10 out of 10. By addressing the shortage of cybersecurity professionals and improving security processes and technology, organizations will significantly reduce their vulnerability to attacks.

Overall, respondents in Malaysia rated the following as the top cyber threats in the first half of 2022:

  • Advanced Persistent Threats
  • Clickjacking
  • Crypto mining
  • Fileless attacks
  • Ransomware

“The CRI continues to provide a fascinating snapshot of how global organizations perceive their security posture and the likelihood of being attacked. The stakes couldn’t be higher in the face of stiff macroeconomic headwinds. Respondents pointed to the high cost of outside expertise, damage to critical infrastructure, and lost productivity as the main negative consequences of a breach,” stated Dr. Larry Ponemon, chairman and founder of Ponemon Institute.