Malaysia's journey towards true cybersecurity maturity

Malaysia’s journey towards true cybersecurity maturity

Cybersecurity in Malaysia: A reality check on readiness and resilience

  • Only 2% of organizations in Malaysia are deemed ‘Mature’ in cybersecurity readiness.
  • The Malaysian government introduces the Cyber Security Bill 2024 to strengthen national cybersecurity measures.

Malaysia is no stranger to the cybersecurity landscape, having been involved in and targeted by a significant number of cyberattacks and data leaks. These incidents raise questions about the country’s readiness to face cyber threats within this evolving cybersecurity environment.

The 2024 Cybersecurity Readiness Index for Malaysia

In Cisco’s 2024 Cybersecurity Readiness Index, it is revealed that only two percent of organizations in Malaysia are classified at the ‘Mature’ level for readiness. This classification indicates robust resilience against the myriad of modern cybersecurity risks that today’s businesses face.

This critical assessment arrives at a time when hyperconnectivity defines our era, alongside a threat landscape that is rapidly evolving. Businesses are incessantly bombarded with sophisticated cyber threats, ranging from phishing and ransomware to supply chain attacks and social engineering tactics. Despite concerted efforts to fortify defenses against these onslaughts, many organizations are burdened by their complex security frameworks, which often consist of disparate point solutions.

The complications of defending against cyber threats are further amplified in today’s distributed work environment, where organizational data is dispersed across an infinite array of services, devices, applications, and user interfaces.

Yet, despite these daunting challenges, a surprising 85% of companies profess a moderate to a high level of confidence in their cybersecurity defenses, despite their actual state of preparedness. This stark disparity between perceived confidence and actual readiness points to a potentially dangerous overestimation of their cybersecurity capabilities and a failure to accurately gauge the magnitude of the threats they face.

The 2024 Cisco Cybersecurity Readiness Index undertakes a comprehensive examination of organizational preparedness against cyber threats across five critical domains: Identity intelligence, network resilience, machine trustworthiness, cloud reinforcement, and AI fortification. These domains encompass 31 distinct solutions and capabilities, evaluated through a double-masked survey of more than 8,000 security and business leaders across the globe.

2% of organizations in Malaysia are classified at the 'Mature' level for readiness cybersecurity.

2% of organizations in Malaysia are classified at the ‘Mature’ level for readiness. (Source – Cisco)

The survey’s respondents were asked about their deployment of these cybersecurity measures, classifying them into four ascending stages of readiness: Beginner, Formative, Progressive, and Mature.

Jeetu Patel, Cisco’s Executive Vice President and General Manager of Security and Collaboration, cautions against the peril of overconfidence within the organizational psyche, advocating for a strategic shift towards integrated security platforms and leveraging AI to scale defense mechanisms effectively.

The findings from the study paint a grim picture of readiness among Malaysian companies, with a mere two percent poised to effectively counter contemporary cyber threats. A significant majority find themselves at the lower echelons of cybersecurity maturity, ill-prepared for the inevitabilities of the cyber threat landscape.

Forecasting cyber risks and financial implications

Moreover, the study forecasts a high likelihood of future cybersecurity incidents and sheds light on the financial ramifications of such breaches, with some incidents costing organizations upwards of US$300,000. The reliance on multiple cybersecurity point solutions has proven counterproductive, hampering the swift detection, response, and recovery from incidents. This issue is exacerbated by the admission from a vast majority that the cumbersome management of numerous point solutions slows their security operations.

The survey also highlights the pervasive issue of unmanaged device access, critical talent shortages, and the ambitious plans of organizations to significantly bolster their IT infrastructures and cybersecurity measures in the near term. This includes a notable emphasis on upgrading existing solutions, deploying new technologies, and a considerable increase in cybersecurity budgets.

Addressing the complex challenges posed by today’s threat landscape necessitates a concerted effort from companies to accelerate their investment in security infrastructure, adopt innovative security measures, and embrace a platform-based approach to cybersecurity. This strategy is essential for enhancing network resilience, making meaningful use of AI, and bridging the significant cybersecurity skills gap.

Hana Raja, Managing Director of Cisco Malaysia, underscores the complexity of the current cybersecurity environment, pointing out the lag in cyber resilience among organizations globally, including those in Malaysia. Raja advocates for a comprehensive platform approach to cybersecurity, which promises a simplified, secure, and holistic view of an organization’s security posture, enabling businesses to better navigate and exploit the advantages of emerging technologies amid the ever-evolving threat landscape.

The first reading of the Cyber Security Bill 2024

Recognizing that only a small fraction of companies in Malaysia achieve a “Mature” status in cybersecurity preparedness, the Malaysian government acknowledges the critical need to bolster cybersecurity nationwide. Consequently, the Cyber Security Bill 2024 has been introduced, marking its initial reading in Parliament. Aimed at strengthening national cybersecurity, this legislative proposal was presented by Digital Minister Gobind Singh Deo on March 25th.

The Star reported that The bill is scheduled for a second reading during the ongoing session of the Dewan Rakyat and outlines a comprehensive approach to elevate cybersecurity standards. It mandates adherence to specific measures and standards for improved national security, detailing protocols for managing cybersecurity incidents that affect the country’s critical national information infrastructure.

Additionally, the legislation proposes the creation of a National Cyber Security Committee and defines the responsibilities and authority of the National Cyber Security Agency’s chief executive officer. It includes provisions for the licensing of cybersecurity service providers and establishes the role of a national critical information infrastructure sector lead.

According to the bill, the Digital Minister, following recommendations from the chief executive, may designate any government body or individual as the sector lead for national critical information infrastructure, potentially appointing multiple leads for various sectors. These appointments will be officially announced on the National Cyber Security Agency’s website.

The sector leads will be responsible for developing a code of practice and creating and updating guidelines on best practices for managing cybersecurity. The National Cyber Security Agency has stated that the proposed bill will legally empower it to define and enforce cybersecurity standards for entities deemed as National Critical Information Infrastructure. Failure to comply with these standards could result in legal repercussions.