KUALA LUMPUR: A new study by BlackBerry Ltd has revealed that a majority of Malaysian IT decision-makers reported receiving notifications of an attack or vulnerability in their software supply chain within the past 12 months.
The intelligent security software provider, which surveyed 100 Malaysian companies, stated that over three-quarters (79 per cent) of the country's software supply chains were exposed to cyberattacks, surpassing the global average of 76 per cent.
It said nearly a third of Malaysian respondents identified operating systems (30 per cent) and internet of things (IoT)/connected components (19 per cent) as the most at risk, with these areas continuing to have the greatest impact on organisations.
"This risk comes at a price, with financial loss (71 per cent), reputational damage (66 per cent) and data loss (59 per cent) being the most significant consequences following a supply chain attack," the company said in a statement.
The insights from a global survey of IT decision-makers and cybersecurity leaders, conducted in April 2024 by Coleman Parkes, follow the Malaysian Government's recent gazetting of the 2024 Cyber Security Act (Act 854) on June 26 and the announcement of its National Semiconductor Strategy (NSS) in May.
The report findings underline the profound need for secure-by-design software practices for IoT components and robust regulation to strengthen security and protect the IT supply chain, aligning with the NSS's plans for investment in skills and technology.
The study confirmed that Malaysian organisations have implemented stringent security measures to prevent software supply chain attacks, including security awareness training for staff (58 per cent), data encryption (48 per cent), and multi-factor authentication (47 per cent).
However, vulnerability disclosure was ranked lower (43 per cent).
"Although the Software Bill of Materials (SBOMs) was rated even lower (40 per cent), international regulatory and compliance requirements may elevate its importance over the next 12 to 24 months, particularly for manufacturing companies designing and trading technology components with global markets," it said.
BlackBerry Cybersecurity's chief information security officer, Christine Gadsby said progressive governments, like Malaysia, are increasingly implementing regulatory measures and investing in skills and technology to safeguard critical infrastructure and key industries from cyberattacks.
"In an uncertain geopolitical climate, widely distributed sectors such as semiconductor manufacturing remain lucrative targets for threat actors seeking maximum global impact.
"Hence, a comprehensive approach to cybersecurity encompassing all aspects—skilled workers, secure-by-design products, and modern AI monitoring tools—will contribute to building trust in key Malaysian industries and future economic growth," she said.