KUALA LUMPUR: Trend Micro, a global cybersecurity company shared the findings of its latest global Cyber Risk Index (CRI) for the second half of 2021, which revealed that more than half of the respondents, or 67 per cent of organisations in Malaysia think they'll be successfully attacked in the next 12 months, with 22 per cent claiming this is "very likely" to happen.
The semi-yearly report aims to measure the gap between respondents' preparedness of attack and their likelihood of being attacked. In the second half of 2021, CRI report surveyed more than 3,400 chief information security officers (CISOs) as well as IT practitioners and managers across Asia-Pacific, North America, Europe, and South America.
The CRI index value scoring is derived based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. The current CRI in Malaysia stands at 0.37, an increase from the 0.08 CRI score recorded in the first half of 2021, indicating an improvement in the state of cybersecurity preparedness in the country.
For Malaysia, 87 per cent agreed to have suffered one or more successful cyber attacks in the past 12 months with 31 per cent suffered more than seven cyber attacks that infiltrated networks/systems; 26 per cent had more than seven data breaches of information assets; and 24 per cent suffered more than seven breaches of customer data over the past year.
Trend Micro Malaysia and Nascent Countries' managing director, Goh Chee Hoh, in a statement released to share the findings of the report, said that in order to craft effective cybersecurity strategies, organisations must master the art of risk management and this is where reports like the CRI can be a great resource in highlighting areas of possible concern.
The CRI report also highlighted the top five cyber threats in Asia-Pacific (APAC), which include phishing and social engineering—where attacks that are often scams used to steal user data with fraudulent messages usually via emails or text with links or attachments; Botnets—cybercriminals infiltrate and gain control of the organisations' network; Fileless attack—a malware that uses legitimate tools built in the system to execute an attack; Ransomware, where when attack happens it withholds critical or personal data, usually to extort payment or exchange something from victims; and Denial of Service (DoS)—an attack that disrupts and prevents the daily operational functions.
When it comes to security risks within IT infrastructure, organisations are most worried about mobile or remote employees, across third-party applications, and mobile devices such as smartphones.
"As remote working and digital infrastructure threats persist, organisations should adopt a platform-based approach to optimise security whilst minimising their security sprawl," said Goh.
APAC organisations also ranked the top five negative consequences of an attack are stolen or damaged equipment, cost of outside consultants and experts, regulatory actions or lawsuits, reputation or brand damage, and customer turnover.
"Organisations are facing demanding security challenges every day, from software vulnerabilities, data breaches, to ransomware attacks and more," said Ponemon Institute's chairman and founder, Dr Larry Ponemon.
This highlights the ongoing challenge many organisations have around securing the digital investments they made during the pandemic. Such investments were necessary to support remote working, drive business efficiencies and agility, and understand the corporate attack surface.
"The semi-annual survey has been a tremendous asset in evaluating the rapidly evolving cyber risk landscape to help organisations improve security readiness and serving as a guidance in strategic planning," added Ponemon.