IN an era marked by remote and hybrid work models, the workforce has experienced a paradigm shift, forever altering the traditional Malaysian workplace.
The adoption of these flexible working arrangements, influenced by the global Covid-19 pandemic, has seen an astounding 92 per cent of respondents in Asia Pacific embrace hybrid or fully remote work, according to a survey by cybersecurity company Fortinet.
However, while these arrangements offer convenience and freedom, they also usher in a new era of cyber threats, making humans the last line of defence against cyber attacks.
Vishak Raman, who is Fortinet's vice-president for India, Southeast Asia, Hong Kong, and Australia/New Zealand, highlighted the inherent risks: "Unprotected endpoints and untrained employees can expose organisations to significant security risks, as evidenced by the increase in cybersecurity incidents in recent years."
CHALLENGES WITH SECURING THE HYBRID WORKFORCE
Remote and hybrid work arrangements provide employees with unprecedented convenience and freedom.
Still, they also provide cyber attackers with new opportunities to breach organisations' systems and disrupt operations.
Fortinet's research reveals that 30 per cent of connected devices in Malaysia's hybrid workspace is not managed, causing concerns among 56 per cent of security leaders who predict a 50 per cent increase in cybersecurity incidents by 2025.
The 2023 Global Cybersecurity Skills Gap Report by Fortinet paints an alarming picture.
It shows that 92 per cent of local organisations suffered one or more breaches in the past 12 months, marking a significant increase from 80 per cent in 2022.
Even more concerning is that 45 per cent of these incidents cost over US$1 million to resolve.
Intrusion became the second most reported incident type in 2022, according to statistics from the Malaysia Computer Emergency Response Team (MyCERT), underscoring the urgency for IT and security teams to equip their workforce with proper safeguards.
STRENGTHENING THE HUMAN FIREWALL
Raman emphasised the need for a paradigm shift in addressing cybersecurity concerns: "Employees should receive due focus from security teams, especially as those who lack knowledge on the importance of cyber hygiene become the perfect targets for threat actors to attack organisations," he said.
"Protecting systems goes beyond managing endpoints; it requires a proactive approach. This proactive approach starts with training users to identify intrusion attempts before they occur.
"Recognising signs such as frequent typos, unusual requests and inconsistent links can thwart phishing attacks," he added.
Collaboration between C-suite executives and security experts is crucial for building and enforcing guidelines that foster a cyber-secure culture across the organisation.
Raman lamented the cybersecurity knowledge gap, saying that 86 per cent of Malaysian respondents in the skills gap report were concerned about this gap exacerbating cyber risks.
Educating employees on identifying potential incidents and responding effectively is not just worthwhile but essential for cyber resilience.
BEST PRACTICES FOR CYBER RESILIENCE
To address these challenges, Raman said security teams need to raise awareness about best practices in cyber hygiene.
"These practices range from not sharing sensitive information on public networks to ensuring visited websites are encrypted.
"Collaboration between the public and private sectors can also reinforce cyber threat readiness, particularly through initiatives involving educational institutions," he said.
Training employees to operate essential security tools is paramount in countering cyber threats.
"Security personnel and managers should be proficient in using privileged access management (PAM) solutions to detect potential intrusions early. Additionally, employees trained in security reporting tools can act as extra sets of eyes, making it more challenging for cyberattacks to remain undetected."
Besides that, understanding the nature and value of the data they handle is crucial for employees.
In conclusion, Raman said every member of the organisation has a role in outmanoeuvring current and future cyber threats.
"Security teams must take a leadership role in enhancing the human firewall, fortifying the security posture of Malaysian organisations.
"By doing so, they position themselves to thrive in this ever-evolving landscape of cybersecurity challeng
es," he added.