KUALA LUMPUR: Cybersecurity is a continuous battle, and even the most advanced nations such as the US, still have significant gaps.
In fact, the US is facing a major shortfall in cybersecurity professionals, with nearly 300,000 unfilled positions — something its own National Security Agency (NSA) considers a national threat.
The situation highlights a key measure of cybersecurity maturity, which is the availability of trained professionals.
Malaysia, like many countries, faces a similar challenge. While some universities offer cybersecurity programmes, the number of graduates remains too low to meet growing threats.
Full Armour Corporation founder and CEO Danny Kim, a global cybersecurity expert, said the shortage of trained experts is one of the biggest gaps that must be addressed.
Kim, who was in Kuala Lumpur recently under the invitation of the Asian Institute of Insurance to train C-Suite personnel of insurance companies, also highlighted another critical area, which is policy and regulation.
“The US has already enacted strict laws that mandate companies to report cybersecurity breaches, with penalties for non-compliance.
“This level of enforcement ensures greater transparency and accountability. Malaysia is beginning to follow suit, with efforts to introduce regulations requiring incident reporting and even cybersecurity training at the board level.
“These are positive steps, but more comprehensive policies are needed,” he told SunBiz.
He said corporate preparedness is also a crucial factor. Many businesses, especially small and medium-sized enterprises (SME), lack the expertise to detect, respond to, and mitigate cyberattacks.
“Ransomware incidents, for instance, have targeted Malaysian businesses multiple times, often because companies do not have the necessary defences in place.
“Even when breaches are identified, organisations may struggle to understand how they occurred — making them vulnerable to repeated attacks.
“Ultimately, Malaysia has made progress, but it must continue strengthening its cybersecurity framework.
“Expanding the talent pipeline, enforcing stricter regulations, and improving corporate awareness are essential to ensuring the nation is well-prepared to handle evolving cyber threats,” Kim said matter-of-factly.
Elaborating further, Kim said ransomware attacks can be mitigated with proper cybersecurity measures.
“One of the most effective defences is a strong data back-up system. Since ransomware typically works by locking access to a company’s data and demanding payment to restore it, securing backups allows businesses to recover without giving in to demands.
“While there may still be some data loss, a well-maintained backup system significantly reduces the impact,” he said.
He also said many ransomware attacks succeed because companies leave vulnerabilities open.
“A lack of employee cybersecurity training, weak security policies, and poor compliance measures create opportunities for attackers. Businesses often focus on operations and growth while overlooking cybersecurity best practices, which are now critical rather than optional,” he said.
Kim said in many cases, organisations may not even be aware they have been breached.
A ransomware attack, while damaging, at least makes the intrusion known. The greater risk is when attackers gain access to sensitive data without detection, leading to devastating long-term consequences.
Strengthening cybersecurity frameworks, implementing regular security audits, and ensuring staff are trained in threat prevention are essential steps to reducing ransomware risks, Kim said.
He said with a shortage of cybersecurity experts, artificial intelligence (AI)-driven solutions are becoming essential, especially for small- and mid-sized businesses.
“AI can capture expert knowledge, analyse networks, detect threats, and provide real-time security recommendations — functions that typically require a skilled security team.
“As cybercriminals use AI to scale attacks, companies must integrate AI into their defences.
“These solutions offer a cost-effective scalable and reliable alternative, ensuring businesses stay protected in an increasingly complex threat landscape,” Kim said.
