PETALING JAYA: Malaysia has the potential to lose RM51 billion due to cyber security incidents, which accounts for more than 4% of the country’s total gross domestic product, and cybersecurity is the main component in curbing cyber incidents and threats that can threaten the sovereignty and economy of the country, according to Malaysia Digital Economy Corp (MDEC).

Earlier this month, Bank Negara Malaysia had to suspend the Central Credit Reference Information System services to credit reporting agencies because of a potential cyber threat and the possibility of data leak in the credit reporting industry.

Concurrently, Kaspersky Security Network for Malaysia said the number of web threats soared 56% to 28.93 million in the second quarter (Q2’21) from 18.53 million in the first quarter (Q1’21).

MDEC digital infrastructure and services director Wan Murdani Wan Mohamad said 84% of SMEs in Malaysia have been compromised in one way or another by cyber threat incidents, while 76% of SMEs have suffered more than one attack.

The remote work and quarantine culture that arose from the Covid-19 pandemic forces individuals to go virtual and digital that introduces new windows for potential cybercrime and cyberattacks.

“Savvy cybercriminals know that social engineering works best when focusing on human emotions such as fear, curiosity, greed, helpfulness, and urgency. It is no surprise that phishing attacks in Malaysia have increased since the pandemic began, as recently shown in the latest survey titled Phishing Insights, 2021 by security company Sophos,” Wan Murdani told SunBiz.

According to statistics by the Royal Malaysian Police, the number of cybercrime cases reported in Q1’21 was 4,327 and the losses involved totalled RM77 million. Last year, the number of cases totalled 14,229, with total losses of RM413 million.

Kaspersky Southeast Asia general manager Yeo Siang Tiong said three trends on cyberattacks and security threats the company observed this year are remote working cybersecurity risks, social engineering attacks, and ransomware.

“Working from home poses new cybersecurity risks as home offices are often less protected than centralised offices. In the rush to keep things operational, traditional security vetting may not have been as rigorous as usual, with cybercriminals adapting their tactics to take advantage.

“Many employees are using personal devices for two-factor authentication and mobile messaging applications to communicate with clients. These blurred lines between personal and professional life increase the risk of sensitive information falling into the wrong hands.

“Therefore, a critical cyber security trend is for organisations to focus on the security challenges of distributed workforces. This means identifying and mitigating new security vulnerabilities, improving systems, implementing security controls, and ensuring proper monitoring and documentation,” Yeo told SunBiz.

He said social engineering attacks such as phishing have been targeting remote workforces where attackers aim at individuals connecting to their employer’s network from home because they make easier targets. Also, there are traditional phishing attacks on employees and an uptick in whaling attacks targeting executive organisational leadership.

“Organisations are increasing their protection against phishing, but criminals are always looking for new ways to stay ahead. This includes sophisticated phishing kits which target victims differently depending on their location,” Yeo said.

On the growing threats of ransomware, he said there are more than 120 separate families of ransomware and hackers have become adept at hiding malicious code.

“Ransomware is a relatively easy way for hackers to gain financial rewards, which is partly behind its rise. Another factor was the Covid-19 pandemic. The accelerated digitisation of many organisations, coupled with remote working, created new targets for ransomware. Both the volume of attacks and the size of demands increased as a result.”

Extortion attacks involve criminals stealing a company’s data and then encrypting it so it cannot access it. Afterwards, cybercriminals blackmail the organisation, threatening to release its private data unless a ransom is paid.

The burden of this cyber threat is significant given the sensitive data at stake as well as the economic impact of paying the ransom.

“In 2021, we have seen multiple incidents that prove ransomware attackers are becoming more sophisticated in their phishing exploits through machine learning and with more coordinated sharing on the dark web.

“Hackers typically demand payment in cryptocurrencies which are difficult to trace. We can expect to see more ransomware attacks on organisations that are not cyber secure in the near term,” he said.

Clickable Image
Clickable Image
Clickable Image