PETALING JAYA: While SMEs stand at the forefront of innovation and economic growth, the Malaysian Digital Economy Corporation (Mdec) reported that in 2019, 84% of them experienced cyber threats and 76% had faced it more than once.
A study conducted last year by the SME Association of Malaysia said only 26% of SMEs have chosen to digitalise their operations or use e-commerce platforms in 2021, while the remaining 57% have yet to do so.
Speaking to theSun, Cyber security company Novem CS CEO Murugason Thangaratnam said SMEs are advised to install cyber security systems to protect against hackers.
“SMEs are three times more likely to be targeted by cybercriminals. They are particularly vulnerable to ransomware attacks as even small amounts in ransom could affect them due to their small profit margins.”
Murugason said all SMEs should conduct a “health check” to identify their security risks.
Once this is done, their requirements will be identified and they can proceed to plan their cyber security investment.
“There are many professional cyber security firms that provide health checks and it may not cost SMEs a large sum of money. Some solutions may just involve improving internal processes and increasing awareness of cyber hygiene,” he said.
While there are many methods used by cybercriminals to hack into companies, “phishing” remains the most preferred method to gain access to confidential information because it involves social engineering.
Other indications include a sudden increase in network traffic, login anomalies and access at odd hours or from unusual locations, numerous failed login attempts, slow computer systems or network operations, and unrecognised login requests.
Murugason said some of the biggest cyber security threats to SMEs come from employee behaviours and habits.
“These threats range from a suspicious link that redirects the user to a fake website or a cybercriminal posing as an interested customer to trick staff into giving away sensitive information.”
By investing in cyber security awareness training, Murugason said SMEs can show their customers and partners that they take data protection seriously, and are taking proactive measures to prevent cyber attacks.
“Employees must exercise good judgement to keep their enterprise secure. It is mandatory to train employees against scams and deception techniques so that they practise cyber hygiene and never put the business at risk.”
In terms of data breaches, he said different sets of data provide different information to owners and cyber attackers.
“The available information depends on the nature of the business, its importance in the supply chain and what cybercriminals consider the enterprise’s most valuable assets.
“However, cybercriminals typically target high-value accounts for takeover. Those that are usually managed by the organisation’s CEO or chief financial officer are twice as likely to be taken over compared with the average employee,” he said.
There are government organisations in Malaysia that can provide help to corporations experiencing a cyber attack, such as the Malaysia Computer Emergency Response Team (MyCERT).
MyCERT’s Cyber999, a cyber security incident response centre, revealed that in the third quarter of 2022, it received 2,240 incidents of cyber attacks, an increase of 13% over the second quarter of the same year.
