Few Malaysian companies ready to defend against cyberattacks
ONLY two per cent of organisations in Malaysia have the ‘Mature’ level of readiness needed to be resilient against modern cybersecurity risks, according to Cisco’s 2024 Cybersecurity Readiness Index.
The index has been developed in an era defined by hyperconnectivity and a rapidly evolving threat landscape.
Cisco said companies today continue to be targeted with a variety of techniques ranging from phishing and ransomware to supply chain, and social engineering attacks.
And while they build defences against these attacks, they still struggle to defend against them, slowed down by their own overly complex security postures that are dominated by multiple-point solutions.
These challenges are compounded in today’s distributed working environments where data can be spread across limitless services, devices, applications and users.
However, Cisco said 85 per cent of companies still feel moderately to very confident in their ability to defend against a cyberattack with their current infrastructure — this disparity between confidence and readiness suggests that companies may have misplaced confidence in their ability to navigate the threat landscape and may not be properly assessing the true scale of the challenges they face.
WHAT THE INDEX ASSESSES
The Index assesses the readiness of companies on five key pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement and AI Fortification, which comprise 31 corresponding solutions and capabilities.
According to Cisco, it is based on a double-blind survey of more than 8,000 private sector security and business leaders across 30 global markets conducted by an independent third party.
The respondents were asked to indicate which of these solutions and capabilities they had deployed and the stage of deployment.
Companies were then classified into four stages of increasing readiness: Beginner, Formative, Progressive and Mature.
“We cannot underestimate the threat posed by our own overconfidence,” said Jeetu Patel, Cisco executive vice-president and general manager of security and collaboration
“Today’s organisations need to prioritise investments in integrated platforms and lean into artificial intelligence (AI) in order to operate at machine scale and finally tip the scales in the favour of defenders.”
FINDINGS
Overall, the study found that only two per cent of companies in Malaysia are ready to tackle today’s threats, with more than half (66 per cent) falling into the beginner or formative stages of readiness. Globally, three per cent of companies are at a Mature stage. The study also found that:
• Future cyber incidents expected: Seventy-seven per cent of respondents expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. The cost of being unprepared can be substantial, as 73 per cent of respondents said they experienced a cybersecurity incident in the last 12 months, and 44 per cent of those affected said it cost them at least US$300,000.
• Point solution overload: The traditional approach of adopting multiple cybersecurity point solutions has not delivered effective results, as 87 per cent of respondents admitted that having multiple-point solutions slowed down their team’s ability to detect, respond and recover from incidents.
• Unsecure and unmanaged devices add complexity: Ninety-two per cent of companies said their employees access company platforms from unmanaged devices, and 44 per cent of those spend one-fifth (20 per cent) of their time logged onto company networks from unmanaged devices. Additionally, 26 per cent reported that their employees hop between at least six networks over a week.
• The cyber talent gap persists: Progress is being further hampered by critical talent shortages, with 91 per cent of companies highlighting it as an issue. In fact, 44 per cent said they had more than 10 roles related to cybersecurity unfilled in their organisation at the time of the survey.
• Future cyber investments ramping up: Companies are aware of the challenge and are ramping up their defences with more than half (59 per cent) planning to significantly upgrade their IT infrastructure in the next 12 to 24 months. This is a marked increase from just one-third (34 per cent) who planned to do so last year. Most prominently, organisations plan to upgrade existing solutions (79 per cent), deploy new solutions (57 per cent) and invest in AI-driven technology (58 per cent).
OVERCOMING THE CHALLENGES
Cicso said to overcome the challenges of today’s threat landscape, companies must accelerate meaningful investments in security, including adoption of innovative security measures and a security platform approach, strengthen their network resilience, establish meaningful use of generative AI, and ramp up recruitment to bridge the cybersecurity skills gap.
“The threat landscape today is more complicated than ever and organisations globally, including those in Malaysia, continue to lag in their cyber resilience.
“Companies need to adopt a platform approach that will provide a simple, secure, single pane of glass view into their entire architecture to strengthen their security posture and best take advantage of the opportunities that come with emerging technology," said Cisco Malaysia managing director Hana Raja.