Cyber crimes rampant due to insufficient budgets and resources

There is no specific industry that is most attacked or more immune to cyber attacks

by S BIRRUNTHA/ pic credit:

Shier urges the companies to start engaging with their decision makers to ensure they invest in the ongoing awareness activities for all employees

CYBER ATTACKERS on businesses continue to rage as business owners allocate insufficient budget to buy the right tools to protect their data.

UK-based security software company, Sophos, in its latest research survey, noted 72% of Malaysian respondents found it difficult to recruit skilled cyber security experts into their companies.

Almost 51% of them don’t think they have the necessary resources to secure their digital assets, including a competent cyber security team in place to properly detect, investigate and respond to threats.

Sophos senior security expert John Shier said most organisations don’t have enough people nor money to buy the efficient resources that will help them alleviate the burden of cyber attacks.

“It doesn’t stop there, staying up to date is also a challenge for businesses. Many executives believe their organisations won’t be hacked, and that security is easy to do.

“This means there’s a communication problem at the highest level of organisations to identify clearly what the problems are and outline the priorities and strategies that need to be implemented to combat these problems,” he told The Malaysian Reserve in a recent interview.

Shier added, if companies struggle to put the right product and people to manage and identify security issues, then that is very likely going to leave their data vulnerable to attacks.

According to the Malaysia Computer Emergency Response Team cyber security statistics, there are a total of 7,667 cases of cyber attacks recorded from January to September 2019.

The top three cases that were recorded in the period were fraud with 5,506 cases, intrusion (1,025) and malicious codes (515).

To protect their data, most companies now tend to place important documents and data into the Cloud, hoping someone else will deal with it.

“While this sounds convenient, its fraught with danger as an attacker may get access to all your data because it’s not secured properly.

“Cyber threats are such a large issue, so you need to use technology and resources in a way that is most advantageous and effective.

“That means you’re going to need the technology that prevents as many of the cyber threats as possible but of course, without an adequate budget, you can’t buy it.

“Then, you’re going to need humans to figure out what’s getting through and how to deal with it. And if you can’t recruit the right talent, you’re never going to find out,” he said.

Shier said there is no specific industry that is most attacked or more immune to cyber attacks.

“Of course, there are certain sectors that are at higher risk for a higher calibre of attack. Things like critical infrastructure and manufacturing are the kinds of things that attackers are after,” he explained.

Hence, such companies must fortify their networks and protect their data.

The latest survey conducted by Sophos noted 83% of respondents saying staying up to date with cyber security technology is challenging.

To overcome this, companies are urged to start engaging with their decision-makers to ensure they invest in the ongoing awareness activities for all employees.

Additionally, this will provide security personnel with the knowledge and tools to reduce the risks of cyber security threats.

According to Shier, there are now more opportunities for both the public and private sectors to join forces to educate businesses of all sizes to take action in securing cyberspace.

This education is two-fold, he explained. First is to raise awareness among employees around protecting not only themselves online but also the data they are entrusted with.

“Secondly, it’s about ensuring we are constantly upskilling our security and IT experts to better understand cyber threats and the methods available to protect their organisations from these threats,” Shier said.

“A common mistake organisations make is they leap into a project to get the technology up and running, get everybody connected, and then try to retrofit security later.

“It is very important that they embark on their digital transformation journey with security embedded from the outset and not as an afterthought,” he said.

As businesses embark on their digital transformation journeys, many have started to adopt machine learning and technological solutions that are integrated with artificial intelligence (AI).

Shier said it is also important for businesses to effectively adopt solutions that are readily available in the market at a time when many technology vendors are pushing AI and machine learning quite heavily for every industry.

“I would caution businesses that are looking to consume these technologies to first get a firm understanding of whether machine learning will truly make their products better, as not every product is going to benefit from machine learning.

“If it does help increase the effectiveness of the technology, then businesses should understand that and figure out how it can be integrated into either their existing product set or how it fits with their business given that it might incur additional costs,” he added.

Since the cyber attacks cases are constantly on the rise in Malaysia, Shier has emphasised the importance of businesses of different sizes to be well-prepared for cyber security.

“Businesses need to scale their preparedness and consumption of technology in proportion with their user base, budgets and the service that is being provided. There is no equation for this.

“If it’s a small business, I would suggest getting in touch with an expert that can help an organisation understand what their cyber security needs are and how the right technology will help their business.

“If it’s a large business, then they will probably have some cyber security capability already.

“I would advise these organisations to use technology wisely, keep it up to date and make sure security always has a seat at the boardroom table,” he affirmed.

Organisations that have fell victim to cybercrime can lodge a report to the Cyber999 Help Centre, a platform that provides emergency response to computer security- related emergencies.

The report can be filed online, e-mail, SMS, phone call, printed copy, via the Cyber999 mobile app or by simply walking into CyberSecurity Malaysia’s office in Putrajaya.