by S BIRRUNTHA / pic by TMR FILE
ABOUT 50% of small and medium businesses (SMBs) in Malaysia suffered a cyber incident in the last 12 months, according to a report titled Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defence by Cisco Systems Inc.
The report revealed that 67% of Malaysian businesses also lost their customer information to the hands of malicious actors as a result of these accidents.
It also noted that SMBs are more apprehensive about cybersecurity risks, with 74% saying they are more worried about cybersecurity now than they were 12 months ago, and 88% saying they feel exposed to cyber threats.
The study was based on an independent, double-blinded survey of over 3,700 business and IT leaders with cybersecurity responsibilities across 14 markets in Asia Pacific.
The survey highlighted that SMBs saw a myriad of ways in which attackers tried to infiltrate their systems.
Malware attacks, which affected 89% of SMBs in Malaysia, topped the charts followed by phishing, with 69% saying they experienced such attacks in the past year.
Cisco Malaysia MD Hana Raja said that SMBs have leveraged technology to continue to operate and serve their customers as they tackled the implications of the pandemic.
She added that this acceleration in digitalisation of SMBs across Malaysia has made SMBs more attractive targets for malicious actors, not least because digitised businesses have an expanded attack surface that hackers can target.
“In addition, digitalised SMBs generate more data, which malicious actors put a high price on.
“All of this is fuelling a critical need for SMBs to ensure they have the right strategy, solutions and capabilities to safeguard themselves on the cybersecurity front,” she said in a statement yesterday.
The report also highlighted that nearly four in 10 (39%) SMBs in Malaysia suffering a cyberattack noted that cybersecurity solutions not being adequate to detect or prevent the attack as the number one reason for these incidents.
Twenty-seven percent of them attributed not having cybersecurity solutions in place as the top factor.
According to Cisco, these incidents are having a tangible impact on business.
About 32% of Malaysian SMBs that suffered cyber incidents in the past 12 months said these cost the business US$500,000 (RM2.11 million) or more, with 6% saying that the cost was US$1 million or more.
Besides the loss of customer data, SMBs in Malaysia that suffered a cyber incident also lost internal emails (65%), employee data (59%), intellectual property (53%), sensitive business information (45%) and financial information (44%).
While 61% admitted it had a negative impact on their reputation. Disruptions caused by cyber incidents can have serious implications for SMBs, where 13% of SMBs in
Malaysia said that even a downtime of less than an hour results in severe operational disruption, while 32% said a downtime of between one to two hours can cause the same.
“While, 16% said that a downtime of even less than an hour would result in severe impact on revenue and 23% said a downtime between one or two hours would result in the same.
“Further, 6% said that a downtime of one day would result in a permanent closure of their organisation,” the report stated.
The scale of the challenge is highlighted by the fact that only 17% of respondents in Malaysia said they were able to detect a cyber incident within an hour.
The number of those that were able to remediate a cyber incident within an hour is even lower at 12%.
Commenting on this, Cisco Asean cybersecurity director Juan Huat Koo said that it is critical for SMBs to be able to detect, investigate, and block or remediate any cyber incident in the shortest time possible.
“We are living in a world where customers seek instant gratification and no longer have the patience for lengthy downtimes.
“To be able to do that, they need solutions that are easy to deploy and use, integrate well with each other and help them automate capabilities like detection, blocking and remediation of cyber incidents,” he noted.
Juan also added that SMBs need clear visibility across their entire user base and IT infrastructure including their cloud and ‘as a service’ deployments, and take a platform approach to cybersecurity.
Despite this, the Cisco’s report found that while Malaysian SMBs are more worried about cyber-security risks and challenges, they are also taking a planned approach to understand and improve their cybersecurity posture through strategic initiatives.
It noted that 77% of Malaysian SMBs have completed scenario planning and/or simulations for potential cybersecurity incidents in the past 12 months.
SMBs are also increasingly aware of where their biggest cyber threats come from and they generally have strong levels of investment in cybersecurity.