Intrusion attempts and malicious codes make up the other top 3 threats reported 

By AZREEN HANI / Graphic MZUKRI

ABOUT 71% out of 10,016 cases of cyber incidents reported to the Cyber999 last year were fraud-related, based on data from the cyber security incident response centre operated by the Malaysia Computer Emergency Response Team (MyCERT). 

“Out of over 10,000 cyber security incidents reported to MyCERT last year, 71% were fraud-related, while intrusion attempts and malicious codes make up the top three threats reported,” KPMG Malaysia’s technology risk and cyber security head Ubaid Mustafa Qadiri said in a statement yesterday. 

“Cybercrime is changing as criminals avail themselves of new technology, which means our approach to cyber security must evolve as well,” he added. 

A study referenced in the Malaysia Cyber Security Strategy 2020- 2024 stated that Malaysia has the potential to lose RM51 billion due to cyber security incidents, which accounts for more than 4% of the country’s total GDP. 

“Whether it’s advanced persistent threats, ransomware, backdoor attacks or something we’ve yet to see, there will likely always be new perils with which to contend. 

“We have found that a lack of preparation and being overly reactionary can be as detrimental as the actual cyber incident. That’s why it’s so important to have a plan, test your responses according to different scenarios and understand the depth and breadth of potential cyber incidents to your business,” Ubaid said further. 

KPMG said accelerated digital transformation since the pandemic has highlighted how lack of preparation can be just as detrimental to organisations as an actual cyberattack. 

Going forward into 2022 and beyond, the rapidly changing landscape continues to create significant new cyber threats that will increase cyber risks on multiple global fronts via numerous evolving threat vectors. 

According to the Cyber Security Considerations 2022 report by KPMG, navigating this fluid environment will require a mindset shift towards one of enablement to focus on striking a balance and ensuring that “security is every- one’s job”, acknowledging its role in building and maintaining customer, client and stakeholder trust. 

KPMG’s report focuses on eight core areas to help business leaders better understand how cyber can support the business with a security plan based on shared accountability. 

Among the areas include expanding the strategic security conversation, achieve the x-factor of critical thinking and skillsets, adapting security for the cloud, exploiting security automation and securing beyond the boundaries. 

The report also identifies several emerging cyber security challenges which could soon become major areas of focus for cyber professionals across virtually every industrial sector: industrial Internet of Things, 5G networks and artificial intelligence. 

The Communications and Multimedia Ministry had last year announced the 5G Cyber Security Test Lab (My5G) in anticipation of the nation’s 5G rollout. 

My5G will be South-East Asia’s first specialist security evaluation and test facility testing for 5G products, devices and applications. 

“The prospective capabilities of 5G will be game-changing but will also pose new security challenges. The government will need to create an environment that is flexible and adaptable to address existing legacy issues and tackle new emerging threats. 

“Meanwhile, organisations looking to capitalise on the benefits of 5G will also need to begin strengthening their security infrastructure to get ahead of the competition,” added Ubaid. 

KPMG added that in today’s volatile digital environment, resilience should include consideration of how well companies understand, anticipate and are prepared to recover from the potential impact of a major cyber incident. 

“It should be an organisa- tion-wide effort, and chief informa- tion security officers should edu- cate leadership about the risk and consequences of a breach and why cyber resilience is so important,” the firm noted.