Trend Micro Incorporated, a global cybersecurity leader, today announced that 72% of organizations in Malaysia have had customer records compromised multiple times over the past 12 months as they struggle to profile and defend an expanding attack surface.
The findings come from Trend Micro’s semi-annual Cyber Risk Index (CRI) report, compiled by the Ponemon Institute from interviews with over 4,100 organizations across North America, Europe, Latin/South America, and Asia-Pacific.
The CRI calculates the gap between organizational preparedness and the likelihood of being attacked, with -10 representing the highest level of risk. The global CRI index moved from 0.04 in 2H 2021 to 0.15 in 1H 2022, indicating a surging level of risk over the past six months. Organizations in North America and Asia-Pacific saw an increase in their cyber risk from 2H 2021. This means that the respondents feel more risk associated with preparing for cyberattacks as well as a higher risk of the current threats targeting them.
In Malaysia, the report revealed that:
- 29% suffered more than 7 breaches of customer data over the past year
- 36% had more than 7 data breaches of information assets
- 90% claimed to have suffered one or more successful cyberattacks in the past 12 months
- 80% of organizations in Malaysia think they will be successfully attacked in the next 12 months, with 22% claiming this is “very likely” to happen.
Goh Chee Hoh, Managing Director of Trend Micro Malaysia and Nascent Countries said: “You can’t protect what you can’t see. But with hybrid working ushering in a new era of complex, distributed IT environments, many organizations are finding it difficult to eradicate growing security coverage and visibility gaps. To avoid the attack surface spiraling out of control, they need to combine asset discovery and monitoring with threat detection and response on a single platform.”
Malaysia’s CRI index moved from 0.37 in 2H 2021 to –0.04 in 1H 2022. This shows that the risk has increased from moderate to elevated. This trend is also reflected elsewhere in the data, 62% of respondents surveyed said their organization is not able to contain most cyberattacks and only 44% is prepared to deal with data breaches and cybersecurity exploits.
Some of the top preparedness risks highlighted by the index report are related to attack surface discovery capabilities. It is often challenging for security professionals to identify the physical location of business-critical data assets and applications.
The top four data types at highest risk of loss or theft in Malaysia include financial information, consumer data, business communications (email), and human resource (employees) files. These data types are rated as critical to a business’s operations and livelihood.
From the business perspective, one of the biggest concerns is the misalignment between CISOs and business executives. Based on the scores given by the respondents, “My organization’s IT security objectives are aligned with business objectives” organizations in Malaysia recorded 5.10 out of 10.
By addressing the shortage of cybersecurity professionals and improving security processes and technology, organizations will significantly reduce their vulnerability to attacks.
Dr. Larry Ponemon, chairman and founder of Ponemon Institute: “The CRI continues to provide a fascinating snapshot of how global organizations perceive their security posture and the likelihood of being attacked. The stakes couldn’t be higher in the face of stiff macroeconomic headwinds. Respondents pointed to the high cost of outside expertise, damage to critical infrastructure, and lost productivity as the main negative consequences of a breach.”
Overall, respondents in Malaysia rated the following as the top cyber threats in 1H 2022:
- Advanced Persistent Threats
- Fileless attacks
29 November 2022