Malaysia faces a critical shortage of cybersecurity experts amid rising threats, with only 15,000 active professionals in the industry. Kaspersky highlights the urgent need for businesses to invest in advanced cybersecurity measures and workforce training to combat escalating cyberattacks.
17 July 2024 – In a recent parliamentary session, the Digital Minister highlighted the critical need for Malaysia to bolster its expertise in cybersecurity to address future threats. The Communications Minister echoed these concerns, revealing a significant deficit in cybersecurity professionals, with only slightly over 15,000 active experts in the industry.
Kaspersky’s business solutions blocked 2.5 million local threats targeting Malaysian businesses from January to December 2023. These local infections, which penetrate target computers through infected files or removable media, or initially reach the computer in non-open form, serve as important indicators of the overall cyberthreat landscape.
The security solutions provider also thwarted 26.8 million online threats targeting businesses in 2023, with Malaysia witnessing a substantial number of daily attacks. Cybercriminals are continually developing new methods, including financial phishing scams, ransomware attacks, and exploiting unpatched vulnerabilities.
“It is known that Malaysia is short of cybersecurity experts, with the recommended number of cybersecurity personnel being 27,000 by 2025. Our survey also found that 48% of companies take more than six months to find a qualified cybersecurity professional. Businesses in Malaysia urgently need to strengthen their cybersecurity posture against escalating threats,” said Yeo Siang Tiong, General Manager of Southeast Asia at Kaspersky.
Kaspersky’s global study suggests that businesses must continue to invest significantly in cybersecurity. The median cybersecurity budget for enterprises is USD 3.75 million annually, while for SMBs, it is USD 375,000.
“The government has indicated that many companies in Malaysia do not prioritise cybersecurity investments. This lack of focus leaves companies highly vulnerable to cyber threats, particularly those with hybrid and remote work arrangements. Such negligence can lead to costly financial and reputational damages in the event of a major attack,” Yeo added.
Kaspersky’s study also finds that four in ten companies globally plan to outsource their cybersecurity, citing the shortage of qualified cybersecurity staff as a primary reason.
To help businesses combat cyberattacks despite limited cybersecurity staff, Kaspersky recommends the following measures:
- Upgrade cybersecurity solutions: Utilize centralized and automated platforms such as Kaspersky Next, which combines strong endpoint protection with EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response) for enhanced visibility and powerful tools.
- Secure AI infrastructure: Protect container-based AI solutions with products like Kaspersky Container Security, which detect security issues throughout the app lifecycle, from development to operation.
- Train and upskill the workforce: Develop a cyber-aware culture with comprehensive strategies that empower employees. InfoSec professionals can enhance their skills with Kaspersky Expert training, while IT support teams and the general workforce can benefit from specialized training courses available on the Kaspersky Automated Security Awareness Platform.
- Adopt secure-by-design principles: Integrate cybersecurity into each stage of the software development lifecycle to create resilient software and hardware. Cyber Immune solutions based on KasperskyOS minimize the threat surface and reduce the likelihood of successful cyberattacks.
- Meet regulatory requirements: Ensure your cybersecurity practices comply with changing standards and legal requirements to avoid legal issues or reputational damage.