- Only 2% of Malaysian organizations are considered “mature” in their cybersecurity preparedness.
- The Malaysian government has submitted the Cybersecurity Bill 2024 to strengthen national cybersecurity measures.
Malaysia is no stranger to the cybersecurity landscape, having been involved in and the target of numerous cyber-attacks and data breaches. These incidents call into question the nation's preparedness to face cyber threats in this evolving cybersecurity environment.
Malaysia 2024 Cybersecurity Readiness Index
Cisco's 2024 Cybersecurity Readiness Index reveals that only 2% of Malaysian organizations are classified as having a 'mature' level of readiness. This classification demonstrates robust resilience to the myriad modern cybersecurity risks facing businesses today.
This important assessment comes at a time when hyperconnectivity is defining the era, alongside a rapidly evolving threat landscape. Businesses are constantly exposed to advanced cyber threats, from phishing and ransomware to supply chain attacks and social engineering tactics. Despite concerted efforts to better protect against this onslaught, many organizations are burdened by complex security frameworks, often comprised of disparate point solutions.
The complexity of defending against cyber threats is further compounded in today's distributed work environments, where organizational data is spread across an infinite number of services, devices, applications, and user interfaces.
However, despite these challenges and despite their actual state of preparedness, a surprising 85% of businesses profess a moderate to high level of confidence in their cybersecurity defenses. This stark discrepancy between perceived confidence and actual preparedness points to a potentially dangerous overestimation of cybersecurity capabilities and a failure to accurately measure the scale of the threats faced. .
The 2024 Cisco Cybersecurity Readiness Index comprehensively examines an organization's readiness for cyber threats across five key domains: identity intelligence, network resiliency, machine reliability, cloud hardening, and AI hardening. . These domains include 31 different solutions and capabilities, evaluated through his double-masked survey of over 8,000 security and business leaders around the world.
2% of Malaysian organizations are classified as 'mature' in readiness. (Source – Cisco)
Survey respondents were asked about their deployment of these cybersecurity measures and categorized them into four stages: novice, formative, advanced, and mature.
Jeethu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco, warns of the dangers of overconfidence within organizational psychology and calls for a strategic shift to unified security platforms and effective scaling of defense mechanisms. We advocate the use of AI.
The findings paint a grim picture of the readiness of Malaysian businesses, with only 2% of businesses prepared to effectively counter modern cyber threats. The majority of people are at the lower tiers of cybersecurity maturity and are unprepared for the inevitable cyber threat landscape.
Predict cyber risk and financial impact
Additionally, the study predicts that cybersecurity incidents are likely to occur in the future, and the economic impact of such breaches is also high, with some incidents costing organizations more than $300,000. It's clear. Reliance on multiple cybersecurity point solutions has proven counterproductive and hinders rapid detection, response, and recovery from incidents. This problem is exacerbated by the fact that most organizations agree that the cumbersome management of multiple point solutions slows down security operations.
The survey also highlights the pervasive problem of unmanaged device access, severe talent shortages, and ambitious plans by organizations to significantly strengthen their IT infrastructure and cybersecurity measures in the near term. . This includes a particular emphasis on upgrading existing solutions, introducing new technology, and significantly increasing cybersecurity budgets.
Addressing the complex challenges posed by today's threat landscape requires enterprises to accelerate investments in security infrastructure, adopt innovative security measures, and take a platform-based approach to cybersecurity. A proactive approach is required. This strategy is essential to strengthen network resiliency, leverage AI meaningfully, and close significant cybersecurity skills gaps.
Hana Raja, Managing Director of Cisco Malaysia, highlighted the complexity of the current cybersecurity environment and pointed to the lag in cyber resilience of organizations around the world, including Malaysia. Raja advocates for a comprehensive platform approach to cybersecurity. This provides a simplified, secure, and holistic view of an organization's security posture, allowing businesses to better leverage and capitalize on the benefits of emerging technologies in an ever-evolving threat landscape.
First Reading of Cybersecurity Bill 2024
Recognizing that only a small percentage of Malaysian companies are “mature” in their cybersecurity preparedness, the Malaysian government recognizes the importance of strengthening cybersecurity nationwide. As a result, the Cybersecurity Bill 2024 was introduced and received its first reading in Parliament. The bill, aimed at strengthening national cybersecurity, was introduced by Digital Minister Govind Singh Deo on March 25.
star It reported that the bill, scheduled for second reading during the ongoing Dewan Rakyat meeting, outlines a comprehensive approach to raising cybersecurity standards. It mandates compliance with certain measures and standards to improve national security and spells out protocols for managing cybersecurity incidents affecting the country's critical national information infrastructure. .
Additionally, the bill proposes the creation of a National Cybersecurity Commission and defines the responsibilities and authority of the Chief Executive Officer of the National Cybersecurity Agency. It includes provisions for the licensing of cybersecurity service providers and establishes a leadership role in the nation's critical information infrastructure sector.
According to the bill, the Digital Minister may, on the recommendation of the Chief Executive, appoint a government agency or individual as the head of a national critical information infrastructure sector, and may appoint multiple heads for different sectors. These appointments will be officially announced on the National Cyber Security Agency website.
Sector leaders will be responsible for developing codes of practice and creating and updating guidelines on best practices for cybersecurity management. The National Cybersecurity Agency said the proposed bill would give it legal authority to define and enforce cybersecurity standards for entities deemed nationally critical information infrastructure. Failure to comply with these standards may have legal consequences.
