Cyberattacks increase but budget allocated for it remains low

DESPITE the activities related to cyberattacks have been increasing of late, the budget allocated to manage such threats remain stagnant as executive teams continue to underestimate the level of damage threats can do to organisations.

This was revealed by a survey report by global leader in next gen cybersecurity organisation Sophos in collaboration with Tech Research Asia (TRA), entitled The Future of Cybersecurity in Asia Pacific and Japan.

From the survey, 44% of Malaysian organisations admitted to falling victim to cybersecurity attacks in the last 12 months, with nearly 50% of them faced one to 10 attacks per week.

In fact, according to Deputy of Communications and Multimedia Minister Datuk Zahidi Zainul Abidin, local incidents involving cybersecurity have increased by 109% since the COVID-19 outbreak.

Unfortunately, 54% of businesses in Malaysia stated that their cybersecurity budget is below where it needs to be.

“Ultimately, security is about right sizing the risk. If the risk increases, budgets should also increase, but in this climate of uncertainty, we’ve seen organisations take a conservative approach to security spending, which is impacting their ability to stay ahead of cybercriminals,” said TRA lead analyst and director Trevor Clarke.

Across Asia Pacific and Japan (APJ) the number one frustration identified by companies is that executives assume cybersecurity is easy and that cybersecurity threats and issues are exaggerated.

On this, Sophos Malaysia country manager Wong Joon Hoong said: “The end of 2020 showed us just how bad a global supply-chain attack could be and when this was followed by the more recent zero-day vulnerabilities in widely deployed email platforms, it is clear that the boardroom needs to lead by example and demonstrate unification when it comes to cyber resilience.”

Additionally, the report showed that nearly 60% of Malaysian businesses agreed that their company’s lack of cybersecurity skills is challenging for their organisation with nearly 50% agreeing that their organisation doesn’t have the team in place to properly detect, investigate and respond to security incidents. This signifies there is a gap in cybersecurity skills in Malaysia.

However, recruiting quality cybersecurity talent remains a challenge. A lack of suitable staff and budget constraints continue to hinder organisations from obtaining the skills they require in-house. 68%of companies in Malaysia struggle to recruit candidates with the necessary skills.

Nevertheless, COVID-19 had a positive impact on cybersecurity, with 71% of companies agreeing that the outbreak of COVID-19 was the strongest catalyst for upgrading cybersecurity strategy and tools in the past 12 months.

At the same time, 59% of businesses in Malaysia agreed that they were unprepared for the security requirements that were driven by the sudden need for secure remote working caused by COVID-19.

“COVID-19 compelled companies to refresh their cybersecurity strategies, yet the transformational shift to remote working also exposed additional weaknesses. But despite the improvements made, progress remains slow, reinforcing our belief that cybersecurity is never ‘finished’ and requires a constant focus, both from technological and cultural viewpoints,” said Clarke. – March 31, 2021

Subscribe and get top news delivered to your Inbox everyday for FREE