A staggering one million malware are released every day. Though an incomprehensible number to the layman, this threat is a reality for individuals, corporations and countries. In 2014, 317 million malware were uncovered with countless more moving around undetected.
According to a 2014 study conducted by International Data Corporation (IDC) and the National University of Singapore, the cost of data breaches and malware is expected to reach whopping US$ 491 billion globally. This cost extends well beyond the money spent in responding to and addressing security issues to include dealing with the aftermath such as hits on productivity and reputation.
Cybercrime has the ultimate power to damage trade, competitiveness, innovation, and global economic growth. Hackers are getting faster, sneakier and more creative and it has become an arms race in terms of on-line security.
Hackers are also becoming more brazen, such as shown in the attack on film studio Sony Pictures Entertainment in 2014. A group of Hackers, allegedly funded by North Korea, hacked into the company server and leaked confidential information including employee data, salaries, emails and copies of unreleased Sony films, among others. The attack not only cost Sony about US$ 100 million but also a bruised reputation for a perceived failure in safeguarding information from such attacks.
Over the span of 20 years, malware has caused far-reaching damages and billions of dollars in losses. Examples of the most damaging worms and viruses include 2000’s “ILOVEYOU” Virus, which ended up shutting down the US government’s email servers (!) and causing US$ 15 billion in damages; 2003’s SQL Slammer Worm, which caused over US$ 1 billion in damage when it took out phone and Internet service for 24 million in South Korea; 2004’s MyDoom Worm, which caused US$ 38 billion in damages by slowing global Internet access by 10%, and 2008’s Sasser Worm, which crashed millions of PCs to cause more than $18 billion in damages.
These and more have resulted in cybersecurity moving from the distant fringes to become one of the more important undertakings for not only corporates but also nations.
Malaysia and Cybersecurity
According to Cybersecurity Malaysia, incidences of cyber-hacking are on the rise in Malaysia with 1,714 cases reported in 2015. This year 1,705 cases were reported in the first six months – a clear indication that numbers will far exceed those reported last year.
The country’s biggest hacking incident was in 2014 when criminals drained more than RM 3 million from 17 ATMs belonging three banks.
As for online fraud, in 2015 CyberSecurity Malaysia received 3,257 reports over 2015 and cases are expected to rise drastically this year with 2,290 cases reported in just six months for 2016.
According to the Cybersecurity Malaysia, as of July this year 70,624 servers have been hacked into, their access sold to buyers for as low as RM 29 and all the way up to RM 24,600.
It was also reported that Malaysian SMEs were 33% more likely to become victims of cyber-attacks, nearly 5% higher than businesses of any other ASEAN country. This results from the lack awareness on information security and the haphazard management of information and digital assets.
F-Secure Director and General Manager Ingvar Froiland said that though there is a growing awareness on the importance of cybersecurity among Malaysian companies, especially SMEs, a large percentage of companies are still in the dark on how cybercriminals operate and the kind of losses they can inflict.
He added that when it comes to understanding cybersecurity, it should no longer be restricted to the domain of ICT, especially with the far-reaching consequences of cyber crimes.
The 2016 PricewaterhouseCoopers (PwC) Malaysia Global Economic Crime Survey showed that though 42% of Malaysian organisations saw an increased risk of cyber threats, 54% were unsure of if they were at risk.
The survey also suggested that many board members were not sufficiently proactive regarding cyber isues and generally do not understand their organisation’s digital footprint well enough to properly assess the risks.
Many companies are still not in a state of readiness to deal with cyber incidents as it has not been a priority for many of them, he added.
Froiland nevertheless pointed out that with the combined efforts of CyberSecurity Malaysia and MDEC, Malaysia is moving in the right direction in creating cyber security awareness among Malaysian companies.
Lack of Cybersecurity Talents
There is a serious shortage of cybersecurity talent globally, with demand for cybersecurity talent is outpacing the supply of qualified workers, with highly technical skills especially in areas of intrusion detection, secure software development and attack mitigation.
In 2015, 209,000 cyber security jobs went unfilled in the United States alone with no signs of this workforce shortage abating in the near-term. As a result, there has been huge flow of investment into the tech sector dedicated towards talent creation.
Froiland believes that talent development in the field of cyber security is crucial in achieving Malaysia’s ambition of becoming a Digital Economy by 2020 with cyber security is being positioned as a new source of economic growth.
Satellite Account figures released by the Department of Statistics in late 2015, showed a 17% contribution by Digital Economy to Malaysia’s national gross domestic product (GDP).
The Government’s effort in positioning Malaysia as a regional IT hub has attracted several software companies like F-Secure, which has made Malaysia its Cybersecurity Hub for the Asia Region. Investors are also coming into potential areas of growth, such as e-commerce, Cloud, creative technology and Big Data Analytics (BDA).
Froiland pointed out Malaysia needs more than entry level talents. “We need the right and quality talents to keep the companies here. We need talent with actual expertise in cyber security to not only do the job but also to train future talents.”
He added that though there are lots of students taking IT courses, many of them are opting for easier subjects as opposed to hardcore IT subjects such as coding and reverse engineering.
“Hence, it’s critical that Malaysia continues nurturing its talent pool,” he cautioned. “In this light, I must commend Malaysia Digital Economy Corporation (MDEC) on having done and continue to nurture Malaysian talent to be amongst the best in the world.”