THE financial and telecommunication sectors are some of the sectors that are mostly exposed to cybercriminal activities, according to CyberSecurity Malaysia.
CyberSecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab said that contrary to the public sentiment, it is not big companies and conglomerates that often become the target of cyberattacks, but it is the small businesses.
“The SMEs are basically the ones targeted by these sub-criminal or sub-attackers, and this is something that needs to be understood,” Amirudin said at the Kaspersky Asia-Pacific Online Policy Forum recently.
Moreover, he said that cyberattacks on small businesses could be a huge mess as it will also affect other businesses once they were exposed. “In the context of Malaysia, we realise this is important and we work with the SMEs — we are trying to push all SMEs to adapt to the ICT as well as basic digital technologies in their business.”
However, Amirudin noted that due to their limited resources, SMEs tend to see cybersecurity as an afterthought rather than an investment that needs to be put in place in the beginning. “We believe that when we talk about the issue of cybersecurity, we have to approach it holistically,” he said.
He explained that there are three key components that need to be understood namely, the people, the process and the technology while considering cybersecurity for SMEs.
As such, CyberSecurity Malaysia has introduced “SiberKASA” which aims to empower and strengthen the cyber security infrastructure in the country. It has also carried out a cyber-health checks programme for SMEs to engage and establish consumer readiness levels.
“We try to enhance them for their cybersecurity resilience towards a solid trench and also to basically help them build the competencies needed,” he added. The programme is not only to help the ICT sector, but also other sectors that utilise digital technology as an enabler in their business.
To this end, Kaspersky and policy experts are discussing ways to improve the ICT supply chain resilience in the Asia-Pacific region as cyberattacks rise due to the huge leap in digitalisation during the pandemic.
Kaspersky CEO Eugene Kaspersky noted the last two years had seen a new wave of attacks that exploited critical vulnerabilities in the ICT supply chain. “The world saw some high-profile incidents where cybercriminals took advantage of the weaknesses of ICT vendors and used them as attack launch pads with many targets in one fell swoop,” he said in a statement.
He expects the supply chain attacks to be “a growing trend in 2022 and beyond” as cybercriminals try to further monetise this threat. Hence, he said short and long-term strategies should be considered by both government and private sectors.
“Short-term solution includes improving procedures and regulations on ICT supply chain infrastructure (while) the long-term solution is to make systems immune. This means even if there is a vulnerability in an ICT supply chain component, this weakness will not impact the whole system, or ‘carry over to other components in the chain’,” he said.