Two-thirds of Malaysian SMBs lost customer information to incidents: Cisco

  • Half of SMBs suffered a cyber incident in the last 12 months
  • Two-thirds of SMBs suffered cyber-attacks costing US$500,000 or more

Two-thirds of Malaysian SMBs lost customer information to incidents: CiscoSmall and medium-sized businesses (SMBs) in Malaysia are exposed, under attack, and more worried about cybersecurity threats than before, according to new study by Cisco System.

The study entitled "Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense" claimed that half of SMBs in Malaysia have suffered a cyber incident in the past year, and 67% said they lost customer information to the hands of malicious actors as a result of these accidents.

In a statement, the Santa Clara, California firm said the study also showed SMBs are more apprehensive about cybersecurity risks, with 74% saying they are more worried about cybersecurity now than they were 12 months ago, and 88% saying they feel exposed to cyber threats. 

However, SMBs in Malaysia are not giving up as the study highlighted that they are taking strategic measures like carrying out simulation exercises to improve their cybersecurity posture.

The study is based on an independent, double-blinded survey of over 3,700 business and IT leaders with cybersecurity responsibilities across 14 markets in Asia Pacific, Cisco said.

It said SMBs saw a myriad of ways in which attackers tried to infiltrate their systems. Malware attacks, which affected 89% of SMBs in Malaysia, topped the charts followed by phishing, with 69% saying they experienced such attacks in the past year, it added.

Nearly four in ten (39%) SMBs in Malaysia that suffered a cyber-attack highlighted cybersecurity solutions as not being adequate to detect or prevent the attack as the number one reason for these incidents, the study noted.

Meanwhile, 27% attributed not having cybersecurity solutions in place as the top factor, it said.

These incidents have tangible impact on business, with the survey indicating 32% of SMBs in Malaysia that suffered cyber incidents in the past 12 months claimed these cost the business US$500,000 (RM2.09 million) or more, with 6% claiming that the cost was US$1 million (RM4.1 million) or more.

Hana Raja (pic, above), managing director, Cisco Malaysia, said SMBs have leveraged technology to continue to operate and serve their customers as they tackled the implications of the pandemic. 

“This acceleration in digitalisation of SMBs across Malaysia has made them a more attractive target for malicious actors, not least because digitalised businesses have an expanded attack surface that hackers can target. 

“Digitalised SMBs also generate more data, which malicious actors put a high price on. All of this is fueling a critical need for SMBs to ensure they have the right strategy, solutions and capabilities to safeguard themselves on the cybersecurity front,” she said. 

Besides the loss of customer data, SMBs in Malaysia that suffered a cyber incident also lost internal emails (65%), employee data (59%), intellectual property (53%), sensitive business information (45%), and financial information (44%), the study noted.

In addition, 61% admitted it had a negative impact on their reputation, the report said.

The reported noted that disruptions caused by cyber incidents can have serious implications for SMBs.

It said 13% SMBs in Malaysia said that even a downtime of less than an hour results in severe operational disruption, while 32% said a downtime of between 1 to 2 hours can cause the same. 

In addition, 16% said a downtime of even less than an hour would result in severe impact on revenue, while 23% said a downtime between one and two hours would result in the same, it said.

Furthermomre, it noted that 6% said a downtime of one day would result in a permanent closure of their organisation.

The scale of the challenge is highlighted by the fact that only 17% of respondents in Malaysia said they were able to detect a cyber incident within an hour.

The number of those that were able to remediate a cyber incident within an hour is even lower at 12%.

Juan Huat Koo, director cybersecurity, Cisco ASEAN said “We are living in a world where customers seek instant gratification and no longer have the patience for lengthy downtimes. Therefore, it is critical for SMBs to be able to detect, investigate, and block or remediate any cyber incident in the shortest time possible.

“To be able to do that, they need solutions that are easy to deploy and use, integrate well with each other, and help them automate capabilities like detection, blocking, and remediation of cyber incidents.  

“SMBs also need clear visibility across their entire user base and IT infrastructure including their cloud and ‘as a service’ deployments, and take a platform approach to cybersecurity,” Juan said. 

Conquering fear

Cisco’s study found that while SMBs in Malaysia are more worried about cybersecurity risks and challenges, they are also taking a planned approach to understand and improve their cybersecurity posture through strategic initiatives. 

According to the study, 77% of Malaysian SMBs have completed scenario planning and/or simulations for potential cybersecurity incidents in the past 12 months.

More than four-fifth of respondents who completed scenario planning and/or simulations uncovered weak points or issues in their cyber defenses.

Of those that identified weaknesses, 93% said they were able to detect an attack but did not have the right technologies to block it or mitigate its impact, 93% said they had too many technologies and struggled to integrate them together, and 92% said they discovered that they did not have clear processes in place on how to respond to a cyber-attack, the study noted.

SMBs are also increasingly aware of where their biggest cyber threats come from. The research highlighted that phishing (44% ranked #1) is seen as the top threat by SMBs in Malaysia.

Other top threats to overall security include targeted attacks by malicious actors (21% ranked #1) and use of personal devices (20% ranked #1).

The good news is there are generally strong levels of investment by SMBs in cybersecurity. The study highlighted that 75% of Malaysian SMBs have increased their investment in cybersecurity solutions since the start of the pandemic, with 36% increasing investment by more than 5%. 

SMBs are also increasing their investments in areas like compliance or monitoring tools, talent, training, and insurance, suggesting a strong understanding of the need for a multi-faceted and integrated approach to building a strong cyber posture.

The report also highlighted five recommendations that organizations of all sizes can employ to improve their cybersecurity posture given the ever-changing landscape.

These include having frequent discussions with senior leaders and all stakeholders; taking a simplified, integrated approach to cybersecurity; staying prepared through conducting real-world simulations; training and educating employees; and working with the right technology partner.


Related Stories :

Keyword(s) :
Author Name :
Download Digerati50 2020-2021 PDF

Digerati50 2020-2021

Get and download a digital copy of Digerati50 2020-2021