KUALA LUMPUR (April 28): A majority of Malaysian organisations believe they will be exposed to cyber-attacks in the next 12 months, with 22% claiming this is “very likely” to happen.

In its latest global Cyber Risk Index (CRI) for the second half of 2021 released on Wednesday (April 27), cybersecurity firm Trend Micro said that in Malaysia, 87% claimed to have suffered one or more successful cyber-attacks in the past 12 months.

The CRI report surveyed more than 3,400 Chief Information Security Officers (CISOs) as well as IT practitioners and managers across Asia-Pacific, North America, Europe, and South America.

The CRI index value scoring is derived based on a numerical scale of -10 to 10, with -10 representing the highest level of risk.

The current CRI in Malaysia stands at 0.37, an increase from the 0.08 CRI score recorded in the first half of 2021, indicating an improvement in the state of cybersecurity preparedness in the country.

It said 31% suffered more than 7 cyber-attacks that infiltrated networks/systems; 26% had more than 7 data breaches of information assets and 24% suffered more than 7 breaches of customer data over the past year.

Trend Micro Malaysia and Nascent Countries managing director Goh Chee Hoh said to craft effective cybersecurity strategy, organizations must master the art of risk management.

“This is where reports like the CRI can be a great resource in highlighting areas of possible concern,

“As remote working and digital infrastructure threats persist, organisations should adopt a platform-based approach to optimize security whilst minimising their security sprawl,” he said.

The CRI report also highlighted the top five cyber threats in Asia-Pacific (APAC):

1. Phishing and social engineering – attacks that often scam and steal user data with fraudulent messages usually via emails or text with links or attachments

2. Botnets – cybercriminals that infiltrate and gain control of the organizations’ network

3. Fileless attack – a malware that uses legitimate tools built in the system to execute an attack

4. Ransomware – an attack that withholds critical or personal data, usually to extort some form of payment or exchange from its victims

5. Denial of Service (DoS) – an attack that disrupts and prevents the daily operational functions of its victims

Trend Micro said APAC organizations also ranked the top five negative consequences of an attack as stolen or damaged equipment, cost of outside consultants and experts, regulatory actions or lawsuits, reputation or brand damage, and customer turnover.

It said that when it comes to security risks within IT infrastructure, organizations are most worried about mobile or remote employees, across third-party applications, and mobile devices such as smartphones.