ADGSOM1 & ADGMIN1  
       
  LAUNCH OF THE 50TH ANNIVERSARY CELEBRATION OF RUKUN NEGARA  
       
  KL SUMMIT 2019  
       
  HAWANA 2018  
       
  AES 2016  
       

 
 
 

October 28, 2024 -Monday

  
  ORGANIZATIONS NEED TO BE MORE PROACTIVE TO BETTER MITIGATE AND ANTICIPATE NEW CYBER THREATS, SAYS KPMG

Thursday 13/01/2022



Over 10,000 cyber security incidents reported in Malaysia in 2021

PETALING JAYA, Jan 13 (Bernama) -- Accelerated digital transformation since the pandemic has highlighted how lack of preparation can be just as detrimental to organizations as an actual cyberattack. Going forward into 2022 and beyond, the rapidly changing landscape continues to create significant new cyber threats that will increase cyber risks on multiple global fronts via numerous evolving threat vectors.
 
According to the Cyber security considerations 2022 report by KPMG, navigating this fluid environment will require a mindset shift towards one of enablement to focus on striking a balance and ensuring that “security is everyone’s job”, acknowledging its role in building and maintaining customer, client, and stakeholder trust.
 
From January to December 2021, a total of 10,016 cases of cyber incidents were reported to the Cyber999, the cyber security incident response center operated by MyCERT (Malaysia Computer Emergency Response Team)¹. According to a study referenced in the Malaysia Cyber Security Strategy 2020-2024, Malaysia has the potential to lose RM51 billion due to cyber security incidents, which accounts for more than 4% of the country’s total gross domestic product.²
 
Ubaid Mustafa Qadiri, Head of Technology Risk & Cyber Security at KPMG in Malaysia, commented, “Out of over 10,000 cyber security incidents reported to MyCERT last year, 71% were fraud related, while intrusion attempts and malicious codes make up the top three threats reported. Cybercrime is changing as criminals avail themselves to new technology, which means our approach to cyber security must evolve as well.
 
“Whether it’s advanced persistent threats, ransomware, backdoor attacks, or something we’ve yet to see, there will likely always be new perils with which to contend. We have found that a lack of preparation and being overly reactionary can be as detrimental as the actual cyber incident. That's why it’s so important to have a plan, test your responses according to different scenarios, and understand the depth and breadth of potential cyber incidents to your business,” advised Ubaid.
 
KPMG’s report focuses on eight core areas to help business leaders better understand how cyber can support the business with a security plan based on shared accountability:
 
1. Expanding the strategic security conversation
Change the conversation from cost and speed to effective security to help deliver enhanced business value and user experience.

Handling, and mitigating risk to help the strategic viability and operational sustainability of the entire organization is a shared responsibility that starts with the business., CISOs and their teams should help leadership across the business gain an appreciation for what goes into security and privacy by design to better align security with the organization’s strategic business objectives.

2. Achieving the x-factor: Critical talent and skillsets
Transform the posture of CISOs and their teams from cyber security enforcers to influencers.

Modern security programs, led by forward-thinking security teams, empower organizations to move with agility, pursue growth and serve customers better. As the threat landscape evolves, CISOs need to change the narrative so developers and the business lines understand that cyber exists to support rather than hinder.

3. Adapting security for the cloud
Enhance cloud security through automation — from deployment and monitoring to remediation.

While digital transformation propels cloud adoption and usage forward, it also puts institutions and businesses at greater cyber risk. Lack of cloud security skills means the business of protecting the organization operates at a distinct trust deficit. Organizations can start by promoting the view that all data sitting in the cloud is the responsibility of the organization and ensure everyone understands cloud-specific security requirements and collaborate with the provider to avoid misconfigurations.

4. Placing identity at the heart of zero trust
Put IAM and zero-trust to work in today’s hyperconnected workplace.

In an environment where cybercriminals are often just a click away, organizations should adopt a zero-trust mindset and architecture, with identity and access management at the heart of it. Enterprises and institutions should consider new standards, tools and strategies to better secure their systems, data and infrastructure.

5. Exploiting security automation
Use smart deployment of security automation to help realize business value.

As the threat landscape continues to expand and increase in complexity, companies are successfully automating the security function and freeing up resources by applying automation to routine, repetitive tasks. Start small; identify the use cases for automation that your organization truly needs and will be able to generate business value. Take a proactive approach to security automation by focusing on threats instead of incidents.

6. Protecting the privacy frontier
Move to a multidisciplinary approach to privacy risk management that embeds privacy and security by design.

Keeping individuals’ data secure and taking data privacy seriously is more than just implementing new processes to satisfy regulatory requirements — it’s a cultural shift. This should start at the top; with C-suite recognizing that data belongs to their customers, clients and partners and they have a responsibility to collect and employ it legally and ethically.

7. Securing beyond the boundaries
Transform supply chain security approaches — from manual and time consuming to automated and collaborative.

Becoming a digital-first organization implies a data-centric approach in which
data is shared on a near-constant basis throughout a complex and connected ecosystem of partners and suppliers. A strong risk management framework that looks both inward and outward is key especially for high-risk industries, such as financial services, energy and healthcare.

8. Reframing the cyber resilience conversation
Broaden the ability to sustain operations, recover rapidly and mitigate the consequences when a cyberattack occurs.

In today’s volatile digital environment, resilience should include consideration of how well companies understand, anticipate, and are prepared to recover from the potential impact of a major cyber incident. It should be an organization-wide effort, and CISOs should educate leadership about the risk and consequences of a breach and why cyber resilience is so important.

The report also identifies several emerging cyber security challenges which could soon become major areas of focus for cyber professionals across virtually every industrial sector: Industrial Internet of Things (IIoT), 5G Networks and Artificial Intelligence (AI).

The Minister of Communications and Multimedia had last year announced the 5G Cyber Security Test Lab (My5G) in anticipation of the nation’s 5G rollout³. My5G will be Southeast Asia’s first specialist security evaluation and test facility testing for 5G products, devices and applications. 

“The prospective capabilities of 5G will be game-changing but will also pose new security challenges. The Government will need to create an environment that is flexible and adaptable to address existing legacy issues and tackle new emerging threats. Meanwhile, organizations looking to capitalize on the benefits of 5G will also need to begin strengthening their security infrastructure in order to get ahead of the competition,” added Ubaid.

For more information, visit www.kpmg.com.my/cybersecurity.

About KPMG Management & Risk Consulting Sdn. Bhd.
KPMG is a global organization of independent professional services firms providing Audit, Tax and Advisory services. KPMG is the brand under which the member firms of KPMG International Limited (“KPMG International”) operate and provide professional services. “KPMG” is used to refer to individual member firms within the KPMG organization or to one or more member firms collectively.

KPMG firms operate in 145 countries and territories with more than 236,000 partners and employees working in member firms around the world. Each KPMG firm is a legally distinct and separate entity and describes itself as such. Each KPMG member firm is responsible for its own obligations and liabilities.

KPMG International Limited is a private English company limited by guarantee. KPMG International Limited and its related entities do not provide services to clients.

The history of KPMG in Malaysia can be traced back to 1928. KPMG Management & Risk Consulting Sdn. Bhd. is a company incorporated under Malaysian law and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited.

For more detail about our structure, please visit www.kpmg.com/governance 

¹ MyCERT – Reported Incidents based on General Incident Classification Statistics 2021
² National Security Council, Malaysia Cyber Security Strategy 2020-2024, referencing a study by Microsoft in collaboration with Frost & Sullivan, July 2018 – Understanding the Cybersecurity Threat Landscape in Asia Pacific : Securing the Modern Enterprise in a Digital World
³ Cybersecurity Malaysia, 14 December 2021 - CYBERSECURITY MALAYSIA LAUNCHES SOUTHEAST ASIA’S 5G CYBER SECURITY TEST LAB

Source: KPMG PLT

FORE MORE INFORMATION, PLEASE CONTACT:
Name: Kimberly Sammy
Manager, MARCOM
KPMG in Malaysia
Tel: 012-3125373
Email: kimberlysammy@kpmg.com.my  

Name: Syazlina Nasir
Senior Executive, MARCOM
KPMG in Malaysia
Tel: 012-2901743
Email: syazlinanasir@kpmg.com.my

--BERNAMA
 
 
 

Copyright © 2024 MREM . All rights reserved.