Heightening Business Risks Demand Boardroom Attention – A Cybersecurity Perspective – BusinessToday

Heightening Business Risks Demand Boardroom Attention – A Cybersecurity Perspective – BusinessToday

Malaysia has been making great leaps in her digital transformation journey. 

Minister of Communications Fahmi Fadzil, recently said Malaysia is fast approaching a ‘golden digital decade’ with targets for a digital economy that will contribute more than a quarter of the nation’s gross domestic product by 2025, and a vision to become a high-income nation and a leader in the region’s digital economy by 2030.

The adoption of emerging technology and intensive cloud migration efforts is critical for economic development, but these tools also widen the surface area for cyberattacks, making businesses more vulnerable to breaches.

Worryingly, the IBM Ponemon Institute 2023 Cost of Data Breach Study found that the average cost of a data breach reached an all-time high last year of USD4.45 million.

Navigating beefed up regulations

Speaking to BusinessToday exclusively, Fortinet Senior Director for Southeast Asia Peerapong Jongvibool (pic) said with organisations having access to and handling much greater volumes of customer data through digital solutions, regulators are homing in on digital threats and enhancing compliance and disclosure standards accordingly.

In Malaysia, the recently-passed Cyber Security Bill 2024 bolsters regulatory powers and law enforcement, turbo-charging monitoring and regulation so that companies under the Act prioritise cyber protection.

“With cybersecurity requirements now cast in law, it is clear that responsibility for ensuring cyber resilience has moved beyond just organisations’ IT teams to the Boards of Directors now,” he said.

Cyber resilience has to start at the top

Peerapong said from development of a holistic framework through implementation, leaders must take the reins to ensure strategies, policies, and protocols are effective at mitigating risks.

They should also take charge of a comprehensive response plan in the wake of a breach, as cyber resilience also means being able to recover swiftly to minimise disruption.

Visibility remains critical for business leaders because they cannot protect what they cannot see. 

“These assessments serve to pinpoint any gaps and vulnerabilities within the cybersecurity infrastructure, thus improving timely threat detection. Alarmingly, three out of four organisations in Malaysia do not conduct regular risk assessments, according to Fortinet’s State of SecOps (security operations) survey,” he added.

Raising awareness at every level

Leaders also need to understand that cybersecurity is a team sport.

In Fortinet’s 2023 Security Awareness and Training Global Research Brief over 80% of organisations experienced cyberattacks that target employees.

Further, 81% of respondents faced malware, phishing, and password attacks last year which mainly targeted individuals. In other words, employees are frequently targeted as they are seen as weak links in an organisation’s security chain.

Developing a cybersecurity culture can take time, but active participation at all levels helps employees understand their significance to the organisation’s cyber resilience.

“Understanding where the organisation is in its cybersecurity journey will be crucial in implementing a robust training programme,” he said.

Organisations should also institute secure code development practices. Meanwhile threat detection and hunting capabilities, as well as incident response readiness must be periodically tested via simulated phishing campaigns and tabletop exercises.

Although traditionally viewed as a technology issue, digital transformation has elevated cybersecurity into an enterprise risk management imperative.

Given increasingly stringent regulatory requirements and the potential operational disruptions and threats to customer experience and loyalty, the pressure is on for organisations.

“Failure by any Boardrooms to treat cyber threats on par with other business risks will only hamper their ability to stand up to cyberattackers, and that’s sure to scupper future growth,” Peerapong added.

Related Articles