10 August 2023
Explore the surge in cyberattacks, escalating risks, and expert-recommended cybersecurity strategies to protect sensitive data and customer trust.
In a sweeping wave of technological advancements, Malaysia’s finance and banking sector finds itself in the throes of rapid digital transformation. Cloud applications, open banking initiatives, and fintech innovations are reshaping the industry’s landscape. Yet, with this digital evolution comes a mounting menace – an escalating risk of cyber-attacks that threatens to compromise the very core of these institutions.
As the sector races towards a digital future, it becomes increasingly vulnerable to cyber threats due to its possession of vast reservoirs of sensitive personally identifiable information (PII), corporate data, and financial records. These assets, although pivotal for seamless operations, also make financial organisations an enticing target for malicious actors seeking to exploit digital weaknesses.
The Unrelenting Surge of Cyber Threats
One of the most significant and alarming shifts in recent times has been the commercialization of cyber threats. Criminal entities are now specialising in distinct phases of an attack, offering their expertise to other malevolent actors in the form of “as-a-service” models. This shift has lowered the entry barriers for conducting cyber-attacks, resulting in a surging population of adversaries and threats. By availing specialised services, criminals receive guidance and resources that enhance the potency of their assaults.
In Malaysia, the gravity of the cybersecurity threat landscape is underscored by the remarks of Teo Nie Ching, Deputy Minister of Communications and Digital. Over the past year, the nation has witnessed an alarming escalation in cyber-attacks. These assaults encompass a spectrum of malicious activities, including ransomware attacks, cyber espionage endeavors, data breaches, and cyber scams. According to Cyber Security Malaysia (CSM), the country reported a staggering 4,741 cyber threat cases last year alone, with a further 456 fraud cases recorded as of February 2023.
Necessity of Robust Cybersecurity Measures
The ramifications of security breaches on the operations, financial stability, and reputation of these organisations are staggering. The potential disruptions, the burden of costly remediation, substantial fines, and the erosion of trust accentuate the urgency for robust cybersecurity measures.
Challenges within the Finance and Banking Domain
A recent report titled “Sophos: The State of Ransomware in Financial Services 2023” sheds light on the escalating predicament. Ransomware attacks in the financial services sector have surged from 55 percent in 2022 to an unsettling 64 percent in 2023. The primary catalyst for these attacks remains the exploitation of vulnerabilities, accounting for 40 percent of incidents, followed by compromised credentials at 23 percent.
Financial institutions bear a heavier burden of recovery costs compared to other sectors, with an average expense of US$2.23 million – surpassing the cross-sector average of US$1.82 million. The increased recovery costs can be attributed to elevated data encryption rates and a reduced capacity to thwart attacks before data encryption occurs.
Moreover, a concerning 80 percent of financial institutions impacted by ransomware admit to experiencing loss of business or revenue. This slightly lags behind the global cross-sector average of 84 percent but nevertheless underscores the profound impact of ransomware attacks on the finance and banking realm.
Fortifying the Defences
To counter these menacing threats, cybersecurity firm Sophos offers a range of best practices, including:
- Maintaining security hygiene: Consistent patching and thorough reviews of security tool configurations.
- Optimising attack preparedness: Regular backups, practising data recovery from backups, and an up-to-date incident response plan.
- Deploying effective security tools: Endpoint protection with robust anti-exploit capabilities and zero trust network access (ZTNA) to prevent credential abuse.
- Leveraging adaptive technologies: Automated responses to disrupt attacks and provide defenders with crucial response time.
- Continuous threat detection and response: Employing 24/7 monitoring and response through in-house teams or specialist managed detection and response (MDR) service providers.
As Malaysia’s financial and banking sector charges ahead in its digital transformation journey, the sanctity of data and information is pivotal for sustainable operations. To uphold their responsibilities and preserve customer trust in this dynamic digital landscape, financial institutions must prioritise robust cybersecurity measures. As the sector marches into an era of unparalleled innovation, safeguarding against cyber threats is not just a duty – it’s a necessity.
