Malaysian companies indifferent to cyber security, says solutions firm

Many Malaysian companies adopt a stopgap attitude when it comes to investing in cyber security measures, a solutions company said today.

Barracuda Networks Inc said that on average, Malaysian companies allocated 17% of their annual budget for cyber security.

Barracuda India group product director Anshuman Singh added that many Malaysian companies failed to grasp the importance of properly investing in cyber-security.

"Companies only realise this after something has gone wrong and substantial losses have been reported," he told reporters at a luncheon today.

Anshuman said certain companies such as banks were more at risk from cyber threats.

"The budget depends on how important cyber security is to the company. Banks would naturally have to invest more," he said.

"There is no magical number on how much should be allocated for cyber security. Companies should do a risk assessment."

Anshuman said there were various threats which could affect a company, in particular banks and financial institutions.

He cited as example the case of automated teller machines being hacked last year, which culminated in losses amounting to RM3 million.

"The culprits knew that the affected banks' automated teller machines were operating on an old and outdated software.

"This made it easy for them to use an existing malware which, combined with an RM100 electronic component, enabled the heist to be pulled off."

Anshuman said the banks had failed to update their software and hence were incapable of dealing with present threats.

According to Bank Negara, online transactions between 2006 and 2013 doubled to 1.6 billion financial transactions.

The volume of e-payment transactions including Internet banking, usage of payment cards and e-money was worth RM16.2 trillion.

At the same time, credit card fraud remained the most common form of fraud reported with total losses amounting to RM29.4 million.

Anshuman said that for 2014, US$574 billion (RM2.04 trillion) losses had been reported worldwide due to various forms of cybercrime.

"Figures for Malaysia are not immediately available for last year as Bank Negara has not released the figures yet," he said.

He said another popular myth which needed to be dispelled was the belief that smaller companies would not be targeted by hackers.

"The big conglomerates and corporations have invested millions to boost their cyber security, hence it is a mammoth task for hack at them from the front.

"When you attack the big companies, it is not a frontal attack. What hackers do is they attack the vendors who provide services to big companies.

"Because the vendors are smaller companies, they do not have the same security facilities as the major companies. So it is easier to penetrate their defences."

As such, he said everyone should take cyber security seriously, as losses would not only affect the bottom line, but the company's reputation as well. – January 15, 2015.