April 15, 2021
Digital threats in Malaysia are on the rise. According to various studies, online threats have increased by 82.5% during the Movement Control Order (MCO) invoked by the local government in response to the global pandemic. More than 800 security incidents were reported, affecting all businesses across Malaysia, including regions like Kuala Lumpur and more. The Malaysia Computer Emergency Response Team (MyCERT) revealed that cyber frauds make up 70% of all the reported incidents that occurred in 2020 up until October. Thus, individuals and businesses in Malaysia need an effective solution to solve the issues related to cybersecurity awareness, which impacts the human element embedded in the digital security framework.
Many industries and their employees run a risk of being targeted by social engineering attacks. The trouble is even more serious for business sectors such as Information & Communications, Telecoms, Broadcasting & Publishing, IT, Finance & Insurance Services, Legal, Public Administration, and Education industries, as they involve a large amount of money and information that could be exploited.
Studies have shown that many of the CREST-certified cybersecurity service providers located in Malaysia do not focus on implementing security awareness training. Only a small amount, i.e., 18% of the reviewed cybersecurity service providers, focus on simulation-based awareness training. As employees are the weakest link in a cybersecurity chain, there is a compelling need to thoroughly assess their security understanding and train them to minimize human error, which may lead to a potential risk for the organization's information security. Cybersecurity awareness involves security e-learning and cyber awareness training for individuals and working professionals to mitigate security risks, such as phishing and social engineering attacks.
The aim of any training related to cybersecurity awareness is to help organizations and their employees, vendors, contractors, etc. to identify the risks associated with digital interaction/transactions of sensitive information and understand the potential threats such as social engineering and phishing attacks along with their impact on their personal or organization's information security. The cybersecurity awareness training also helps to understand the response and mitigation methods against such malicious attempts. It enables employees avoid and/or report threats to appropriate authorities, which, in turn, helps security engineers map and monitor trends and anomalies reacted to digital breaches and frauds.
Cybersecurity awareness training is especially important in Malaysia, where more than 80 percent of intrusions or attempts are due to human error, and nearly 82% of the CERST certified security service providers do not provide training related to security awareness. These statistics for security awareness raise concerns and demand the attention of cybersecurity authorities and service providers.
Social engineering attacks such as e-mail phishing are the prime vectors responsible for most malware and ransomware attacks. With businesses being under continuous security threats and the rise in malicious attempts, the need for security awareness in any organization and its digital users is essential. For businesses, understanding your employees’ level of security awareness is a proven method to identify, combat, and mitigate cyber threats.
Cybersecurity training and awareness programs are built upon existing and newly implemented security policies of a particular organization. Different IT governance and information security compliances shape an awareness training program's requirements, as the aim is to assess the security and risk understanding of an employee/user and help them understand the consequences of their actions on IT governance and security management issues. Different approaches could be considered to increase awareness among employees based upon the compliance or security framework requirements.
Organizations generally aim to increase awareness based on tests, behavior assessment, and response to controlled attacks, i.e., a simulation-based approach. Various tasks are involved as a part of the training program, and security e-learning, some of which could be listed as:
EC-Council Aware brings security training and awareness programs that cater to organizations that are determined to protect their information technology and assets while simultaneously saving resources, money and increasing customer satisfaction.
EC-Council Aware provides its security training, security e-learning, and awareness solutions via a mobile application (for both Android and iOS) that provides multiple features such as resources, gaming experience, simulation training, etc. With Aware, an organization can train its employees while continuously monitoring and assessing their progress in security awareness.
Cybersecurity awareness training programs provided by Aware helps the users, employees, contractors, and temporary workers of an organization prepare against phishing and social engineering attacks and understand the risk involved. Along with providing a plethora of resources to make the learning experience enjoyable, it incorporates multiple features in its solutions to help users engage better; some of its prominent features include:
Strategically built cybersecurity awareness programs in Malaysia will empower employees and users to effectively respond to threats by following the organization's structured policy framework and help the information security engineers mitigate threats in their infancy.
A. Security awareness training is a program that helps to educate the employees on various cyber risks and threats and magnify their awareness on best practices that keep their networks secure
A. The purpose of security awareness training is to develop essential competencies and introduce them to new techniques and methods that have been developed to tackle security issues.
A. Cyber awareness market has seen unprecedented growth over the last few years as organizations scramble to train employees, and security tools such as OhPhish can help not only by testing against regular phishing campaigns, but also to support train the end-user