Can Malaysia Improve Its Cybersecurity Awareness?

April 15, 2021

Digital threats in Malaysia are on the rise. According to various studies, online threats have increased by 82.5% during the Movement Control Order (MCO) invoked by the local government in response to the global pandemic. More than 800 security incidents were reported, affecting all businesses across Malaysia, including regions like Kuala Lumpur and more. The Malaysia Computer Emergency Response Team (MyCERT) revealed that cyber frauds make up 70% of all the reported incidents that occurred in 2020 up until October. Thus, individuals and businesses in Malaysia need an effective solution to solve the issues related to cybersecurity awareness, which impacts the human element embedded in the digital security framework.

Many industries and their employees run a risk of being targeted by social engineering attacks. The trouble is even more serious for business sectors such as Information & Communications, Telecoms, Broadcasting & Publishing, IT, Finance & Insurance Services, Legal, Public Administration, and Education industries, as they involve a large amount of money and information that could be exploited.

Cybersecurity Awareness in Malaysia and Its Importance

Studies have shown that many of the CREST-certified cybersecurity service providers located in Malaysia do not focus on implementing security awareness training. Only a small amount, i.e., 18% of the reviewed cybersecurity service providers, focus on simulation-based awareness training. As employees are the weakest link in a cybersecurity chain, there is a compelling need to thoroughly assess their security understanding and train them to minimize human error, which may lead to a potential risk for the organization's information security. Cybersecurity awareness involves security e-learning and cyber awareness training for individuals and working professionals to mitigate security risks, such as phishing and social engineering attacks.

Why Is Cybersecurity Awareness Training Important?

The aim of any training related to cybersecurity awareness is to help organizations and their employees, vendors, contractors, etc. to identify the risks associated with digital interaction/transactions of sensitive information and understand the potential threats such as social engineering and phishing attacks along with their impact on their personal or organization's information security. The cybersecurity awareness training also helps to understand the response and mitigation methods against such malicious attempts. It enables employees avoid and/or report threats to appropriate authorities, which, in turn, helps security engineers map and monitor trends and anomalies reacted to digital breaches and frauds.

Cybersecurity awareness training is especially important in Malaysia, where more than 80 percent of intrusions or attempts are due to human error, and nearly 82% of the CERST certified security service providers do not provide training related to security awareness. These statistics for security awareness raise concerns and demand the attention of cybersecurity authorities and service providers.

Social engineering attacks such as e-mail phishing are the prime vectors responsible for most malware and ransomware attacks. With businesses being under continuous security threats and the rise in malicious attempts, the need for security awareness in any organization and its digital users is essential. For businesses, understanding your employees’ level of security awareness is a proven method to identify, combat, and mitigate cyber threats.

How Do You Create a Cybersecurity Awareness Program?

Cybersecurity training and awareness programs are built upon existing and newly implemented security policies of a particular organization. Different IT governance and information security compliances shape an awareness training program's requirements, as the aim is to assess the security and risk understanding of an employee/user and help them understand the consequences of their actions on IT governance and security management issues. Different approaches could be considered to increase awareness among employees based upon the compliance or security framework requirements.

Organizations generally aim to increase awareness based on tests, behavior assessment, and response to controlled attacks, i.e., a simulation-based approach. Various tasks are involved as a part of the training program, and security e-learning, some of which could be listed as:

  • E-mail phishing and vishing campaigns test an individual’s susceptibility towards e-mail and voice-based phishing attacks
  • Establishing a baseline measurement for their susceptibility against different phishing attacks and measuring their progress against the baseline
  • Behavior analysis through repeated campaigning and subsequent response to them, i.e., reporting, quarantine, and/or response
  • Education and awareness regarding different phishing and social engineering attacks and/or related threats along with identification, reporting, and mitigation strategies
  • Enabling easy mitigation techniques such as single-click reporting and quarantine of any possible phishing e-mail with the help of advanced applications and learning management systems

Cybersecurity Awareness Training with EC-Council Aware

EC-Council Aware brings security training and awareness programs that cater to organizations that are determined to protect their information technology and assets while simultaneously saving resources, money and increasing customer satisfaction.

EC-Council Aware provides its security training, security e-learning, and awareness solutions via a mobile application (for both Android and iOS) that provides multiple features such as resources, gaming experience, simulation training, etc. With Aware, an organization can train its employees while continuously monitoring and assessing their progress in security awareness.

Cybersecurity awareness training programs provided by Aware helps the users, employees, contractors, and temporary workers of an organization prepare against phishing and social engineering attacks and understand the risk involved. Along with providing a plethora of resources to make the learning experience enjoyable, it incorporates multiple features in its solutions to help users engage better; some of its prominent features include:

  • Wide collection of customizable phishing templates for e-mail, SMS, and voice phishing attacks, with flexible campaign scheduling
  • Gamification module that helps your employees learn on the go while maintaining the required level of security awareness training standards
  • Web-based portal for susceptibility testing and analysis of simulation response
  • Creates a challenging environment using quiz sessions with their peers and encouraging their progress through a ‘Leader Board’

Strategically built cybersecurity awareness programs in Malaysia will empower employees and users to effectively respond to threats by following the organization's structured policy framework and help the information security engineers mitigate threats in their infancy.