PETALING JAYA: The financial sector remains the top sector experiencing cyber attacks in Malaysia this year despite growing cyber resilience and awareness among financial institutions, global cybersecurity firm Kaspersky has highlighted.

Kaspersky South-East Asia general manager Yeo Siang Tiong said following closely the financial sector is the government sector as well as the healthcare sector, where phishing is the most prevalent form of cyber attack.

He said the same trend was also observed in other Asean countries this year.

“The financial sector is where the money is while the government and healthcare sectors contain a lot of data, including personal data which have a lot of value in those data for cyber attackers to gain benefit from them.

“There is also the espionage component in these sectors while the other form of attacks that we see more often include the ransomware attack, where attackers are doing the ransomware-as-a-service or RaaS, as well as cryptojacking,” he told Bernama on the sidelines of the Kaspersky Cyber Security Weekend 2023 in Bali.

Nevertheless, he said albeit facing the most attacks, the financial sector has seen some improvement in cyber resilience after Bank Negara instructed banks to follow the risk management in technology framework.

In addressing the rising threat and risk of cyber attacks from the government perspective, Yeo said there was a need for the government to address the issue from the regulation and policy standpoints.

“On our front, we are working very closely and have collaboration with the National Cyber Security Agency (Nacsa) and Cybersecurity Malaysia (CSM) from the government side so that we can share information with them and then they get early signals from us if we see anything is happening,” he said.

Within this year, Nacsa visited Kaspersky’s Data Centre and Transparency Centre in Switzerland, while CSM paid a visit to Kaspersky’s Transparency Centre in the Netherlands recently.

“The Malaysian government is looking at the possibilities of making some changes to the two agencies involved in cybersecurity and we are still waiting for the outcome from the recent visits.

“Of course, we are still talking to both teams quite intensively as we wait for the final outcomes,” he said.

Meanwhile, from the corporate front, he said organisations need to learn and do their due diligence by exercising a fair share process to protect their own environment and from the consumers’ perspective, awareness is the most effective way.

“The execution process of adopting cyber security is the next crucial step for the industry. At Kaspersky, we will always go to the industry whenever things are coming up right on our end.

“Once we see any impending attacks or hear any noise in the dark web, we will definitely collaborate with them,” he said.

With the digital economy growing rapidly across the Asean region at an expected growth rate of 20% year-on-year, more data will be used by the industry and it requires more protection on its information technology (IT) and operational technology.

Kaspersky announced that the company detected an average of 400,000 new malicious attacks on a daily basis and has been responding to the detection by using the latest technology.

“There is no way for a cyber security company to process all these new detections and that is why the artificial intelligence (AI) rules come in as we detect the emergence of new malware or new ways of doing things involving cyber risk,” he said.

In the meantime, the global cybersecurity company highlighted that AI has emerged as a powerful tool in the field of cybersecurity and beyond with the arrival of ChatGPT in November 2022 triggering debates and conversations on AI.

It showed the tangible effects of this neural network technology and revealed AI’s potential to disrupt industries globally.

Kasperksy has since revolutionised things by finding a way to develop IT systems with “innate” protection – Cyber Immunity, a concept that implies the overwhelming majority of cyber attack types are ineffective and cannot affect a system’s critical functions in the usage scenarios specified at the design stage.

“In an age where technology can be used by the good guys and bad guys alike, traditional cybersecurity is no longer enough.

“We need to revolutionise our defences to ensure we create a more secure digital world,” Kaspersky chief executive officer Eugene Kaspersky said.