New Research Reveals the Importance of Safeguarding Malaysia's Software Supply Chain
Recent research commissioned by BlackBerry sheds light on the severity of supply chain focused cyberattacks against Malaysian organizations, and it underscores the significance of proactive measures to combat these attacks. Coupled with the introduction of Malaysia's Cyber Security Act of 2024 and the opening of the Malaysia Cybersecurity Center of Excellence, these insights provide a roadmap for strengthening the nation's cybersecurity posture.
The Scope of the Problem from New BlackBerry Research
BlackBerry's research, which surveyed hundreds of IT and cybersecurity leaders, was first unveiled at the NACSA Cybersecurity Summit, where I delivered a keynote address on July 31. It revealed that over three-quarters (79%) of Malaysian software supply chains were subjected to cyberattacks in the last twelve months. This figure is slightly higher than the global average of 76%. Even more concerning, 81% of respondents identified hidden members in their software supply chain that they had not been previously aware of, the highest response globally. These unknown pieces of the supply chain pose significant risks, as they can be potential gateways for cyber threats.
The Financial and Operational Impact of Supply Chain Attacks
The repercussions of software supply chain attacks are profound. Almost two in five Malaysian organizations (38%) required up to a month to recover from such attacks. The financial impact is severe, with 71% of organizations reporting financial loss, 66% experiencing reputational damage, and 59% suffering data loss. These statistics highlight the urgent need for enhanced cybersecurity measures to mitigate these risks effectively.
The Role of Malaysia's Cyber Security Act 2024
Malaysia has taken significant strides to bolster its cybersecurity framework with the enactment of the Cyber Security Act 2024 (Act 854). This legislation aims to enhance the cyber-resilience of the nation's critical information infrastructure. The Act, supported by initiatives like the National Semiconductor Strategy (NSS), sets the stage for Malaysia to become a global semiconductor powerhouse over the next decade. The NSS emphasizes secure-by-design software practices for IoT components, aligning with the broader goal of protecting the IT supply chain.
Expert Insights on Cybersecurity Measures
Dr. Megat Zuhairy bin Megat Tajuddin, Chief Executive of NACSA, emphasizes the importance of the Cyber Security Act 2024 in improving Malaysia's cyber-resilience.
"To become a leader in sectors such as semiconductor manufacturing and Artificial Intelligence (AI), Malaysia acknowledges it also shares a global responsibility to protect the software supply chain and ensure secure-by-design practices through improved compliance, technology adoption, and skills and training initiatives, like the Cybersecurity Center of Excellence with BlackBerry, to grow our cyber-workforce. This can better protect key infrastructure, boost business confidence, and aid economic growth through smoother international trade and cooperation."
It takes more than trust to protect the software supply chain. Encouragingly, progressive global governments like Malaysia are increasing regulatory measures and investment in skills and technology to protect critical infrastructure and key industries from cyberattacks. Though, in an uncertain geo-political climate, widely distributed sectors like semiconductor manufacturing continue to be a lucrative target for threat actors seeking maximum global impact.
This is why a comprehensive approach to cybersecurity that encompasses all aspects – skilled workers, secure-by-design products, and modern AI monitoring tools – will contribute to building trust in key Malaysian industries and boosting future economic growth.
Current Cybersecurity Practices in Malaysian Organizations
Compliance and Certification
According to the BlackBerry research, Malaysian organizations demonstrate a strong commitment to cybersecurity, with 58% providing security awareness training for staff, 48% employing data encryption, and 47% implementing multi-factor authentication.
However, vulnerability disclosure practices and the use of Software Bill of Materials (SBOMs) remain areas for improvement, with only 43% and 40% adoption rates, respectively.
Interestingly, Malaysian IT leaders exhibit high confidence in their suppliers' cybersecurity policies, with 95% expressing trust in their suppliers' ability to identify and prevent vulnerabilities. This trust is underpinned by rigorous compliance certification demands, with Malaysian IT decision-makers leading globally in requesting evidence of compliance.
Inventory and Monitoring Challenges
Regular monitoring of software inventories is crucial for maintaining cybersecurity. While 20% of Malaysian organizations perform near-real-time inventories, others lag, with 23% conducting inventories every 1-3 months and 11% every 3-6 months. The primary barriers to more frequent monitoring include a lack of technical understanding (58%), effective tools (44%), visibility (41%), and skilled talent (40%).
Despite these challenges, there is a strong demand for tools that enhance software library visibility and inventory management. Over three-quarters (77%) of respondents expressed a desire for improved inventory tools to better manage their software supply chain.
Looking Forward: The Role of AI, MDR and Skilled Talent
Malaysian IT leaders indicated in the survey that human factors such as a lack of skilled talent and technical understanding continue to challenge industries, but it was encouraging to see a high standard for demanding compliance certification when dealing with suppliers.
Along with training and upskilling efforts, modern AI-powered Managed Detection and Response (MDR) technologies can also support organizations with 24x7 threat coverage, helping IT teams with fewer resources to tackle emerging threats in their software supply chain and navigate complex security incidents."
Conclusion
The findings from BlackBerry's research highlight the critical need for robust cybersecurity measures to protect Malaysia's software supply chain. By investing in secure-by-design practices, advanced AI technologies, and comprehensive training programs, Malaysia is well-positioned to safeguard its critical information infrastructure and drive economic growth.
For Malaysian organizations, the path to enhanced cybersecurity begins with a proactive approach to managing software supply chain risks. By leveraging the insights from BlackBerry's research and aligning with the goals of the Cyber Security Act 2024, businesses can build a resilient cybersecurity framework that fosters trust, protects valuable assets, and supports continued growth.
Stay informed, stay secure, and consider upskilling your team through the Malaysia Cybersecurity Center of Excellence. Together, we can build a safer cyber landscape for Malaysia and beyond.