When it comes to cyber security health check, Malaysia is definitely not in the best of health!


New Straits Times recently reported that Malaysia experienced an average of 84 million cyber attacks every day during the fourth quarter of last year (4Q 2022), according to global cyber security solutions provider Fortinet. Fortinet’s Southeast Asia and Hong Kong vice-president, Peerapong Jongvibool, noted that the attacks included viruses, botnets, and exploits detected by FortiGuard Labs’ cyber security solutions, ranking Malaysia among the most vulnerable locations in the region.


Telekom Malaysia (TM) is the latest big corporation that fell victim to cyber attacks. TM recently confirmed a data breach involving historical Unifi customers’ personal information, including names, national identification, passport numbers, and contact details. However, the company stated that no financial information was affected.


The logical question to ask now is: if a big GLC like TM is unable to defend itself from cyber attacks, how about our small startups?


The quick but unsettling answer is that cyber attacks do not discriminate when choosing victims. Cyber attacks are indeed nothing new. But until recently, the general consensus in the world of startups and small businesses was that only big, public companies with plenty of cash, clout and valuable data had to worry about them.


There are two main reasons why startups fall victim to cyber crime. Firstly, startups often believe that they do not need a cyber security business plan because they are small. Secondly, hackers often prey on vulnerable businesses, particularly startups, with less financial stability than larger enterprises. As a consequence, startups frequently put themselves at risk of all types of cyber attacks, whether that be phishing, man-in-the-middle or even malware attacks.


There are many reasons why startups should treat cyber security seriously despite their limited resources, and below are some of them:


First, Startups are more likely to be targeted by cyber attacks because they typically have fewer security resources than enterprise organizations.


Secondly, A data breach can cause significant financial damage, which may be irrecoverable during the startup development phase.


Thirdly, A cyber attack can be fatal to an adolescent startup’s reputation.


Fourthly, cyber security can act as a persuasive competitive differentiator amongst peers less likely to have an established program.


After a hack or cyber breach, a firm must deal with several repercussions. A few outcomes that could significantly affect the firm are financial loss, reputational damage, brand damage, etc. The business may suffer irreparable harm due to these effects, occasionally rendering it impossible for them to recover.


Given the recent surge in cyber attacks and the increasing complexity of these threats, startups must adopt robust and efficient approaches to prevent such occurrences.


To name a few, Using strong passwords, updating your software, thinking before you click on suspicious links, and turning on multi-factor authentication are the basics of cyber hygiene and will drastically improve your online safety.


Here are some top cyber security practices to consider:

1. Establish a robust cyber security policy: A cyber security policy is a formal guide to all measures used in your organization’s security strategy.
2. Update and enforce security policies: Regularly update and enforce security policies to protect your organization against the latest threats.
3. Install security updates and backup data: Keep your systems updated with the latest security patches and regularly back up your data.
4. Use strong passwords and multi-factor authentication: Implement robust password policies and enable multi-factor authentication to add an extra layer of security.
5. Collaborate to prevent attacks: Foster a culture of cyber security awareness and encourage employees to report suspicious activities.
6. Conduct regular cyber security audits: Regularly assess your organization’s security posture through audits to identify vulnerabilities and take appropriate action.
7. Control access to sensitive information: Limit access to sensitive data based on job roles and responsibilities.
8. Monitor third-party users and applications: Regularly review third-party access privileges and monitor their activities for any signs of compromise.

Big and small businesses now have a legal responsibility to keep confidential or sensitive data secure. Whether it be information regarding employees or customers, startups must ensure they have the best business cyber security plan. If data is lost or compromised, then startups could face legal consequences.


In the age of digitalization and exponential data growth and accumulation, cyber security is the big elephant in the room. It is no longer a luxury add-on but a must-have necessity. While a cyber attack can seriously damage a large company, it will likely recover and move on. For a small, growing business, the results can be absolutely fatal.


In fact, there are two takeaways from the recent surge in cyber attacks and the increasing complexity of these threats that each and every startup founder should bear in mind:


(1) There are two types of companies — those that have been hacked and those that don’t know they have been hacked.


(2) Cyber security is a people problem, not a technological problem.