Manufacturing and Government Sectors Account for Almost 40% of Malaysia’s Organisational Cyber Attacks in 2023, Reports Ensign InfoSecurity
Ensign InfoSecurity (“Ensign”), Asia’s largest comprehensive cybersecurity solutions provider, identifies Manufacturing, Government, and Technology, Media, and Telecommunications as the top three targeted sectors by cyber threats in 2023. This key insight was among many others featured in the fifth edition of Ensign’s Cyber Threat Landscape Report (CTL), which draws on Ensign’s proprietary and cyber threat intelligence sources. The ranking of most-targeted sectors changed substantially from the previous year:
Rank | 2022 | 2023 |
1 | Technology, Media, and Telecommunications | Manufacturing: 20.0% |
2 | Financial Services and Insurance | Government: 18.2% |
3 | Energy & Water | Technology, Media, and Telecommunications: 14.5% |
4 | – | Professional Services 9.1% |
5 | – | Retail 7.4% |
Malaysia has become an attractive destination for multinational companies looking to relocate their high-tech manufacturing businesses into the market. However, companies in this sector are highly attractive targets for cybercriminals due to three possible reasons: (1) the possession of valuable data ranging from contracts, supplier details, trade secrets, industrial designs, and personal information, (2) the operation of continuously running machinery where disruptions could impact safety or business operations, and (3) generally lower cyber hygiene compared to other more tightly regulated industries.
Similarly, the government sector holds a wealth of valuable data, including information on national security, citizens, and public services, making it a lucrative target for cyber threats. With growing interests and fragmentation in geo-politics, government agencies will continue to face increased targeting for political leverage.
The report also noted that ransom was the primary motive behind more than half of all observed cyberattacks in Malaysia (58.2%), where attackers sought to financially exploit victims through extortion. This reflects a global worsening of the Ransomware threat for corporates. In a deep-
dive analysis, the report explored how these attackers operate, and how they “double” extort their victims as a new tactic. Correlating both ransom and the targeted industry groups, Ensign believed that ransoms were made to capitalise on businesses supporting economic recovery post-pandemic.
Encouragingly, Ensign has observed a heightened awareness of potential cyber threats across the six territories in 2023. The average “dwell time”, which measures how long the attacker stays inside their victim’s networks before discovery, fell sharply across industries (the maximum dwell time fell from 1095 days to 49 days), suggesting that defenders are getting better and detecting breaches, even from stealthy cyber attackers.
Finally, the report also included insights into how hacktivism (cyberattacks conducted by individuals or groups in support of a cause or ideology) has become a serious and worrying threat for organisations; how recent supply chain attacks, especially on network devices, are getting more rampant; and the threats and risks posed by Artificial Intelligence in the cyber and information domains. The report concluded with suggestions for defenders, on how they can prepare their organisations for such threats.
“The marked increase in targeted attacks on essential sectors such as manufacturing and government signals an urgent need for a more comprehensive and coordinated approach to cybersecurity in these areas,” said Chee Yee Cheng, General Manager, Ensign InfoSecurity, Malaysia. “Through Ensign’s Cyber Threat Landscape Report, we hope to help establish more rigorous cyber hygiene standards and practices, ensuring that these sectors are adequately prepared to defend against and deter cybercriminals.”