A recent study by BlackBerry Ltd has revealed that most Malaysian IT decision-makers have received alerts about attacks or vulnerabilities in their software supply chains within the past year.
The intelligent security software provider surveyed 100 Malaysian companies and found that over three-quarters (79%) of software supply chains in the country had been exposed to cyberattacks, exceeding the global average of 76%.
The study highlighted that nearly a third of Malaysian respondents identified operating systems (30%) and Internet of Things (IoT)/connected components (19%) as the most vulnerable, with these areas having the greatest impact on organizations.
These risks come at a cost, with financial losses (71%), reputational damage (66%), and data breaches (59%) being the most severe consequences of supply chain attacks, according to the company’s statement.
The findings, based on a global survey of IT decision-makers and cybersecurity leaders conducted by Coleman Parkes in April 2024, align with the Malaysian government’s recent cybersecurity initiatives, including the gazetting of the 2024 Cyber Security Act (Act 854) on June 26 and the launch of the National Semiconductor Strategy (NSS) in May.
The study emphasized the urgent need for secure-by-design software practices for IoT components and strong regulations to protect the IT supply chain, which aligns with the NSS’s focus on investing in skills and technology.
Malaysian organizations have already implemented various security measures to prevent software supply chain attacks, such as security awareness training for staff (58%), data encryption (48%), and multi-factor authentication (47%). However, vulnerability disclosure was rated lower (43%).
Although the Software Bill of Materials (SBOMs) received an even lower priority (40%), international regulatory and compliance requirements could elevate its importance in the next 12 to 24 months, especially for manufacturing companies designing and trading technology components globally.
BlackBerry Cybersecurity’s Chief Information Security Officer, Christine Gadsby, noted that progressive governments, like Malaysia, are increasingly adopting regulatory measures and investing in skills and technology to protect critical infrastructure and key industries from cyberattacks.
“In an uncertain geopolitical environment, widely distributed sectors such as semiconductor manufacturing are attractive targets for threat actors seeking maximum global impact. Therefore, a comprehensive cybersecurity approach—encompassing skilled workers, secure-by-design products, and advanced AI monitoring tools—will help build trust in Malaysia’s key industries and support future economic growth,” she said.
