Malaysia is under siege.

In fact, every year from 2020 to 2022, the number of cyber attacks recorded in Malaysia was over 20,000 annually—a massive jump from previous years, when the number was closer to 10,000 per year. Things seem to be turning for the worse, with data from cybersecurity company Surfshark placing Malaysia as the eighth most breached country in the world in the third quarter of 2023.

The recent surge of cyber attacks in Malaysia emphasised the heightened risk organisations face due to overlooked vulnerabilities, demanding a proactive approach to cybersecurity. According to BlackBerry's latest Global Threat Intelligence Report (GTIR), the increasing rates of new malware detected indicated that threat actors are more determined to breach highly lucrative sectors in pursuit of financial gain.

Worse still, Cisco just revealed that Malaysian organisations are ill-equipped for modern cyber threats, which might explain why attacks on network solutions and system integrator Aminia and leading Malaysian telecom Maxis are becoming too common for comfort—and that is not taking into account attacks that are either unreported or undetected.

Incidentally, what is happening in Malaysia in terms of cybersecurity is par for the course for practically every country, as pointed out by Jonathan Jackson, Director of Sales Engineering at BlackBerry, in an exclusive interview with Cybersecurity ASEAN (CSA).

“In terms of the overall [cybersecurity] space, I think it's an incredibly challenging environment. Today, it continues to be challenging. 2023 was a miserable year, and 2024 is shaping up to be no different,” Jonathan told CSA. “The level of sophistication and the technologies that are available to cyber attackers are increasing. And it's really what we've seen. It's lowering the barrier to entry for cybercriminals to be able to have very sophisticated and targeted campaigns, like aggressive phishing and smishing…”

This context sets the stage for companies like BlackBerry, actively engaged in empowering Malaysian businesses against these threats, exemplifying a concerted effort to combat cybercriminal activities.

Turning to AI for Cybersecurity

It is no secret BlackBerry made a name for handheld devices and only pivoted to cybersecurity over the last decade. Even so, Jonathan assured that the company is “firmly positioned in the cybersecurity software and services realm” and is “at the forefront—for many, many years—in AI (Artificial Intelligence)-driven security products.”

This focus on Artificial Intelligence, combined with comprehensive visibility and best-in-class telemetry, forms the foundation of BlackBerry's cybersecurity offerings.

Jonathan expressed a core belief in the power of AI to proactively thwart cyber threats before they materialise. He emphasised the critical importance of detection and response in the event of a breach, highlighting the value of comprehensive visibility and telemetry data. Furthermore, he mentioned BlackBerry's focus on leveraging technology to support SOC assistants, digital forensics experts, and anyone involved in breach analysis, demonstrating their commitment to enhancing cybersecurity capabilities across the board.

And, with cybercriminals now also using AI for their nefarious deeds, Jonathan—and BlackBerry, by extension—is adamant that AI can thwart its degenerate counterpart just as effectively as it can spoil non-AI-aided attacks. That is if a mature enough AI is built over time with Machine Learning (ML) models that can keep up with evolving threats.

It is not for nothing that AI is front and centre in BlackBerry’s work with various organisations around the world—including here in the APAC region and in Malaysia in particular.

“There is not one tool out there which is going to help you 100%. But a defence-in-depth strategy is really important. So, one of the things we're doing here in Malaysia is partnering with other organisations to improve the cyber resilience of the country,” said Jonathan of BlackBerry’s commitment to helping Malaysia in terms of cybersecurity. “That's the stated goal of what we're actually doing here, which is an incredibly lofty goal but something that is 100% achievable. And we are focused beyond anything on being able to help the Malaysian government and other governments around the region improve their cyber posture.”

The Other Half of the Cybersecurity Equation Is Equally—if Not More—Vital

There is, of course, another aspect of cybersecurity that is oftentimes understated but is just as crucial—or even more—to effective cybersecurity; the people themselves.  

“Any sort of defence-in-depth, if you really want it to work, we also need to focus on people,” said Matt Dawdy, Director of the BlackBerry Cybersecurity Centre of Excellence in Malaysia inaugurated only this April—a mere five months after BlackBerry inked a cybersecurity deal with the Malaysian government at the APEC Leaders’ Summit last November.

The context of this need to focus on people is what Matt describes as “this huge worker gap in cybersecurity,” where three to four million more cybersecurity workers are needed worldwide. This skills gap is as pronounced in Malaysia, with no less than Communications and Digital Minister Fahmi Fadzil telling The Star in August of last year that the country needs some 12,000 cybersecurity experts by 2025 if it is to fill the said gap.

“According to a recent study by the Department of Skills, The Centre for Instructor and Advanced Skill Training (CIAST), and CyberSecurity Malaysia, our country needs 27,000 cybersecurity knowledge workers by the end of 2025. Based on the study, we are facing a shortfall of 12,000 cybersecurity workers.”

A Centre of Excellence to the Rescue

BlackBerry hopes to bridge this shortfall in no time with the Cybersecurity Centre of Excellence it opened in collaboration with the Malaysian government. Described by Matt as a learning centre partnering with other education institutions, government entities, and corporate organisations, the Cybersecurity Centre of Excellence is focused on helping fill that gap through upskilling and providing learning opportunities to Malaysians interested in the field of cybersecurity.

It also appears that interest is spiking, according to Matt.

“That's what this is really about,” said Matt of the Cybersecurity Centre of Excellence’s vision. “There are a lot of people in Malaysia that are interested in finding a lucrative career and to have a stable, stable work environment. We can offer that in cybersecurity.”

The Cybersecurity Centre of Excellence, incidentally, offers a path towards that lucrative career—an institutionalised learning mechanism that is akin to getting a college education.

“So, here at the Centre, we're rolling out a hybrid education program,” explained Matt. “What I mean by that is that it offers a lot of the advantages of a university program that has structure and progression, just like a university program. But we're focusing on cybersecurity and we're focusing on certifications.”

The best part is that the Centre, according to Matt, is open for all—even to absolute beginners no prior education on cybersecurity or career shifters who want to forge a different path.

Education Is a Difference-Maker in Cybersecurity

Not to downplay all these hi-tech cybersecurity tools, but ground zero of an effective cybersecurity posture is to have people that know all about it—or at least have enough knowledge to be vigilant against it.

That’s because cybercriminals, according to Jonathan, are shifting their crosshairs to target people, in turn making them a primary attack vector to get inside any system or network. Education, however, turns the tide in favour of the good guys, who will be equipped to sidestep or avoid the common modus operandi of cybercriminals.

Jonathan highlighted a shift in cyber attack strategies, noting that attackers no longer primarily target firewalls or similar defences to breach an environment. Instead, they focus on exploiting human vulnerabilities. By targeting individuals, attackers can manipulate them into clicking on malicious links—a tactic far easier to execute and potentially more devastating in its impact.

However, when faced with a cybersecurity-savvy workforce, relying on such a "fairly easy tactic" may prove ineffective, if not entirely futile.

“So, by levelling up and just kind of raising the level of cybersecurity intelligence in general, we can make a difference,” Jonathan pointed out. “You'd go into an organisation and teach 500 people about security awareness. [Then] they're watching for those kinds of scams, phishing type attacks, you've made a difference. You have changed the security posture of Malaysia.”

Ultimately, BlackBerry's primary focus is on bolstering cybersecurity in Malaysia—a goal that carries significant importance. This ambitious objective aligns perfectly with the current climate as Malaysia faces heightened cybersecurity threats.