Loading...
Loading...
Know your enemy: Understanding the most significant cyber threats targeting Malaysian organizations
Malaysian businesses face an evolving threat landscape with increasingly sophisticated attackers. Based on our threat intelligence and incident response experience, here are the top 10 cyber threats Malaysian organizations need to prepare for in 2025.
Ransomware remains the most destructive threat, with attacks increasing 67% in Malaysia. LockBit and BlackCat variants are most common.
Average ransom: RM 2.1 million
Regular backups, endpoint detection, incident response planning
Sophisticated email fraud targeting Malaysian businesses, often impersonating executives or vendors to authorize fraudulent transfers.
Average loss: RM 380,000 per incident
Email authentication (DMARC), payment verification procedures, awareness training
Targeted phishing campaigns in Bahasa Malaysia and English, often impersonating banks, government agencies, or popular services.
42% of employees click phishing links
Security awareness training, simulated phishing, email filtering
Attacks targeting software vendors and service providers to compromise multiple downstream organizations.
One vendor breach can affect 50+ organizations
Vendor security assessments, supply chain monitoring, zero trust architecture
Exposed cloud storage, databases, and services due to misconfigurations in AWS, Azure, and GCP environments.
35% of Malaysian cloud deployments have critical misconfigs
Cloud security posture management, regular audits, infrastructure as code
Malicious or negligent employees causing data breaches, often during employment transitions.
Insider incidents take 77 days to detect
DLP solutions, access monitoring, offboarding procedures
Insecure APIs exposing sensitive data and functionality in mobile apps, web applications, and integrations.
73% of Malaysian apps have API security flaws
API security testing, authentication, rate limiting, monitoring
Automated attacks using stolen credentials from data breaches to access accounts across multiple services.
Million+ Malaysian credentials on dark web
MFA, password policies, credential monitoring, CAPTCHA
Attacks targeting industrial control systems, smart devices, and operational technology in manufacturing and critical infrastructure.
60% of Malaysian OT systems unpatched
Network segmentation, OT security monitoring, firmware updates
Unauthorized cryptocurrency mining using company resources, often through compromised websites or cloud infrastructure.
Increased cloud costs, degraded performance
Endpoint monitoring, cloud resource monitoring, web filtering
Understanding your organization's specific threat exposure is the first step to effective defense. Our security assessments identify vulnerabilities before attackers do.
Get Threat AssessmentProactive security testing identifies vulnerabilities before attackers exploit them.