Cybersecurity Threats

How vulnerable are you?

Amos Law, Executive Director

As the nation transitions into the endemic phase and more employees start to return to work in the office, companies should maintain their guard and continue to assess their vulnerability risks to cybersecurity threats and ensure that the appropriate controls are implemented to address such risks.  

Prior to this, the pandemic had posed several challenges that have caught many companies off-guard. Many solutions that were in place were not adopted or optimised, due to some reason or another.  As company awareness has increased, management should consider the following: 


Authentication allows a Company to confirm the identity of employees who are trying to access the Company’s IT resources.   Multiple, robust forms of authentication can be considered including Multi-Factor Authentication (“MFA”) where, if a username or password is compromised, the second line of defense should kick-in, e.g. push notification to a phone or even biometric authentication such as fingerprints.  
Furthermore, passwords should be strengthened and multi-factor authentication should only go into devices that have been previously verified and enrolled. 


Data Management 

As data is a company’s most important asset, knowing where the data resides and ensuring that it is adequately protected from unauthorised access is crucial. 
In addition, regular backup of important data is necessary and restoration tests should also be performed to test the integrity of the backed-up data. 

Endpoint Protection

Endpoint protection can prevent unauthorised activity or downloading of programs on the local device if an employee accidentally interacts with a malicious email or website.  Administrative access to these endpoints should be restricted to authorised personnel and updated patches must be in place to protect against the latest vulnerabilities. 

Cloud Security

In the company’s haste to migrate its systems to the cloud as a result of the pandemic to focus on availability, access security should not be neglected. The principle of “least privilege” must be applied and excessive permissions should be removed.  Data management controls should also be applied to sensitive data that is being stored on the cloud. 


Awareness Training
Awareness training will help staff to anticipate, recognise and act on perceived threats. The ultimate goal would be to minimise the number of staff who would respond to an attacker while maximising the number of employees who would alert the company to the suspicious activity.   
To aid in the above, the company should also implement malicious content filtering to prevent email-based attacks, besides strengthening their web filters and firewalls to restrict communication with malicious sites and potential attackers. 

Monitoring & Testing 

Companies should set up monitoring solutions to collect and monitor systems’ data to identify and alert them on suspicious activity in order to respond accordingly in a timely manner.  Periodic testing of the environment, e.g. penetration tests and simulation exercises can provide good insights into security gaps, risky processes, or network vulnerabilities. 


As the future is uncertain, companies that proactively monitor and address their cybersecurity vulnerabilities would be in a better stead to face whatever challenges that could arise.  

Should you need any help in evaluating your cybersecurity posture, please contact us – we would be glad to assist you. 

Our Expert

Amos Law is a Risk Consulting Executive Director at Crowe Malaysia. He has over 18 years of professional experience that includes risk consulting, internal audit, IT audits, corporate governance advisory, and investigation. 
Amos Law
Location: Kuala Lumpur

Stay Up-to-date

Sign up for our newsletter to stay informed of the latest news and updates!