In 2024, BlackBerry unveiled new proprietary research, underscoring the vulnerability of software supply chains in Malaysia and around the world.
According to the study, 79% of Malaysian organizations reported cyberattacks or vulnerabilities in their software supply chains during the past 12 months, slightly exceeding the global average of 76%. Alarmingly, 81% of respondents revealed they had discovered unknown members within their software supply chains during this period.
These findings point to the rise in supply chain attacks, targeting vulnerable digital threads that connect millions of organizations. Around the same time this survey was released, BlackBerry’s Global Threat Intelligence Report revealed the company detected and stopped an average of 11,500 unique malware samples daily, up 53 percent from the previous reporting period. It also said, in the Asia Pacific region, geopolitical tensions continue to influence cyber trends, including rising state-sponsored and financially-motivated cyberattacks on critical infrastructure, supply chains and businesses.
In tandem, Malaysia’s efforts to bolster cybersecurity resilience through initiatives such as the Cyber Security Act 2024 (Act 854) and the National Semiconductor Strategy (NSS), will help to strengthen overall preparedness and fortify key industries and critical infrastructure. With ambitions for the NSS to establish Malaysia as a global semiconductor hub, it rightly emphasizes secure-by-design principles for Internet of Things (IoT) components and skills development to strengthen the IT supply chain.
The Cost of Insecurity
BlackBerry’s research paints a stark picture of the impact of supply chain breaches. Nearly a third of Malaysian respondents identified operating systems (30%) and IoT components (19%) as their biggest vulnerabilities. The consequences of attacks are severe, including financial losses (71%), reputational damage (66%), and data breaches (59%).
BlackBerry
While many organizations prioritize cybersecurity, 38% admitted recovery from supply chain incidents can take up to a month. Christine Gadsby, BlackBerry’s CISO, emphasized that protecting software supply chains requires more than trust.
“A comprehensive approach that integrates skilled talent, secure-by-design practices, and modern AI monitoring tools is essential.”
Building Cyber-Resilience in Malaysia
The Cyber Security Act 2024 mandates more rigorous standards for securing Malaysia’s National Critical Information Infrastructure, which is seen as crucial to the nation’s economic future and attracting foreign investment.
Dr. Megat Zuhairy bin Megat Tajuddin, CEO of NACSA, highlighted the importance of robust supply chain security for Malaysia’s global ambitions in sectors like semiconductors and Artificial Intelligence (AI).
“By improving compliance, adopting cutting-edge technologies, and training a skilled workforce, we can protect key infrastructure, boost economic confidence, and strengthen international trade partnerships.”
Challenges and Opportunities Ahead
Despite significant progress in cybersecurity regulation, skills development and other initiatives, the research revealed areas for improvement. Malaysian organizations demonstrate high confidence in their supply chain partners’ cybersecurity measures, with 95% believing their suppliers can prevent vulnerabilities. However, only 18% of companies request ongoing evidence of compliance with security frameworks post-onboarding.
Moreover, regular software inventory audits are hindered by barriers such as limited technical understanding (58%), inadequate tools (44%), and a lack of skilled talent (40%). To address these challenges, 77% of respondents expressed interest in adopting tools that enhance visibility into software supply chains and automate vulnerability tracking.
BlackBerry
Gadsby concluded by advocating for the integration of Managed Detection and Response (MDR) technologies.
“These solutions provide 24/7 threat monitoring, enabling resource-constrained IT teams to mitigate emerging risks effectively.”
The BlackBerry Global Threat Report (September) also showed that organisations are increasingly targeted by a plethora of threats such as cyber espionage, eavesdropping, ransomware and phishing attacks. To enhance the resilience of supply chains, organisations in Malaysia should heighten their vigilance and protections cross all threat vectors, including devices and communications, particularly following recent espionage campaigns infiltrating sovereign telecoms operators in the United States and ‘Lightspy’ mobile espionage actors.
A Future-Ready Cybersecurity Strategy
As Malaysia strengthens its cybersecurity posture nationally, BlackBerry’s research highlights the urgency of secure-by-design practices and cross-sector collaboration.
While these future-focused government policies are an important first step, they cannot thrive without the right training initiatives for a modern cybersecurity workforce. That is why BlackBerry is actively supporting these efforts through its partnership with the Malaysian Communications & Multimedia Commission (MCMC) in operating the Cybersecurity Center of Excellence (CCoE) in Cyberjaya.
The CCoE is the first of its kind in the region, offering a range of initiatives to help build an ecosystem of cybersecurity training both nationwide and regionally. This will in turn help grow the workforce, fill much needed roles and help to safeguard against cyberattacks targeting Malaysian government institutions, businesses and infrastructure.
To see the full software supply chain study in APAC, please visit here. To access the full global report, visit here.
