Cybersecurity Threats Can Start from Within

External cybersecurity measures are essential, but an organisation must pay close attention to its internal security threats


Recently, the Hays Global Security Report 2024, published in Focus Malaysia, reported that 69% of Malaysian companies anticipate feeling the impact of cybersecurity talent shortages within the next five years. This concern is compounded by security leaders’ fears of retaining their existing cybersecurity staff, particularly as organisations increasingly adopt Artificial intelligence (AI) technologies.

That reminds me of years ago when I supported a global financial institution. Stringent regulations demanded constant readiness for frequent regulatory audits. I recall a continuous reminder from my former colleague, who led the governance and regulatory audits, emphasising that many cybersecurity intrusions originated internally.

One prevalent breach pattern we observed was the accidental exposure of passwords. It was not uncommon to find passwords written on sticky notes within cubicles or placed openly on work desks, easily accessible to anyone passing by. Such practices posed significant risks to our cybersecurity identity, underscoring the importance of internal vigilance and adherence to security protocols.

How many of us still overlook this fundamental exposure today? Recognising that cybersecurity threats often originate from within our actions is crucial.

Whether it is neglecting basic security practices or failing to understand the implications of our daily activities. We inadvertently create opportunities for cybercrime to thrive. Acknowledging that the tiniest oversight can lead to significant consequences, underscoring the importance of vigilance and awareness in combating cybersecurity threats is imperative.


I am not here to argue that companies should not hire cybersecurity resources, but I believe that organisations should also focus on balancing these costs with the level of security needed based on the organisation’s risk assessment and business needs. We must first understand that one of the exposures to cybersecurity risk can start from within. Therefore, it is important for organisations to:

In essence, while external cybersecurity measures are important, they need to focus on internal aspects by creating continuous employee awareness, stringently updating the security policies and access controls, monitoring, and cultivating a culture of security in the organisation.

One prevalent breach pattern observed in an organisation is the accidental exposure of passwords.

Elsie Low is the Transformation Coach and Consulting Director at Valuelab Consultancy Services, where she specialises in consulting, transformative training, and coaching. Her primary focus is on helping organisations bridge the digital divide. With over thirty years of experience in leadership and practitioner roles in IT Service Management Outsourcing, Elsie emphasises that businesses must adapt to transformation and rethink traditional work practices. She highlights the importance of being prepared as work paradigms shift. Elsie encourages organisations to actively lead, think strategically, and effectively govern their digital transformation initiatives to drive successful transformations, positioning them for future advancements.