by Indu Krishna
June 3, 2025
Malaysia is undergoing a sweeping digital transformation that is reshaping every aspect of its business landscape. This shift has changed how people work, transitioning from on-site offices to flexible remote and hybrid environments. Simultaneously, it is triggering ripple effects across the country’s cyber threat landscape, heightening risks that organizations must urgently address.
In this context, the Malaysia Cyber Security Strategy 2020-2024 (MCSS) points to a crucial reality for today’s business leaders: in a world where nearly everyone and everything connects to cyberspace, digital connectivity is both a powerful advantage and a significant source of risk. As Malaysian businesses deepen their use of technologies—from mobile and social platforms to Big Data, Internet of Things (IoT), Artificial Intelligence (AI), and hyper-scale cloud services—their cyber risk landscape continues to broaden. Every connected device and user become a potential entry point for attackers.
The most effective defense? Building a well-prepared workforce. Cyber security awareness and targeted workforce training must be at the forefront of organizational priorities—especially as remote and hybrid work models expand the attack surface and introduce new vulnerabilities.
This blog explores what Malaysian business and security leaders need to know and do to tailor their organization’s cyber security training in 2025.
Remote and hybrid work models increase the number of potential vulnerabilities within organizations. Key risks include:
Above all, human behavior remains the most significant cyber security risk factor. Employees may unintentionally click on malicious links or neglect important security updates due to cognitive biases or lack of awareness. Addressing these behavioral tendencies requires psychology-informed training methods to meaningfully improve program effectiveness. Use reminders, alerts, and prompts (e.g., password change notifications, security tips) to reinforce good security habits and prompt safe actions. Use relatable stories and case studies to make risks memorable, and encourage employees to share experiences and tips, leveraging social proof to positively influence behavior.
Malaysia’s workforce is uniquely diverse, with Malay, Chinese, Indian ethnic groups and multiple languages including Malay, English, Tamil and Mandarin (Source). Cyber security training must be therefore multilingual and culturally relevant to ensure comprehension across all regions and communities. Use familiar references and local examples that resonate with employees’ daily lives—such as common scams related to popular local banks, government services, or festive season frauds—to make training more relatable and effective. By reflecting familiar scenarios and communication styles, employees could be better equipped to recognize real-world threats and apply safe practices both at work and in their personal digital activities.
Workforces often have a wide gap in digital confidence—being comfortable with everyday technology doesn’t necessarily mean employees understand cyber security risks. A one-size-fits-all training approach can leave many workers unprepared and vulnerable. To bridge this gap, training must be customized to meet different technology skill levels. Organizations should begin by assessing employees’ digital literacy and security awareness through surveys or baselining evaluations. Based on these insights, customise training programs to offer tiered modules with clear, jargon-free content for beginners and more in-depth material for experienced users. For example, beginners could be provided interactive modules covering fundamentals like password management and safe browsing, while experienced users could access advanced training on topics like threat detection and incident response. Additionally, providing ongoing support via chat, helpdesks, or other channels could ensure that learners get timely help, making the training more effective and accessible for everyone.
Phishing attacks in Malaysia frequently impersonate familiar local entities—such as banks, government agencies, retailers, and popular delivery services (Source). Training should prioritize these localized scams, teaching employees how to identify and verify suspicious communications unique to Malaysia’s digital landscape rather than relying only on generic global examples. Additionally, highlight the risks associated with widely used messaging apps like WhatsApp and Telegram, which are common channels for social engineering attacks targeting remote workers. Emphasizing these local contexts makes training more relevant and effective in helping employees recognize real threats.
Remote and hybrid workers may work from anywhere—home, coworking spaces, or cafes—and must be equipped with practical knowledge to protect themselves and corporate data regardless of their location. Training should include guidance on securely using shared or personal devices, identifying risks unique to various work environments, and adopting best practices such as using trusted VPNs and avoiding unsecured or suspicious public Wi-Fi networks whenever possible.
Many employees could be juggling multiple responsibilities and commitments alongside work. To accommodate this, training content should be delivered in short, mobile-friendly modules that can be accessed anytime and anywhere without disrupting daily routines. Using dedicated mobile learning management system (LMS) apps could be an effective way to deliver bite-sized, mobile-optimized training. Alternatively, organizations can use custom web-based training portals designed responsively for mobile devices, accessible via any browser and easily linked from commonly used communication apps. Such flexible delivery enables workers everywhere to fit training into their schedules easily, improving accessibility and encouraging higher completion rates.
Malaysian workplaces often emphasize strong respect for authority, which often makes employees hesitant to report security issues due to fear of blame or losing face—fears that are amplified by the isolation of remote and hybrid work. To overcome these barriers, leaders should actively participate in training programs and become vocal advocates for cyber security. Visible leadership commitment—such as leaders sharing personal cyber security experiences or openly endorsing training initiatives—can help break down resistance and promote a security-first mindset across dispersed teams. Leaders must regularly engage teams through virtual channels like video calls, emails, and interactive town halls, providing employees with opportunities to ask questions and share concerns. By cultivating a supportive, blame-free environment aligned with Malaysia’s social norms, leaders reassure employees that reporting incidents is safe, valued, and free from punishment. Recognizing and rewarding positive security behaviors further encourages a security-first mindset and peer influence.
As Malaysia embraces remote and hybrid work, organizations’ cyber security depends more than ever on employee vigilance. As cyber threats grow in sophistication and frequency, generic training programs no longer suffice. Business and security leaders must implement customized, ongoing training strategies that address the specific needs and cultural nuances of the Malaysian workforce.
By fostering a culture of vigilance, encouraging open communication without fear of blame, and equipping employees with practical skills to detect and respond to threats, organizations can significantly reduce their cyber risk exposure. Proactive investment in tailored cyber security training empowers organizations to safeguard their most valuable assets—people and data—and build long-term resilience against cyber attacks.
The time to act is now. Organizations must prioritize workforce readiness as a cornerstone of their cyber security defense.
Book a Demo
Get a guided demo of our courses, anti-phishing training, behavior assessments and managed services.