Malaysia’s blueprint to block cyber attacks - 360
Julia Juremi
Published on December 14, 2023
Malaysia faces a surge in cyber attacks, prompting the need for a national cybersecurity commission.
Malaysia has witnessed a surge in high-profile cyber attacks over the past year.
From Malaysian insurance companies grappling with global data theft to AirAsia’s encounter with a ransomware attack affecting millions of passengers, and iPay88, a payment gateway system facing a breach in online card data transactions, the country has not been immune to cyber threats.
Telekom Malaysia also faced a significant data breach involving its customers’ personal information. These incidents underscore the pressing need for robust cybersecurity measures in the country.
Malaysia recorded over 4,000 cyber threats in 2022. As of October 2023, nearly 3,000 cyber incidents had been reported to the National Cyber Coordination and Command Centre (NC4) under the National Cyber Security Agency, a national agency dealing with cyber security-related matters.
Malaysia is working towards setting up a national Cybersecurity Commission and amending laws on protecting personal data to counter scammers.
It’s hoped the creation of a dedicated commission and consolidation of responsibilities and expertise under one umbrella will help centralise cybersecurity efforts and allow better coordination among government agencies, industry and cybersecurity experts.
The goal is more efficient decision-making and responsiveness to emerging threats.
Cybersecurity in Malaysia is fragmented, distributed among multiple government agencies. The lack of coordination has left gaps in the nation’s cyber defence, potentially leaving it open to sophisticated cyber attacks.
However, any collaboration between government agencies, the private sector and international bodies in sharing threats could face obstacles, such as concerns over privacy, bureaucratic complexities, or the lack of standardised protocols for sharing information.
Another challenge involves the need to adapt swiftly to evolving threats with continual updates, training and a proactive approach, which might be difficult to sustain. What works as the best defence one day may become ineffective the next.
Ensuring compliance and consistency in regulations might be another challenge because of differing priorities.
Obtaining ample funding, technological resources and skilled personnel could be challenging, as a shortage of resources might constrain the commission’s ability to execute comprehensive cybersecurity measures and initiatives.
Malaysia has a distinct cyber landscape, encompassing diverse sectors, technological advancements and evolving threats, including cybercriminals using social engineering and phishing tactics to exploit human vulnerabilities for unauthorised access to sensitive data.
The rise of sophisticated ransomware poses a substantial risk to essential services such as healthcare, finance and government services.
The growing network of interconnected devices, from smart homes to industrial machinery, raises concerns about data privacy and unauthorised access, creating potential vulnerabilities for malicious exploitation.
This tailored approach enables the commission to identify and prioritise critical areas of vulnerability.
These customised policies and frameworks can also serve as a blueprint for cohesive cybersecurity practices across various sectors, fostering a shared understanding of cybersecurity priorities, facilitating standardised practices, and promoting a collective effort towards safeguarding Malaysia’s digital infrastructure.
Tackling the significant shortage of cybersecurity specialists in Malaysia poses a crucial challenge, considering that virtually every industry and sector relies on cybersecurity experts to safeguard and fortify their digital environments.
Canadian firm BlackBerry Limited recently signed an agreement with the Malaysian government to establish a cybersecurity centre in Kuala Lumpur to address Malaysia’s shortage of 12,000 cyber professionals. The centre will offer cybersecurity education, ‘always-on’ threat intelligence, and incident response teams to enhance the country’s defences against malicious cyber activities.
The commission could bridge the gap by fostering collaboration between government bodies, academia, industry and others. A key goal would be to attract, train and retain skilled cybersecurity professionals with competitive salaries, career advancement opportunities and conducive work environments.
By promoting collaboration, the commission could encourage the exchange of threat intelligence across sectors, the use of state-of-the-art threat detection technology, and the launch of skill-development initiatives grounded in real-world scenarios.
The heightened demand for cybersecurity professionals presents abundant opportunities for graduates, who would have the pick of the jobs. Prioritising cybersecurity awareness programmes can help educate the public and organisations about best practices and empower individuals with the knowledge to protect themselves against cyber threats.
Heightened awareness fosters a healthier cyber environment, such as using unique passwords, practising multi-factor authentication, creating regular data backups, employing encryption techniques, and keeping operating systems, applications, and security software up-to-date to minimise susceptibility to cyber attacks and enhance overall cybersecurity readiness across Malaysia.
Julia Juremi is the Head of the Forensic & Cybersecurity Research Centre at Asia Pacific University of Technology and Innovation (APU), Malaysia. Her credentials include a Certified Cybersecurity Analyst (CySA+), Certified SOC-IR (Security Operation Center-Incident Responder), Certified ISACA trainer and practitioner.
Originally published under Creative Commons by 360info™.