Building cyber resilience in Malaysia

Facebook
X
WhatsApp
Telegram
Email
Photo for illustration purposes only.

LET’S READ SUARA SARAWAK/ NEW SARAWAK TRIBUNE E-PAPER FOR FREE AS ​​EARLY AS 2 AM EVERY DAY. CLICK LINK

 With the ever-evolving digital landscape and the vulnerability to cybercrimes, it is now crucial to protect the digital infrastructure and enhance the resilience against sophisticated cyber threats.

Safeguarding essential services, creating secure digital environment

Cyber attacks are nothing new, with companies worldwide vulnerable to such threats. This occurs when an unauthorised action or an intentional effort to compromise the confidentiality, integrity, or availability of a computer infrastructure, including its network, system or digital devices.

Most recently, Swinburne University of Technology Sarawak Campus (Swinburne Sarawak) has its cybersecurity compromised as it was attacked by ransomware. The university has promptly taken immediate action, including reporting the attack to local authorities and working with specialists to assist in investigations and mitigations.

The case with the university highlights that there is a vulnerability gap that can occur unexpectedly and affect organisations today. The rising threats have also propelled the Malaysian government to introduce the Cyber Security Bill 2024 and gazette the Cyber Security Act 2024. On the state level, initiatives are underway to address cybersecurity concerns, such as the Sarawak government’s plans to establish a Cyber Security Unit.

With cyberthreat incidents a growing occurence this year, organisations looking to bolster their security frameworks will have to look at approaching cybersecurity differently. Cybercriminals are constantly finding new ways to exploit weaknesses in cybersecurity; therefore, implementing comprehensive defences and a strategic approach is key.

Sharing on helping Malaysian organisations become cyber security-ready and build cyber resilience, digital service provider company Accenture ASEAN managing director, cyber security leader, Vinod Shankar whose role in the company is to enhance clients’ security, introduce innovative solutions, and raise awareness about new and emerging threats.

The evolution of cyberthreats in Malaysia

Ransomware attacks are among the frequently occurring and reported incidents among business organisations and are expected to continue growing in Malaysia this year. According to Vinod, attacks have surged by 40 per cent since 2020, driven by the rise of Ransomware-as-a-Service (RaaS).

Vinod Shankar

Meanwhile, cryptojacking incidents have increased by 20 per cent in 2023, and supply chain attacks have become a significant concern, contributing to 15 per cent of major incidents. “These trends highlight the growing sophistication and frequency of cyber threats in Malaysia.”

“The main tactics adopted by the cybercriminals are still social engineering tactics such as phishing and spearphishing, which are becoming more prevalent,” added Vinod.

See also  Aussie businesses complain Google sending outback tourists off the map

Sharing a report by Accenture — ‘The Cyber-Resilient CEO’ — data showed that 64 per cent of CEOs around the world believed that cybercriminals could use generative AI to create more sophisticated attacks such as phishing scams, social engineering attacks, and automated hacks. The report also said that the acceleration of generative AI is setting the stage for organisations to realise the importance of ramping up cybersecurity measures.

Building cyber resilience in Malaysia

In Malaysia, its cybersecurity landscape has seen significant advancements over the past few years, marked by increased awareness, robust government initiatives and enhanced technological adoption. According to the International Telecommunication Union’s Global Cybersecurity Index 2020, Malaysia ranked eighth globally and fourth in the Asia-Pacific region, reflecting its commitment to strengthening cyber defences.

Meanwhile, the introduction of the Malaysia Cyber Security Strategy (MCSS) 2020–2024, backed by an allocation of RM 1.8 billion, underscores the government’s dedication to protecting national cyberspace through comprehensive policies and infrastructure development.

The country has also witnessed a 30 per cent increase in cybersecurity professionals since 2018, driven by expanded educational programs and certifications offered through collaborations between institutions like Cybersecurity Malaysia and local universities.

Furthermore, public-private partnerships have been bolstered, leading to the establishment of initiatives such as the National Cyber Coordination and Command Centre (NC4), which facilitates real-time threat intelligence sharing and coordinated response efforts.

In terms of technological adoption, Malaysian organisations have increasingly integrated advanced solutions like artificial intelligence and machine learning for proactive threat detection and mitigation. Reports indicate that investments in cybersecurity technologies have grown by 25 per cent over the last three years, enabling better preparedness against sophisticated cyber threats, including ransomware and phishing attacks.

In sharing the above, Vinod added that the recent passing of the Cyber Security Bill 2024 in April also reflects a national commitment to strengthening cybersecurity.

This legislation is a positive step towards addressing the growing cyber threats and enhancing overall resilience. However, the bill also highlights the gap between awareness and actual preparedness. While Malaysia is increasingly cognisant of the cyber risks it faces, many organisations still struggle with effective implementation and readiness.”

Sarawak’s cybersecurity paramount in its road to digitalisation

As Sarawak embraces digitalisation through its Sarawak Digital Economy Blueprint 2030, cybersecurity is pivotal. With the state’s aim to transform into a technology-driven economy, ensuring the security of digital assets and infrastructure becomes paramount. Therefore, cybersecurity plays a crucial role in uplifting the private and public sector, contributing to the growth of the state and country through:

See also  Young Para Sukma volunteers share first-time experiences

Securing the Digital Core and Transforming Businesses: The blueprint encourages local businesses to innovate and adapt new digital business models. To thrive amidst change and capture the value of disruptive technologies like generative AI, companies need a digital core that is reinvention-ready. The digital core is a critical technological capability that can create and empower an organisation’s unique reinvention ambitions. Having a digital core also means embedding cybersecurity by design to help modernise and function at speed and scale. Having a robust cybersecurity measure is necessary to create a secure environment for new innovations to flourish.

Safeguarding Data for Organisations: With the increasing amount of data being generated and utilised, cybersecurity becomes crucial for data protection. This is especially relevant at a time when data breaches are rampant in Malaysia, with a total of 142 data breaches reported to CSM in the first three months of 2024. Effective cybersecurity practices ensure that sensitive data—whether it’s customer information, financial records, or proprietary business data—is protected from breaches and cyber threats, aligning with the blueprint’s goal of a secure digital economy.

Building Confidence for Public and Private Sectors: The blueprint’s success relies on collaboration between the public and private sectors. For organisations, strong cybersecurity helps build trust among customers, partners, and stakeholders. Meanwhile, public sector organisations can better de-risk and safeguard themselves by increasing resiliency to protect sensitive data and better manage regulatory compliance. When organisations can assure their clients that their digital interactions are secure, it fosters confidence and encourages more robust participation in the digital economy.

With the establishment of Sarawak Cyber Security Unit at the end of 2023, the services aim to guide the public and private sectors during times of cyber crisis. In commenting further on this, Vinod applauded the advancement as it is crucial in enhancing the overall security posture of Sarawak.
 
“The unit’s focus on protecting critical infrastructure helps address key vulnerabilities that are vital for daily life and economic stability. This proactive approach not only helps safeguard essential services but also reduces the risk of severe disruptions from cyber threats.”
 
As the Sarawak region invests in new technologies and start-ups, a dedicated cybersecurity team can ensure emerging businesses and innovations are built on a secure foundation, enhancing their chances for success and resilience.

See also  Alibaba sets up AI research centre in Singapore

“Ultimately, this will also improve Sarawak’s global competitiveness and digital growth, all of which are essential for building a thriving digital economy and attracting foreign investments,” he added.

As the country and the Sarawak region adopt and transition into digitalisation, ultimately cybersecurity measures are of the utmost important.


The legislation impact of businesses with the gazettement of the Cyber Security Act 2024

BY VINOD SHANKAR

The Cyber Security Act 2024 marks a pivotal shift in Malaysia’s approach to managing cybersecurity risks and enhancing the nation’s overall cyber resilience. This will especially affect sectors under the National Critical Information Infrastructure (NCII), which covers 11 sectors including government, banking and finance, transportation, information, communication and digital, healthcare services, and more.

With the laws now in effect, we can expect to see this new regulation impact businesses and cybersecurity practices through:

Mandatory Risk Assessments and Audits: The new regulations require NCII entities to conduct annual cybersecurity risk assessments and biannual audits. This mandate will compel businesses operating in critical sectors to rigorously evaluate and fortify their cybersecurity posture. Regular assessments and audits not only help identify and mitigate vulnerabilities but also ensure compliance with evolving standards.

Swift Incident Reporting: NCII entities are required to promptly report cybersecurity incidents through the National Cyber Coordination and Command Centre System (NC4 System). This regulation necessitates a well-prepared incident response strategy, enabling quicker reporting and response to breaches. Similarly, businesses will need to establish or enhance their incident management protocols to comply with these timely reporting requirements, reducing potential damage from cyber incidents.

Licensing of Cybersecurity Service Providers: The Act introduces the Cyber Security (Licensing of Cyber Security Service Providers) Regulations 2024, which mandate licensing for providers of managed security services and penetration testing. This aims to elevate the quality and reliability of cybersecurity services in Malaysia.

For businesses, this means working with licensed providers to ensure that they receive high-quality, reliable cybersecurity support. It also underscores the importance of selecting service providers who adhere to recognised standards.

Download from Apple Store or Play Store.