The Crucial Need for Application Resiliency in Malaysia’s Banking Sector

Authored by: Sandy Woo, Country Manager for Veritas Technologies Malaysia

Earlier this year, I discovered that my elderly relative exclusively uses digital banking services – and hasn’t visited a physical bank in nearly two years. My relative isn’t the only one: according to a study from Bank Negara Malaysia, as many as 74% of Malaysians have adopted digital financial services. Sweeping changes in people’s banking behaviours have forced traditional banks to embrace innovative technologies and digital transformation.

Although this is great news for customer experience, the vast amounts of personal data stored by banks make the sector a major target for cyber attackers. Given how critical the sector is, banks must constantly adapt, innovate, build, operate, assure, and review their cybersecurity measures to ensure business continuity.

Addressing a Growing Threat
As the threat landscape evolves, and cybersecurity attacks and disruptions increase in frequency and severity, Veritas is in discussions with banks, policymakers and experts on the path forward. Fast-tracking legislation and implementing regulations remain crucial so that Malaysia as a whole is better equipped to handle cyber threats.

Any first step must involve a holistic approach to threats. Countries with more mature cybersecurity laws such as Australia have more unified regulations in place, covering a wide range of areas, including data protection, critical infrastructure, cybercrime and privacy. Conversely in Malaysia, critical industries such as the financial services, healthcare and telecommunications sectors are governed by different sets of regulations – a segregation that leads to bad actors exploiting industries and organisations.

It is important to develop a comprehensive law that is effective and streamlined at a national level, with clear requirements around safety and preventative measures, data management, reporting data breaches and disaster recovery strategies, amongst others. One compliance requirement should include continuously reviewing and adjusting impact tolerance to ensure validity, as well as repeatedly testing, refining and evolving plausible disruptive scenarios to reflect an ever-changing environment.

Challenges to Achieving Application Resiliency
The task of identifying and mapping critical services, along with establishing, maintaining, and reviewing a comprehensive digital operational resilience testing program, is not trivial. For the banking sector specifically, application resiliency – the ability of applications to withstand and recover from failures or disruptions – is vital. The consequences of application failures can be severe, including financial losses, a fall in share price, reputational damage, customer dissatisfaction and eroding trust.

Ensuring robust application resiliency has become a critical aspect of maintaining operational continuity, protecting sensitive data, and delivering uninterrupted services to customers. However, the complexity of modern banking systems, with multiple interconnected applications and dependencies, makes it difficult to identify and address vulnerabilities. Operational disruptions can range from technology-based failures and cyberattacks to pandemic outbreaks and natural disasters or more. Historically, business continuity strategies tend to deploy multiple independent solutions, leading to high costs, vulnerability gaps and exposure to service disruptions. Additionally, outdated legacy systems have limited compatibility with newer technologies.

Beyond that, banks need to navigate stringent regulatory requirements, which often makes it harder to implement newer resilience measures. Finally, resource limitations, both in terms of budget and skilled personnel, can hinder the implementation of comprehensive application resiliency strategies.

The Path Forward
In response, banks must adopt a multi-tiered approach to infrastructure, cloud technologies, and data visibility. To this end, keep in mind three core principles when it comes to application resiliency:

• Availability: Avoid points of failure or latency that might impact end-user experiences by ensuring that your applications are highly available – and that any disruptions or outages can be recovered automatically.
• Performance: Intelligent data management should maximise resource utilisation while being both cost-effective and scalable.
• Mobility: Data mobility between cloud providers can eliminate vendor lock-in – and more importantly, protect against any critical impact in the event of cloud provider outages.

Banks must conduct routine reviews and updates to existing data backup, disaster recovery and business continuity plans. As part of this, they must implement rigorous testing and monitoring mechanisms to detect and address issues proactively. Any long-term strategy must include employee training and fostering a culture of resiliency to promote awareness and response readiness.

With a single platform for visibility and control for operational availability and resilience, Veritas offers a simplified approach that helps minimise costs and reduce complexity. Our unified solution integrates data protection, resiliency, and availability management to provide organisations the flexibility to choose how to protect their applications while addressing digital compliance.

In an era where banking services are increasingly reliant on technology-driven applications, application resiliency stands as a vital imperative for Malaysia’s banking sector – and a crucial piece of the overall puzzle to strengthening the nation’s cybersecurity infrastructure.