Data Leak: Prevention is Better Than Cure
By David Rajoo, Palo Alto Networks ASEAN Systems Engineering Head, Cortex, Malaysia
UiTM’s admission of the recent data leak, which exposed personal information, including MyKad numbers, of almost 12,000 applicants on an unsecured link, has sparked concerns about data privacy and security. The education sector, being the most targeted sector for ransomware groups in Malaysia, as per Palo Alto Networks’ Ransomware report, makes this case even more alarming, revealing the industry’s handling of sensitive data.
This incident serves as a reminder of how easily personal information can be exposed. While there haven’t been any reports of significant damage, businesses handling sensitive data must be accountable for implementing effective measures to safeguard the personal data of their users.
Commenting on this incident, Palo Alto Networks ASEAN Systems Engineering Head, Malaysia / Cortex, David Rajoo, urged, “Organisations like the education sector, must develop an effective security strategy to uphold the integrity of their data whether it is at rest, in use, or in motion. This includes upgrading cybersecurity defences consistently to keep up with the evolving threats, stay ahead of the attack curve and minimise the possibilities of data breaches.”
Furthermore, 80% of security alerts come from users repeating the same mistakes according to another report by Palo Alto Networks. To prevent recurring data breaches in Malaysia, we urge organisations to put in place security measures starting from the first line of defence, giving necessary education and training to their employees. Some recommendations include:
- Digital training: Data security is a broad issue that is covered in digital training, including password management, secure file sharing, and safe browsing practises. This can involve instruction on how to generate secure passwords, refrain from using the same password for many accounts, transfer files and documents securely, and browse the internet safely and steer clear of harmful websites.
- Phishing link training: Phishing link training involves educating employees on how to recognize and avoid phishing attacks. This may involve mock phishing assaults that assess staff members’ capacity to recognise and report dubious emails or links.
- Ongoing cyber security awareness initiatives: As the threat landscape is continuously shifting and new threats are consistently appearing, it is essential to be informed about the most recent risks. A cybersecurity programme is a useful tool for keeping this awareness up. As part of compliance efforts, it ensures the organisation is aware of recent risks and vulnerabilities and provides best practices for data protection.
In light of this, it is always important to strengthen our cyber security posture in general. This can be achieved by hiring dedicated cyber security personnel, implementing comprehensive security systems and regularly conducting security assessments to identify vulnerabilities and areas for improvement.
David urged that Malaysian individuals and organisations need to be more vigilant in protecting their sensitive data. Successful cybersecurity demands collective efforts to ensure data security. The recent breach underscores the need for Malaysia to enhance its cybersecurity posture, whether through individual data hygiene awareness or organisation-wide cybersecurity investment.