Fortifying Malaysia Against Cyberterrorism

by Sandy Woo, Country Director, Veritas Technologies Malaysia

In 2023 alone, Malaysia experienced several cyber-attacks holding critical citizen data, with some of them being key public sector organisations such as Perkeso and Telekom Malaysia, and ongoing cybersecurity concerns on Malaysia’s Central Database Hub (Padu). Based on a recent report by CyberSecurity Malaysia, a staggering amount of 842.84GB was exposed from January to June 2023, with the government and telecommunications sectors being the highest at risk of data breaches. By any measure, this is an alarming statistic, especially for a nation that prides itself on its digital progress.

As new, sophisticated threats emerge and the attacks and disruptions increase in frequency and severity, it is crucial to know who and what makes us vulnerable as well as what can be done to mitigate risks.

A Primer on Data Sovereignty
A key aspect of data security is data sovereignty, which refers to a country’s authority over data generated within its borders. In Malaysia, this is reflected via the National Policy Objectives of the Communications and Multimedia Act (1998), the National Cyber Security Act (2006), and the Personal Data Protection Act (2010), which inform how personal data should be handled in commercial transactions.

In Malaysia, data is stored in data centres across the country, including Selangor, Johor, Penang, Kedah, and Sarawak, which are home to enhanced digital infrastructure like cable landing stations, 5G, and improved fibre connectivity. Despite these national regulations and safeguards in place, the country remains vulnerable to its data being stored on foreign soil, particularly in cloud environments.

As Malaysia accelerates its use of cloud services, the potential for sensitive data exposure and data breaches increases exponentially. Consider the implications of financial information and medical records falling into the hands of bad actors — the consequences would be devastating on both individual and organisational levels, leading to identity theft, financial fraud, and reputational loss that can take years to recover from.

Formulating An Antidote to Malaysia’s Cybersecurity Woes
In a survey of 1,400 IT and security professionals, Veritas uncovered that not only did the majority of IT leaders (94%) not understand their cloud data protection responsibilities, but 53% of respondents had lost data from using these cloud services. These findings, coupled with the adverse developments plaguing the Malaysian cyber landscape call for the development of mitigation and recovery strategies to help businesses get back on their feet.

Veritas is acutely aware of the immense damage brought on by increased cyber-attacks and disruptions, and firmly advocates for a heightened awareness and appreciation of cybersecurity culture, both at the individual and government level. So far, our discussions with regulatory bodies, policymakers, and field experts have revealed that a nuanced, multi-layered approach towards the issue is key.

Veritas strongly advocates for awareness campaigns that help instil a mindset of cybersecurity culture across users of all levels. While more needs to be done to govern the way we store our data and improve online resiliency on a national and structural level, individuals are a business’s first line of defence and should have a basic understanding of Cybersecurity 101.

When it comes to cybersecurity, Malaysia has its work cut out for it — the path to achieving cyber resilience involves collaboration between the country’s public and private sectors, the development of robust cybersecurity policies, and investments in cutting-edge technologies. It’s time we put in the work for a more resilient and secure Malaysia.