Cyber security

by GLORIA HARRY BEATTY

MALAYSIA must step up its efforts in both cyber security and cyber resilience to better safeguard national interests and the public.

Cyber security expert Murugason R Thangaratnam (picture) warned that overconfidence in existing defences could backfire, as it may draw more attacks.

“To say there is no ‘silver bullet’ for cyber security is to be realistic. To say you will never get Covid is silly.

“But to say the chances are lower, or that recovery is better because you have looked after your health — that is smart.

“It is the same with cyber security,” he told The Malaysian Reserve (TMR) after his “Cyber Security: Navigating the Challenges and Opportunities” talk recently.

Murugason noted that Malaysia still has a lot of catching up to do in terms of resilience, particularly in responding to major attacks.

“If there was a nationwide or industry-wide cyberattack today, I do not think we are in a very good position,” he said, adding that incident response, press engagement and transparency remain areas of concern, as seen in recent breaches like the recent Malaysia Airports Holdings Bhd (MAHB) cyberattack where hackers demanded a US$10 million (RM43.7 million) ransom.

Murugason opined that cyber maturity in Malaysia varies across different sectors as “we are still building our maturity for the other sectors”, with the financial and telecommunication companies (telco) sectors being quite mature compared to other sectors.

He explained that banks fall under the risk management for information technology (RMIT), which is a framework that is governed by Bank Negara Malaysia. Moreover, the telcos that are in the network space are also fairly regulated.

“But when you talk about other industries, that is where I think the challenges are. Today, the government is also realising that other industries need to be on par with financial institutions and the telcos because of the amount of data that they carry and the criticality of their business,” he said.

He added that the Cyber Security Act 2024 recognises the two sectors as among 11 critical infrastructures.

On the other hand, Murugason commended Digital Minister Gobind Singh’s efforts in championing for protection for people’s data through the proposed establishment of a National Data Commission, announced in July last year.

“This commission will be for government data, then eventually it will also include private sector data. So, for example, if an organisation is collecting a lot of personal data, then it needs to follow whatever regulations that come out of the commission,” he said.

According to Statista, in 2024, online frauds were the most reported cyber threat incidents announced by Cyber Security Malaysia with more than 3,800 reports. This was followed by content related cybercrime with 533 cases.

With Malaysian Internet users estimated to surpass 36 million by 2029, the data and business intelligence platform is expecting a significant increase in e-commerce activities.

“The number of e-commerce scams in the country reached more than 8,800 incidents as of September 2023,” the report said.