As Malaysia continues its journey towards becoming a fully developed digital economy, the need for robust and secure digital infrastructure has become paramount.
The rapid growth of Information and Communications Technology (ICT) in recent years, coupled with the increasing adoption of innovative technologies such as QR mobile payment, has transformed various sectors within the nation.
While these advancements have undoubtedly created numerous opportunities for economic progress, they have also introduced new challenges regarding cybersecurity threats and vulnerabilities that must be addressed.
According to reports by Bukit Aman Commercial Crime Investigation Department1, cybercrime cases doubled from 10,753 in 2018 to 19,175 in 2022.
In light of this reality, securing Malaysia’s digital infrastructure is no longer an option but rather an imperative for ensuring the country’s long-term sustainability and competitiveness on the global stage.
Let’s explore some primary challenges faced by Malaysia’s digital infrastructure security landscape – ranging from inadequate legal frameworks to talent shortages – along with potential solutions aimed at enhancing resilience against cyber threats.
The Importance Of Cybersecurity In Malaysia
The significance of cybersecurity in Malaysia cannot be understated, as the nation increasingly relies on digital technology to drive its economy and improve the quality of life for its citizens.
As a rapidly developing country with aspirations to become a high-income nation by 20282, Malaysia has made significant investments in information and communications technology (ICT) infrastructure and implemented various policies to promote ICT adoption across various sectors.
Consequently, this growing reliance on digital systems necessitates robust security measures to protect sensitive data, maintain public trust in online services, and ensure the resilience of critical infrastructure against cyber threats.
The State Of Cybersecurity In Malaysia
Malaysia has experienced numerous notable cyber attacks in recent years, ranging from ransomware to data breaches.
Notable Cyber Attacks in Malaysia in 2022
AirAsia
AirAsia has fallen victim to a Daixin ransomware attack3, which has compromised the personal information of five million passengers. The unauthorised server access was detected on November 12, 2022, and the Daixin group has claimed responsibility for the attack, citing dissatisfaction with AirAsia’s organisation and lack of standards.
MyKad Database Attack
In May 2022, a massive data breach occurred at Malaysia’s National Registration Department4, with millions of datasets being sold at $10,000 (RM44,095). The 160GB database reportedly contains highly sensitive information on individuals born in Malaysia between 1940 and 2004, including full names, identity card numbers, addresses, dates of birth, genders, races, religions, mobile numbers, and photos.
MySejahtera
A significant data breach occurred in Malaysia’s MySejahtera app, exposing the personal information of 3 million vaccine recipients5. A ‘Super Admin’ account under the MyVAS system was used to download the data between October 28 and October 31, 2021, from five different IP addresses. It is concerning that over 80% of MySejahtera ‘admin’ users and 70% of MyVAS administrators are third-party or general users, with authorised MOH users only making up a small portion of the total users.
Vulnerabilities In Digital Infrastructure
One of the main vulnerabilities in Malaysia’s digital infrastructure is the lack of awareness and education surrounding cybersecurity. As a result, many individuals and businesses do not fully understand the risks of using technology and are not taking the necessary precautions to protect themselves.
These weaknesses, such as insufficient cybersecurity measures and lack of awareness about cyber threats, put personal information at risk and raise questions regarding the country’s ability to protect sensitive data and maintain public trust.
Unique Challenges Faced By Malaysia In Securing Its Digital Infrastructure
Limited Resources And Expertise
Unlike developed countries, Malaysia has a relatively small pool of cybersecurity experts and limited financial resources to invest in cybersecurity measures. The country also faces a shortage of skilled cybersecurity professionals, further exacerbating the problem.
Furthermore, the complexity of the digital landscape in Malaysia, which includes multiple levels of government, private sector organisations, and individuals, makes it even more challenging to secure the entire ecosystem. In addition, there is a lack of coordination between these different entities, leading to gaps in cybersecurity measures and increasing the risk of cyber attacks.
Growing Threat Landscape
The rapid expansion of internet connectivity has increased opportunities for cybercriminals to exploit vulnerabilities within organisations’ networks, leading to unauthorised access, data breaches, and other malicious activities, as seen from the abovementioned cyberattacks.
In addition, the lack of awareness and education among the general public about cybersecurity. Many people in Malaysia are unaware of the risks associated with using the internet and often do not take basic precautions to protect themselves online.
This lack of awareness makes it easy for cybercriminals to exploit vulnerabilities in the system and gain access to sensitive data.
Potential Solutions For Improving Cybersecurity In Malaysia
Implementing Malaysia Cyber Security Strategy (MCSS) 2020 – 2024
The Malaysia Cyber Security Strategy (MCSS) 2020 – 20246, launched by the Malaysian government, outlines critical initiatives and programs designed to enhance cybersecurity measures across various sectors, including strengthening national cyber defence capabilities, fostering a culture of cybersecurity awareness among citizens, and driving innovation through public-private partnerships.
The success of MCSS hinges on strong collaboration between stakeholders from diverse backgrounds – ranging from academia to industry leaders – exemplifying the importance of cohesive action in safeguarding Malaysia’s digital landscape for generations to come.
Enacting a Cybersecurity Law At the National Level
Also worth noting is the proposal by Fahmi Fadzil, the incumbent communications minister, on the proposed cybersecurity law7. He has emphasised the need for the Cyber Security Act to be introduced in Parliament either in late 2023 or early next year.
The proposed legislation addresses the current lack of legal requirements for industry players to maintain updated cybersecurity systems by consolidating elements from existing frameworks such as Algoritma Kriptografi Sedia Ada (AKSA) and Cyber Security Malaysia (CSM).
Encouraging Cybersecurity Culture
A cybersecurity culture in Malaysia should be instilled early by providing cybersecurity awareness programs to citizens and encouraging them to practice safe cyber habits.
By encouraging collaboration and knowledge sharing among various stakeholders, including government agencies, private sector entities, academia, and civil society groups, solutions can be developed more efficiently through collective expertise.
Creating an environment where cybersecurity best practices are widely adopted helps mitigate existing vulnerabilities and ensures that future challenges are addressed proactively with constant vigilance from all parties involved.
Education & Training
It is crucial to have a comprehensive training program that can educate people in the public and private sectors on the importance of cybersecurity and how to protect themselves against cyber attacks.
This approach not only equips individuals with the necessary skills to defend against cyberattacks but also fosters innovation in developing cutting-edge security solutions.
If you need help with organising a cybersecurity education and training program, don’t hesitate to contact us at enquiries@grayscale.my, and we can work together to ensure a more secure online environment for your organisation.