KUALA LUMPUR (May 6): Malaysia experienced several high-profile cyber breach incidents including the recent hacking of the Malaysian Immigration Department’s website as well as a data leak involving five million passengers and staff in a local airline, according to cybersecurity firm Trend Micro Inc.
In an email interview, Trend Micro Malaysia and nascent countries managing director Goh Chee Hoh told The Edge that as cyberattacks often bring intangible costs, such as reputational damage and long-term impacts on business operations, it may be challenging for local organisations to accurately estimate the financial losses.
Challenges
Goh said as cyber threats constantly evolve, cybercriminals are also becoming more skilled and sophisticated by continually developing new tactics, techniques, and procedures to exploit vulnerabilities in IT systems and networks.
“Hence, it can be challenging for organisations to keep up with the rapidly changing threat landscape, putting them at risk if they are unable to adapt to new threats,” he said.
Trend Micro Malaysia and nascent countries managing director Goh Chee Hoh
He added that a lack of sufficient cybersecurity awareness among employees can lead to human errors.
“This includes using weak passwords or falling for phishing attacks and social engineering which require employees to know how to identify between fake and real, which can result in security breaches,” he said.
Goh highlighted that cybercriminals may seek monetary gain by targeting local organisations through various methods such as phishing, ransomware attacks, business email compromise scams, and data theft.
He said these attacks may be aimed to carry out fraudulent activities for financial gain, extort money, or steal critical data for sale on the dark web.
“For instance, following the alleged data leak containing the information of 22.5 million Malaysians stolen from the National Registration Department (NRD), it was reported that 160GB of the database is being sold for US$10,000 (RM42,305) on the dark web,” he said.
Goh said there has been progress among Malaysian organisations in increasingly prioritising cybersecurity as a strategic imperative.
He said many public and private entities have taken the necessary steps to strengthen their cybersecurity posture, including implementing effective cybersecurity measures, performing risk assessments, and providing cybersecurity awareness training among employees.
To effectively manage the ever-evolving cyber risks to ensure business continuity, he said one of the measures local organisations can incorporate into their business growth plans is to provide regular cybersecurity training to employees to increase awareness about common cyber threats as well as best practices and the importance of safeguarding sensitive data.
“This includes training on phishing awareness and social engineering, as well as the safe use of email and other communication tools. With that, it allows employees to identify possible threats in their day-to-day work.
“As cybercriminals exploit vulnerabilities to gain access to the network, companies should regularly update their software and operating systems to patch known vulnerabilities,” he said.
Goh pointed out that Malaysia has taken a strong stand to enhance existing legal provisions to protect digital assets against cyber threats.
Additionally, he said the police and the Malaysian Communications and Multimedia Commission (MCMC) can work together to enforce cybersecurity laws and regulations, and advocate for the development of new policies that address the emerging cyber threat landscape.
“The police and MCMC can build strong partnerships with other government agencies, industry stakeholders, and international counterparts to share information about cyber threats and best practices.
“Through two-way information sharing, it can help develop a coordinated approach and enable timely responses to evolving threats.
“Increasing cybersecurity awareness and education — It is crucial to raise cybersecurity awareness among Malaysians,” he said.
