THE Internet is a place of boundless offerings but comes with its own set of dangers.
As our dependence on digital platforms continues to grow, so does our vulnerability in terms of online information security.
Recent research by cybersecurity company SurfShark shows that 2023 has continued to be a challenging time for online security in Malaysia.
The study, which encompasses data from over 200 countries finds Malaysia to be the eighth most breached country between July and September this year, with a staggering 494,699 leaked accounts exposed to potential cyberthreats.
With numbers like these, it is unsurprising that the emergence of new digital policies from the government often raises concerns among Malaysians regarding the security and privacy of their personal information.
These concerns are now driving the government’s recent efforts to strengthen cybersecurity and protection of personal data in the country – but are the steps taken enough?
In Budget 2024, CyberSecurity Malaysia (CSM) received an allocation of RM60mil to enhance its preparedness against cyber- attacks; the funding will be utilised to implement the 5G Cyber-security Testing Framework and develop local expertise in 5G technology.
Prime Minister Datuk Seri Anwar Ibrahim’s government is also committed to coming up with a Cybersecurity Bill as well as a Bill to amend the Personal Data Protection Act 2010 (PDPA), with both expected to be tabled in Parliament early next year.
The new Cybersecurity Bill is slated to focus on regulatory powers and law enforcement while the PDPA amendments will include increased fines against cyberattackers.
These efforts to shore up the country’s cybersecurity are being seen as a welcome start by industry experts but some say more can be done.
More than just accountability
University Tun Hussein Onn Malaysia's cybersecurity expert Prof Rabiah Ahmad says it is “extremely good” that Malaysia will finally have a law that will focus on protecting critical information infrastructure in the country.
“[This will] thus strengthen cyberresilience, protect sensitive information, and safeguard vital systems against evolving cyberthreats.
“These initiatives enhance the overall security posture of Malaysia. Improved testing frameworks and expertise in 5G security reduce the risk of cyberattacks, safeguarding personal data, financial transactions, and critical services, ultimately creating a safer digital environment for the public.”
Cybersecurity expert and LGMS Bhd’s executive chairman Fong Choong Fook says the private sector is looking forward to having more accountability under the new law. But it is not just the private sector that needs that, he says. When it comes to data breaches, a significant number originate in government agencies, yet they cannot be held accountable under existing data protection laws.
CSM’s Mid-Year Threat Land-scape Report 2023 finds that the government sector accounted for 22% of data breaches for the first half of this year, followed by telecommunications at 9%.
“The existing PDPA is insufficient. The first major insufficiency is that it doesn’t cover the accountability of government departments.
“If we observe, there are so many cases of data leaks originating in government agencies and none of them are accountable. I am not sure about the new PDPA revisions [if they include this] but I think public sector accountability is very critical,” Fong says.
Muhammad Sufyan Basri is the principal senior assistant director of the monitoring division in the Personal Data Protection Department (PDP). According to him, the department has proposed five amendments to the PDPA, which includes the designation of data protection officers, requiring data breach notifications to be sent to the commissioner, imposing direct obligations on data processors, data portability, and removing the whitelist for crossborder data transfers.
5G clarity
Aside from the new laws, the 5G Cyber Security Testing Framework, which will be funded by the RM60mil allocation to CSM, is expected to further enhance the country’s resilience against cyberthreats.
While there has not been much information provided on what exactly the framework will entail, Rabiah believes it will involve an assessment of 5G infrastructure and networks for vulnerabilities.
“It is an initiative that focuses on developing local talent and capabilities in understanding, implementing, and securing 5G technologies.
“This includes upskilling and reskilling professionals to manage, monitor and secure 5G networks effectively. Indeed, it creates job opportunities in the cybersecurity industry,” she says.
On the other hand, Fong has some reservations about this framework as he says 5G and cybersecurity are two separate things.
“I think the budget is unclear on its utilisation because 5G and cybersecurity are very different things.
“We would like to know the details of how these funds are being utilised because cybersecurity is so broad, whether it is prevention, detection or correction.”
Culture of awareness
Fong says it all boils down to culture and awareness within society.
“Regardless of whether there are policies or not, ultimately it is still the culture. If we observe what the government is doing now, we do not have enough awareness. So the attitudes have to change to boost cybersecurity,” he says.
Similarly, Rabiah says there must be efforts to promote cybersecurity awareness among individuals and organisations to recognise and mitigate cyberthreats.
Other steps she suggests to further boost cybersecurity would be to ensure strict enforcement of regulations, enhance incident response capabilities to minimise the impact of cyberincidents, and invest in research and development in this field to stay ahead of emerging threats.
“The public should stay alert and updated on future threats. Experts and practitioners must be ready and equipped with the latest knowledge and skills to protect our nation, which is in its digital transformation mode,” Rabiah says.