Records show that lapses in data security have risen to record highs in recent years, with losses incurred running into hundreds of millions of ringgit.
The telecommunications sector was the most severely hit, followed by the government and then the logistics and transportation sector.
Yet, not nearly enough has been done to improve data security, according to Murugason Thangaratnam, CEO of cybersecurity firm Novem CS.
Cybersecurity threat is a worldwide problem. The hack into the X account of the US Securities and Exchange Commission (SEC) last week is a case in point.
Reports said the hackers posted false news about a widely anticipated announcement the SEC was expected to make about bitcoin, leading to a spike in the price of the cryptocurrency. Observers were alarmed.
Back in Malaysia, the Social Security Organisation (Socso) suffered a data breach last month, leading to the exposure of personal data.
Murugason told FMT Business many Malaysian organisations still lack proper cybersecurity measures.
“This has left them vulnerable to malware, ransomware and phishing threats,” he said.
According to CyberSecurity Malaysia, the country reported a total of 4,741 cyber threats in 2022.
In January and February 2023, a total of 456 cases of fraud of which nine were scams, led to a loss of RM27 million, data from the National Scam Response Centre (NSRC) shows.
Data from March last year is yet to be published.
Records from the Journal of Education and Social Sciences, a peer-to-peer reviewed publication is even more grim.
According to the journal, more than 17,000 cases were reported in 2020. This rose to over 20,000 in 2021 with a total loss of RM560 million.
In 2022, a total of 3,273 was already reported by the end of February with losses amounting to RM114 million.
Malaysia is ranked eighth on the list of countries with the highest number of breaches.
According to cybersecurity firm Surfshark, a total of 494,699 accounts were leaked in just the third quarter of 2023, an increase of 144% from the previous quarter.
These included breaches into personal social media accounts on which no financial losses had occurred.
Murugason said the most common causes of breaches are weak and stolen credentials such as passwords and malware as well as improper configuration.
“In many cases (it was) just a basic lack of awareness and negligence,” he said.
He pointed out that some of the data breach incidents could result in sensitive personal data, such as credit card details and identity card numbers, being exposed to unauthorised individuals.
Chief commercial officer of Asia Mobiliti Vicks Kanagasingam said most companies avoid disclosing data breaches because of the fear of damage to their brands and the lack of a robust cyber resilience plan for handling and recovering from attacks.
“Organisations need to be aware that cyber criminals use a variety of sophisticated methods to hack into systems with newer methods being created all the time,” he told FMT Business.
“Many security breaches stem from human error,” he said.
National Tech Association of Malaysia (Pikom) chairman Ong Chin Seong said many companies take a lackadaisical approach to cybersecurity and personal data, especially individuals and small and medium enterprises (SMEs).
Ong agrees with Murugason that most of the breaches have not been made public but many public and private agencies have been found to have inadequate security testing and measures.
“The recent Central Database Hub (Padu) loopholes (identity theft) is one such example,” he told FMT Business.
With cyber attacks and data breaches getting rampant, Ong said, companies in Malaysia should use tools such as Privileged Access Management (PAM) and Identity and Access Management (IAM) to prevent cyber threats.
He added that the tools should be used as a security solution to cyber threats by monitoring, detecting, and preventing unauthorised privileged access to critical resources.