Be proactive in defending against cyberattacks, data breaches, govt told

Be proactive in defending against cyberattacks, data breaches, govt told

Cybersecurity expert Selvakumar Manickam lauds the Cyber Security Act 2024, but says the government must do more to protect critical infrastructure and national security.

data leak
Last month, Prasarana Malaysia Bhd suffered a cyberattack that resulted in the leak of 300GB of the company’s private files into the public domain.
PETALING JAYA:
A cybersecurity expert has urged the government to take proactive measures to guard against data breaches and cyberattacks on its agencies, warning that Malaysia’s cyber defences are lagging behind.

Universiti Sains Malaysia’s Selvakumar Manickam said the recent cyberattack on Prasarana Malaysia Bhd was proof that Putrajaya’s existing efforts in the field were inadequate.

“The hacking of a major state-owned company shows that government policies are not strong enough. Our personal data, critical infrastructure and national security are all at risk,” he told FMT.

Selvakumar said the government plays a critical role in setting standards, enforcing regulations, and providing support in the area of cybersecurity. He said it was pointless to have laws and guidelines without strict enforcement and the imposition of penalties for violations.

Selvakumar Manickam
Selvakumar Manickam.

Last month, Prasarana confirmed reports of a cybersecurity incident involving unauthorised access to parts of its internal systems. Over 300GBs of the company’s private data was reportedly leaked.

On Aug 25, cyber-criminal gang RansomHub claimed responsibility for the attack and demanded that the public transport operator pay an undisclosed sum as ransom.

Selvakumar said Prasarana should be held accountable for the breach as it manages vital infrastructure and vast amounts of personal data. He called for the transport operator to face regulatory scrutiny and the appropriate sanctions if found culpable.

Selvakumar lauded the coming into force of the Cyber Security Act 2024 but said it required firm action on the government’s part.

“While the act is a step towards combating increasing cyber threats, its success depends on stringent enforcement and adaptability to the evolving threat landscape,” he said.

The act, which came into force on Aug 26, addresses the management of cyber security threats and incidents affecting critical infrastructure. It also established the national cyber security committee which oversees the implementation and enforcement of the legislation.

Murugason Thangaratnam
Murugason Thangaratnam.

Meanwhile, Murugason Thangaratnam, CEO of cybersecurity firm Novem CS, said many organisations lack a robust business continuity plan (BCP), which provides protocols for prevention and recovery from cyberattacks.

“Organisations must reassess and update their BCPs regularly. If employees are not trained on the plan, no recovery strategy exists. If the BCP does not consider specific risk scenarios, the organisation is vulnerable,” he said.

Murugason said the introduction of the Cyber Security Act 2024 and the recent tabling of the Personal Data Protection (Amendment) Bill 2024 showed the government’s sincere intentions in data protection.

“The first step towards addressing a problem is to first accept that we have one. In that sense, I think we are heading in the right direction.”

Stay current - Follow FMT on WhatsApp, Google news and Telegram

Subscribe to our newsletter and get news delivered to your mailbox.