MALAYSIA NEEDS A NATIONAL CYBER DEFENCE POLICY
Malaysia needs a comprehensive national policy on cyber defence to confront the growing rise of cyberattacks, terrorism and data theft, which can compromise the country’s security, critical data and infrastructure.
A cybersecurity expert said there are government agencies which are more vulnerable to cyberattacks and other threats as they lack the proper defensive wall to prevent such attacks.
LGMS Services Sdn Bhd CEO Fong Choong Fook claimed many government-related systems are easily breached by hackers and they are open to abuse internally, resulting to a number of breaches and data security incidents.
Fong said some government agencies do not have an active defence to fend cyber threats and in fact have less protection on data compared to the private sector.
“This makes them easy target for attackers,” he told The Malaysian Reserve (TMR).
He said the situation is worsened as there is no clear policy on data security reporting covering all agencies and cybersecurity standards vary from one agency to another.
The media recently reported that the personal details of 220,000 organ donors were leaked online. Data from January 2009 to August 2016 containing sign-up details from government hospitals and the National Transplant Resource Centres were stolen, apparently from a central database.
Three months before that, online portal Lowyat.net also exposed a breach of data belonging to the Malaysian Medical Council, the Malaysian Medical Association and the Malaysian Dental Association involving sensitive information linked to MyKad numbers, work and residential addresses.
In what was assumed to be the biggest data breach, information of 46.2 million telcommunication users in the country was offered for sale on the Internet.
Internal analysis showed that the data was collected for submission to the Malaysian Communication and Multimedia Commission’s Public Cellular Blocking Service system. Investigation by related authorities including the police into the massive “phone leak” is still ongoing.
Fong said these incidents amplified the need for a nationwide initiative and he proposed for a national policy on cyber defence.
“Now that we have established the National Cyber Security Agency, I hope that it will promote cybersecurity efforts among government agencies and work together with experts from the private sector to improve the situation,” he said.
He added that the accountability of government agencies, from a legal perspective, is not properly defined as the Personal Data Protection Act 2010 does not cover public entities.
Meanwhile, SysArmy Sdn Bhd CTO Alan Yau (picture) told TMR that the awareness level among the public entities is still low.
“Ministries and key agencies have high security control in place. However, it still does not guarantee that their systems are unhackable. Some state or local governments with lower awareness have higher exposure to risk,” he said.
Yau added that the lack of cybersecurity professionals could not outpace the changes of threats that lie ahead for all the organisations.