Hacks, data leaks at businesses, government agencies raise alarm
KUALA LUMPUR — Cybersecurity experts warn the rapid pace of Malaysia’s 5G telecommunications rollout poses a threat to users and businesses in the country, with data breaches and ransomware attacks potentially increasing as the new technology takes hold and the country’s systemic defenses remain weak.
5G, or the fifth generation of network infrastructure, allows for far faster mobile downloads. But as with many such improvements, opportunities to take advantage of technological advances for nefarious purposes are also on the rise.
The country’s 5G connections reached 33.2% of populated areas as of last September and are on track to achieve the 80% target set by the government by 2024, according to the Malaysian Communications and Multimedia Commission.
The government earlier this month announced plans to launch a second 5G network next year. State-owned Digital Nasional Berhad (DNB) has a monopoly as the 5G network operator. But once coverage reaches 80%, expected this year, a second entity will run another 5G network in parallel, the communications and digital ministry said. Ending DNB’s monopoly was a campaign promise Prime Minister Anwar Ibrahim made last year.
The 5G ambitions, however, come as Malaysia in recent years has been hit by major data breaches and ransomware attacks, with the country being listed as the world’s 11th most violated in the second quarter of 2022, when more than 665,000 people fell victim, according to cybersecurity company Surfshank.
“As 5G adoption increases and the movement from hardware-based core infrastructure in telcos becomes more cloud-based infrastructure, we are going to have a learning experience of moving to the cloud, which will create [security] gaps that will be exploited by attackers,” Sean Duca, Palo Alto Networks’ chief security officer for the Asia-Pacific and Japan, told Nikkei Asia.
“Hackers will have more options thanks to the expanded use of private mobile networks and increased network access from outside suppliers,” Duca said. “For users and telco providers, the new cybersecurity challenges of 5G networks will present themselves due to the increased speed, faster response times and increased capacity.”
In the last year or so alone, incidents have involved consumers and businesses including budget airline AirAsia, while there were also several major reports of leaks involving the personal data of millions of Malaysians said to originate from databases of government agencies.
High-profile cases of alleged leaks include the government’s Election Commission, with personal information from the breaches reportedly sold online.
“Personal data is a national treasure, without data there would be no social media, no digital economy and others,” Malaysian Communications and Digital Minister Fahmi Fadzil told a local radio station in January. “So a breach of data is something very serious that must be addressed.”
Last month, Fahmi told reporters the government is beefing up cybersecurity to nullify threats by scammers and hackers and would be taking additional legal measures to improve cybersecurity.
“We are looking at making key legislative amendments, including amending the Personal Data Protection Act 2010 to make it more robust to ensure that those holding the data are more responsible in protecting the data in their custody,” he said.
Fahmi, through an aide, declined to comment to Nikkei.
And though he has vowed to get to the bottom of the attacks and leaks, as well as coming up with measures to protect systems, those responsible have yet to face repercussions.
In a nod to beefing up cyber defenses, the government in its 2023 national budget allocated 10 million ringgit ($2.2 million) to the National Scam Response Centre (NSRC) to address the rising rate of cybercrime.
Suk Hua Lim, Malaysia country manager for Palo Alto Networks, called such spending “commendable” but said it is just a start. “It is critical to acknowledge that cybersecurity encompasses a broader range of issues, and a comprehensive approach is necessary to safeguard individuals, businesses and the country’s economy and reputation in the long run,” she said.
Amirudin Abdul Wahab, chief executive officer of CyberSecurity Malaysia, under the purview of the Ministry of Communications and Digital, says that investment and cooperation are important to ensure protection.
“It is important to invest in cybersecurity, providing staff with training and education,” he said. “And collaborating with public and private entities, organizations can bolster their cybersecurity posture and prevent [themselves] from becoming the next victim of [a] data breach.”
Syahmi Amri Lim, a local finance firm employee who uses 5G connected devices, said he has received increasing numbers of scam and suspicious calls in recent years, often from people claiming to be government agency or financial institution representatives. And while worried the situation will worsen, he said it’s not just up to businesses and the government to ensure cybersecurity and privacy, broader society also has a role.
“Users are equally responsible in ensuring that their devices are equipped with strong security updates,” said Amri Lim.
Sandra Lee, managing director for Southeast Asia and South Korea at cybersecurity company Sophos, said that Malaysia needs a stronger legal framework to protect users.
“At present, Malaysia does not have a cybersecurity act and no specific legislation that addresses cyberspace matters in the country,” she said.
Another major challenge is the lack of cybersecurity talent. According to the communication and digital ministry last year, there were just 13,851 cybersecurity knowledge workers in Malaysia — not enough to handle the landscape’s rising and evolving cyber threats.
“Due to a lack of talent along with inadequate budgets in many local firms, this pain point may be a security hole that cybercriminals could exploit,” Lee said.
by 
Leave a Comment