PETALING JAYA: In response to the rapidly evolving cybersecurity threats, Malaysia is at the forefront of a battle against malicious activities, said Malaysian Communications and Multimedia Commission (MCMC) commissioner Derek Fernandez.
“The country has been grappling with an increase in suspicious calls, sophisticated phishing attempts and a barrage of unsolicited messages that pose a threat to the security and privacy of individuals. According to MCMC records, 2.4 billion suspicious calls were blocked between 2018 and August 2023.
“Action against cyber threats includes the resolution of 4,051 phishing websites and the blocking and reporting of such sites to domain registrars like Shinjiru, Godaddy and Exabyte, from 2020 to Aug 31, 2023.
“Additionally, 81 million unsolicited SMS messages were intercepted and blocked from 2021 to Aug 31, 2023, leading to the termination of 237,999 affiliated lines. Notably, 17 million peer-to-peer SMS messages containing hyperlinks were averted between May 12 and Aug 31, 2023. The impact extends beyond communication channels, with billions lost to over-the-top and e-commerce scams.”
On cybersecurity challenges, Fernandez said MCMC has a robust regulatory framework, including the development and implementation of legislation mandating cybersecurity measures and data protection laws to safeguard personal information.
“The establishment of incident response protocols, designation of critical infrastructure sectors, the promotion of cybersecurity standards and best practices across industries are essential. Collaborative efforts on both national and international levels, along with public-private partnerships, are crucial for effective threat intelligence sharing and coordinated responses.”
He also said the commission works closely with other stakeholders, including third-party service providers, public relations teams and industry peers, by sharing information to bolster incident response effectiveness.
“Recognising the dynamic nature of the cybersecurity landscape, continuous refinement and adaptation of response strategies are prioritised to ensure ongoing resilience against emerging threats.”
APIIT Education Group and Asia Pacific University of Technology and Innovation chief innovation and enterprise officer Prof Dr Vinesh Thiruchelvam said burgeoning research areas at the intersection of artificial intelligence (AI) and cybersecurity are evident.
“There has been a noticeable movement in favour of using AI to detect breaches early, with a focus on finding patterns that point to unauthorised access and improving intelligent administrative processes.
“Additionally, research is gaining prominence in deploying AI for a swift detection of website spoofing through intelligent domain security measures.
“Another advancing area of study involves the integration of AI in digital forensics, in which researchers are exploring innovative ways to gather evidence and visualise cybercrime, utilising AI algorithms and techniques as virtual assistants to analyse complex digital data.”
He said initiatives and partnerships have developed to strengthen the country’s digital defences. One noteworthy endeavour is the implementation of “Cybersecurity as a Service”, a proactive measure that places early-stage penetration tests at the forefront of network security protocols.
“Addressing the pressing need for comprehensive cybersecurity solutions, Cybersecurity Malaysia has secured a government allocation of RM60 million.
“This funding will be dedicated to the execution of the national 5G Cyber Security Testing Framework project, a crucial initiative aimed at safeguarding the integrity of the country’s 5G infrastructure.”
He also said organisations are advised to adopt a strategic playbook centred on three key principles – explicit verification, least privileged access (LPA) and assuming breach.
“Explicit verification entails closing gaps in multi-factor authentication coverage by requiring explicit verification across the network, examining data in identity, endpoint and network to authenticate access requests by default.
“LPA involves diminishing privileges and access to limit lateral movement of attackers within the network post-breach.
“The assumption of breach in network monitoring operates under the premise that a breach has occurred or is imminent.”
