by RAHIMI YUNUS/ graphic by TMR
THERE are 178 cases of data breach to date, almost a 200% jump than the recorded 63 attacks last year, according to data from Malaysia Computer Emergency Response Team of CyberSecurity Malaysia.
In 2017, only 19 cases were reported and Malaysia has seen the incidents continue to persist due to increasingly advanced hackers.
However, a cybersecurity expert believes that the figure is alleged to be much higher as there were many unreported incidents as well.
“A lot of scams, online frauds and attacks are already automated. Software and malware have taken tasks of hackers compared to before, when a person is needed to do the manual work,” Fong Choong Fook told The Malaysian Reserve in a recent interview.
Technological advancement, the rise of social media and growing online users also contributed to the worsening statistics.
“We have learned from cyber-security forensics that hackers stealthily deploy tools. They would not immediately encrypt files and hold the victim to ransom. The new trend is hackers deploy software to collect information about the company and learn about the businesses including the suppliers, customers and communication.
“They gather intelligence, perform data analytics and search for keywords, while the victim may not be aware that hackers are already inside the system.
“The next way of attack is they pretend to be a supplier, for instance, and take advantage of the acquired information,” added Fong, who is also the CEO of an IT firm.
Malaysia was ranked fifth-worst in privacy protection among 47 countries studied by Comparitech.com, a UK-based technology research firm.
Malaysia scored 2.6 out of 5, which denotes some safeguards but weakened protections.
The score sent Malaysia to be among Thailand (2.6), India (2.4), Russia (2.1) and China (1.8) at the bottom.
Comparitech.com said the introduction of the Personal Data Protection Act (PDPA) 2010 did make some improvements to Malaysia’s data privacy, but the laws need updating as technology advances.
According to Fong, the PDPA awareness is still low among Malaysians, while the execution is not as strict as the European Union General Data Protection Regulation (GDPR).
“The GDPR has a clear indicator of the penalty. Yes, we have the PDPA, but the awareness is poor. Private organisations can easily get away when a data leak occurs. We have not seen any significant prosecutions under the PDPA,” he said.
The GDPR requires any companies including foreign firms with an office and/or serve the European region to lodge a report of any data breach within 72 hours.
Organisations face the risk of a fine up to 4% of global revenue in the event of a data breach.
Bar Council’s information technology and cyber laws committee deputy chairman Foong Cheng Leong had previously told TMR that there is a need for data breach notification law.
“Data subjects have the right to know that their information has been compromised and take steps to secure the data,” Foong said in a previous report.
In a recent Parliament session, Prime Minister Tun Dr Mahathir Mohamad said a total of 127 websites were attacked in August 2019 following the backlash on Indonesia’s motorcycle ride-hailing firm Gojek.
Dr Mahathir said, of the total, 24 websites are government-run and the remaining 103 were of private agencies. Last month, Malindo Airways Sdn Bhd suffered data breach, less than a month since the incident happened at Astro Malaysia Holdings Bhd in August.
Passengers’ passport details, home addresses and phone numbers were at risk due to a leak in the carrier’s cloudbased environment.
Meanwhile, Astro suffered a second data breach 14 months after reporting a data breach that affected 60,000 of its customer details.
The satellite television (TV) operator said unauthorised access to customers’ MyKad data including name, identity card (IC) number, date of birth, gender, race and address were discovered.
In June last year, Astro said up to 60,000 Astro Internet Protocol TV customers’ details, which were specifically provisioned by Maxis Broadband Sdn Bhd, were leaked.
Malaysia was rocked with the largest data breach incidents reported in October 2017, where 46 million personal records including IC numbers, addresses and mobile numbers were leaked.
Meanwhile, a survey by Chubb of Small and Medium Enterprises (SMEs) revealed that 84% of SMEs in Malaysia were affected by cyber incidents in the past year.