Latest news with #CyberSecurityAct2024
The Star
30-07-2025
- Business
- The Star
Double standards in cybersecurity? Why are tech giants above Malaysian law?
THE Cyber Security (Exemption) Order 2025 (P.U. (A) 47), signed by Prime Minister Datuk Seri Anwar Ibrahim, officially came into effect on Feb 1, 2025. Issued under Section 61 of the Cyber Security Act 2024, this order grants full exemption to nine major multinational technology corporations, including Amazon, Google, and Microsoft, operating in Malaysia from compliance with the Act's obligations. Pahang MCA Youth holds deep concerns about the serious implications of this exemption, which include: 1. Exempting these companies from mandatory reporting of cybersecurity breaches to the government; 2. Exempting them from compliance with national data processing and information security standards; 3. Restricting the government's authority to investigate or enforce penalties, even in cases of data leaks; 4. Creating an unequal legal landscape, where foreign and local businesses are subject to vastly different regulatory obligations (double standards). These scenarios raise several pressing questions: - Why has the government granted foreign corporations to what amounts to legal immunity? - Who will safeguard the data security and digital rights of Malaysian citizens? - Why must local businesses bear the full burden of regulation, while foreign firms may operate without identical constraints? - Does this decision signal a compromise of national sovereignty in exchange for short-term investment gains? Pahang MCA Youth firmly believes that technological collaboration and foreign investment must not come at the expense of national interest or legal integrity. Safeguarding public trust and regulatory authority should remain paramount. Therefore, we urge the following actions: 1. The Prime Minister, Communications Minister and Digital Minister must provide a transparent explanation for this Exemption Order, detailing its justification and potential consequences. 2. Parliament should establish a special Select Committee to scrutinise the legality and national security risks posed by this exemption. 3. The government should immediately suspend the Order and conduct a thorough review to ensure uniformity and necessity. Data sovereignty is not negotiable. The rule of law must apply equally to all. We cannot accept a system where enforcement is stringent for some (Malaysians) and absent for others (foreigners). WONG SIEW MUN MCA Youth Pahang Chief
The Star
29-07-2025
- Politics
- The Star
‘Policy gaps must be addressed to beat cybercrime'
Digital Minister Gobind Singh Deo speaks at the ASEAN-GCC Economic forum 2025 at Mandarin Oriental hotel in Kuala Lumpur, Malaysia, —AZHAR MAHFOF/The Star. KUALA LUMPUR: With over 6,000 cybercrime threats recorded last year and losses exceeding RM1.22bil, Malaysia must address the policy gaps related to cybersecurity, according to Gobind Singh Deo (pic). The Digital Minister revealed these figures when launching the Asean 5GOT Security Summit 2025 here yesterday. 'We read and hear about Malaysians falling victim to online scams, fake investment schemes and phishing attacks. 'CyberSecurity Malaysia reported that over 6,000 cyber incidents were recorded in 2024, with the majority involving fraud, intrusions and malicious codes,' he said. He added that to build resilience of cybersecurity across organisations, Malaysia must address gaps in policy, tools, talent and cross-border enforcement holistically. He cited Malaysia's decisive steps to strengthen its cybersecurity landscape through the enactment of the Cyber Security Act 2024, which came into force last August. 'Malaysia is also expanding its global footprint. On April 9, the Cabinet approved accession to the Budapest Convention on Cybercrime. 'The country is also preparing to sign the United Nations Convention against Cybercrime in Hanoi this October,' he added. The ministry, he added, is set to table the Cybercrime Bill 2025 to Parliament in October. He said that the proposed law will be able to deal with cyberthreats more effectively amidst technological advances. It was reported that the Bill would replace the outdated Computer Crimes Act 1997. Speaking to reporters later, Gobind said that a cybersecurity enforcement strategy will be presented to the Cabinet by the Digital Ministry. Prepared by CyberSecurity Malaysia, the strategy includes a proposal for a dedicated enforcement agency to implement existing laws effectively. 'We need to have an agency that will be able to enforce the measures under the existing laws because if you have measures alone but there is no one to enforce them, then that's going to be a problem. 'However, that will be something for the Cabinet to decide as we move along,' he said. Gobind added that while CyberSecurity Malaysia has the capacity, the Cabinet will be consulted on the decision to empower specific agencies by this year. He said various ministries will be engaged over the matters, including the Home Ministry, Communications Ministry, and the Law and Institutional Reform Ministry. 'It's important to get feedback from the Cabinet. We are also taking steps to engage with the industry and experts. 'I think that will be very helpful in shaping how we design our strategies, including towards enforcement, as we prepare the country for the challenge of building a trusted digital ecosystem moving forward,' he added.
New Straits Times
15-07-2025
- Business
- New Straits Times
Gobind: Malaysia must act now to plug cybersecurity gaps
KUALA LUMPUR: Malaysia must urgently address gaps in policy, tools, talent, and cross-border enforcement to strengthen its cybersecurity resilience and manage varying levels of readiness across organisations and nations, Digital Minister Gobind Singh Deo said. He said the world is becoming increasingly interconnected, with daily life now deeply tied to digital platforms such as communication, shopping, and accessing public services. He added that for digital transformation to truly flourish, trust is a fundamental element that cannot be overlooked. "Digital trust is the unwavering confidence we place in our digital systems, technologies, and transactions," he said in his speech at the Asean 5G and OT Security Summit (5GOT) 2025 here today. "We believe they are secure, private, and reliable. It is the invisible yet powerful force that underpins our digital interactions. However, many have taken our systems, technologies, and transactions for granted." Gobind said society's growing reliance on conducting transactions online has encouraged bad actors to exploit this digital presence. He highlighted an alarming surge in cyberattacks affecting all layers of society, from individuals to organisations, across sectors and sizes. "We read and hear about Malaysians falling victim to online scams, fake investment schemes, and phishing attacks. "According to CyberSecurity Malaysia, there were more than 6,000 reported cyber incidents in 2024, mainly involving fraud, intrusions, and malicious codes. "Malaysia incurred over RM1.22 billion in financial losses due to cybercrime over the past year. "But such incidents are not unique to Malaysia. The world faces this massive threat as well, resulting in trillions of dollars in losses annually," he said. Gobind also said the consequences of cyberattacks go far beyond financial losses, as they damage reputations, compromise privacy, destroy property, eliminate opportunities, and in some cases, even endanger lives. He added that attacks on operational technology, which powers automation in factories, manages patient care in hospitals, and runs critical infrastructure such as energy grids and water treatment facilities, are increasingly being targeted by sophisticated threat actors. Nevertheless, Gobind said Malaysia has taken decisive steps to strengthen its cybersecurity landscape over the past years. He highlighted that the Cyber Security Act 2024, which came into force on Aug 26 last year, empowers the National Cyber Security Agency to oversee compliance, coordinate across sectors, and protect the country's National Critical Information Infrastructures. He also said a new Cybercrime Bill, set to be tabled in Parliament this October, aims to replace outdated legislation and equip authorities with the tools needed to combat modern cyber threats effectively. Furthermore, Gobind said Malaysia is expanding its global footprint, noting that the Cabinet has approved accession to the Budapest Convention on Cybercrime. "The country is also preparing to sign the United Nations Convention against Cybercrime in Hanoi this October. "These actions reflect Malaysia's commitment to international norms and collaborative efforts in addressing cybercrime. "As such, platforms such as 5GOT must be leveraged to accelerate progress through expert engagement, knowledge sharing, collaboration, and exposure to emerging technologies," he said. Gobind also said the government aims to build a regional cyber ecosystem through public-private partnerships that foster innovation and talent development. He added that the government hopes to raise awareness and a sense of urgency among key stakeholders in securing the country's digital future.
The Star
12-06-2025
- Business
- The Star
Report: Online shoppers hit by increasing number of parcel scams, more than 3,500 cases in Q1 2025
For COD scams, Faris explained that perpetrators often pose as delivery personnel and persuade victims to pay for a parcel by claiming it was ordered by their pouse or another family member. — Freepik PETALING JAYA: Online shoppers are urged to stay vigilant as Ninja Van Malaysia said it has received over 3,500 parcel scam reports in the first quarter of 2025 – the highest number recorded by the company compared to any previous quarter. In 2024, the company recorded more than 17,000 parcel scam cases with 40% of incidents concentrated in the Klang Valley. The majority of such cases involve cash-on-delivery (COD) schemes, where consumers end up paying for items they never ordered. Other common tactics include "ghost scams", in which victims are tricked into purchasing non-existent products or services advertised online, and phishing attempts via text messages or SMS where the sender impersonated the company. "At Ninja Van Malaysia, our responsibilities go beyond logistics. As a key player in the industry, we have a duty to educate the public against the rising scam threats," said chief executive officer Lin Zheng in a ScamMinar panel discussion held today (June 12). Chief sales officer Faris Maswan said victims were mostly from the older generation, who got duped into purchasing items like herbal products and amulets that were promoted on social media. They either end up not receiving the item at all or received products that were different from what was advertised. It's always a case of items being offered at a price that is just too good to be true, he said, adding that victims could end up losing up to RM1,000 in some cases. "Most of the time, it hovers around RM200," he added. For COD scams, Faris explained that perpetrators often pose as delivery personnel and persuade victims to pay for a parcel by claiming it was ordered by the victim's spouse or another family member. "Scammers would exploit the sense of familiarity that victims have for the person they think the parcel is for," said Raymon Ram, a fraud risk management specialist and president of NGO Transparency International-Malaysia. Faris explained that in phishing cases, victims would receive an SMS claiming they had an undelivered Ninja Van parcel: "Victims are then directed to a fraudulent website designed to steal money from their bank accounts." When these incidents were reported, Faris said an internal investigation was launched to determine whether there had been a data breach involving its customers. "Our infosec team found out that scammers were obtaining personal data from a website hosting leaked information from various sources. We also found that customers of other courier services were targeted by similar scams," he said. Raymon added that scammers can obtain users' personal data from forums on the dark web and use the information to carry out various schemes. "The newly enforced Cyber Security Act 2024 requires organisations in critical sectors to report any breaches to the National Cyber Security Agency. We'll have to see what kind of impact this will have. I hope companies will start taking cybersecurity more seriously," he said. Faris said cases would also be investigated based on customer service complaint rate. "If it's a critical case with directive from the authorities, we would block accounts (on their platform related to fraudulent complaints). In the last quarter, we have blocked more accounts than before," Faris said, adding that he also urged victims to come forward and make reports to the right channels as part of a measure to protect other users. The Selangor deputy head of Commercial Crime Investigation Department (Intelligence/Operation) Yap Huat Tian said it's also crucial for more people to be vigilant about their online safety and privacy. Don't assume that it's only older generation that can get scammed. As long as you have a smartphone, you can be a victim, he said.
New Straits Times
24-04-2025
- Business
- New Straits Times
Malaysia positioned to lead Asean in cyebersecurity, says Kaspersky
SINGAPORE: Malaysia ranks highly in cybersecurity readiness within Asean, according to global cybersecurity firm Kaspersky. Kaspersky's general manager for Southeast Asia, Yeo Siang Tiong, said Malaysia has demonstrated strong capabilities in managing and addressing cyber threats, positioning the country to lead the region in this critical field. "My observation is based on several factors. One clear indicator is the Cyber Security Act 2024, which came into effect on Aug 26, 2024. It identifies critical industries and establishes a regulatory framework for cybersecurity. "The second factor is the country's capabilities and resources. Malaysia has a large pool of cybersecurity professionals and threat researchers. Third, there is strong public awareness, with effective outreach programmes led by CyberSecurity Malaysia and the National Cyber Security Agency (NACSA), which have shown significant progress," he told Bernama at GITEX Asia 2025 today. Yeo also pointed out that as the host of the Asean Chairmanship 2025, Malaysia is playing an increasingly pivotal role in uniting regional efforts to enhance cybersecurity. "Malaysia is leading the Asean Digital Economy Framework Agreement (DEFA), where cybersecurity is a key foundational pillar. "As cybercriminals know no boundaries, DEFA enables Malaysia to coordinate with other Asean nations to prevent the escalation of cybercrime in the region," he added. When asked about the upcoming Malaysia Cyber Security Strategy (2025–2030), Yeo outlined four key pillars designed to strengthen national cyber defence. "First is building resilience, not just to withstand attacks but to recover from them. The second pillar is immunity, where we advocate our concept of 'cyber immunity.' "Third is awareness, which remains essential, and lastly, intelligence—focusing on countering cyber threats, including those from organised crime groups targeting critical infrastructure, government, and the supply chain," he explained. Kaspersky made its debut as the first Cyber Immunity Partner at GITEX Asia 2025, held from Apr 23 to 25 at Marina Bay Sands, Singapore. GITEX Asia is part of the GITEX GLOBAL series, the world's largest technology exhibition and startup showcase. — BERNAMA
