Latest news with #MegatZuhairy
The Star
07-07-2025
- The Star
From detection to resolution: the role of cyber forensics in cybersecurity
Whenever a major cybersecurity incident occurs, the Malaysian public is usually reassured that a thorough investigation is being conducted, but with few details on what has actually transpired. This is where the subfield of cybersecurity, known as cyber forensics, enters the picture. Cyber Sherlocks According to National Cyber Security Agency (Nacsa) chief executive Dr Megat Zuhairy Megat Tajuddin, cyber forensics plays a critical role from the earliest stages of cyber incident response. At that point in the investigation, investigators work to preserve volatile evidence such as memory dumps, system logs, and network traffic, which can be easily lost when a compromised system, virtual machine, or cloud container is shut down. According to Megat Zuhairy, cyber forensics plays a critical role from the earliest stages of cyber incident response. — Dr MEGAT ZUHAIRY MEGAT TAJUDDIN 'Cyber forensics is a specialised area within the broader field of cybersecurity that focuses on identifying, preserving, analysing, and interpreting digital evidence following a cyber incident. 'While cybersecurity emphasises proactive defence, such as threat prevention, system hardening, and monitoring, cyber forensics is more reactive, providing critical insights post-incident. 'It helps uncover how a breach occurred, assesses the extent of impact, and supports efforts to improve security moving forward,' he says, stressing that 'both fields are complementary and equally vital in a robust cybersecurity strategy'. Financial forensics expert and managing principal with Graymatter Forensic Advisory Raymon Ram put it in simpler terms, saying that cyber forensics is 'the process of identifying, preserving, analysing, and presenting digital evidence following a security breach or suspicious cyber incident'. This comes with the end goal of uncovering 'what transpired, how it happened, and who was involved' after a cybersecurity incident has occurred. Raymon also serves as the president of the NGO Transparency International-Malaysia. During an actual investigation, Nacsa would evaluate the extent of an incident's impact and potential risks, while technical teams handle collecting and analysing evidence, identifying signs of a system compromise, and collaborating with stakeholders to minimise damage and contain the threat. In greater detail Malaysia Cybersecurity Community Raw Security (rawSEC) chairman and co-founder Tahrizi Tahreb further broke down the stages of an investigation, stressing that cyber forensics is not a standalone activity but 'deeply embedded within the structured incident response lifecycle'. 'While incident response focuses on real-time detection and containment, digital forensics provides the critical insights and evidence that inform and enhance the entire process. Tahrizi believes that when it comes to disclosure, there needs to be nuance, with clear enough information being provided to build public trust and accountability without jeopardising the cyber forensic investigation. — TAHRIZI TAHREB 'It typically comes into play very early on, during the 'Identification' phase, to confirm if a cyberattack has indeed occurred and to understand its immediate scope and nature. 'However, its most central role emerges during the 'Containment' phase. This is where specialists meticulously identify, label, record, and acquire data from all relevant sources, such as hard drives, memory, network logs, and mobile devices, while rigorously preserving its integrity. 'Maintaining a strict 'chain of custody' is paramount to ensure the integrity and reliability of the evidence for potential legal proceedings,' he says. These findings are then used to guide the 'Eradication' and 'Recovery' phases, which, as the names suggest, aim to remove the threat and recover the affected systems. This is followed by a 'Post-Incident' stage, where a thorough review is conducted to identify the root causes and exploited vulnerabilities and assess the effectiveness of existing defences. Lessons learnt will then be used to proactively shore up security measures. Megat Zuhairy emphasises that Nacsa plays a crucial part when incidents have an impact on National Critical Information Infrastructure (NCII), with the agency taking a leadership role in forensic response, coordination, and oversight of the affected organisations. 'When an entity lacks the technical capability or resources to conduct proper forensic analysis, Nacsa may deploy or assign specialised response teams to provide direct support. Tahrizi stresses that cyber forensics is not a standalone activity but 'deeply embedded within the structured incident response lifecycle'. — Pixabay 'Furthermore, a dedicated team from the Royal Malaysia Police (PDRM) is embedded within Nacsa to assist with cases involving potential criminal elements. 'This integration ensures that legal and law enforcement considerations are taken into account early in the investigation, helping to preserve digital evidence and facilitate any subsequent legal action,' Megat Zuhairy says. He adds that cases have become increasingly complex over the years, with a shift away from opportunistic attacks like phishing and malware cases to well-planned, sophisticated and targeted threats deployed by highly coordinated operations. 'These include ransomware used for financial extortion, coordinated malware infections that can lead to multiple layers of impact, beacons used for external command-and-control communication, backdoors enabling stealthy remote access, and spyware designed for surveillance,' he says. Talking about transparency A key part of the cyber forensic process is communication with the public, which is carefully managed to avoid misinformation or premature conclusions on the cybersecurity incident. Megat Zuhairy acknowledges that while transparency is essential, caution needs to be exercised so as to prevent incidents from worsening, with the focus being on conducting a comprehensive and accurate investigation rather than an immediate disclosure. Megat Zuhairy adds that cases have become increasingly complex over the years, with a shift away from opportunistic attacks like phishing and malware cases to well-planned, sophisticated and targeted threats deployed by highly coordinated operations. — Pixabay 'Sharing technical details too early can be risky, as it may alert threat actors, enabling them to launch the second wave of attacks, change their tactics, or cover their tracks. For this reason, public updates are often limited during an active investigation. 'As Malaysia's national cyber security agency, Nacsa is committed to responsible information sharing while protecting national security interests. 'All external communication undergoes careful validation to ensure sensitive data, especially related to critical infrastructure or national systems, remains secure. 'Our goal is not to withhold information unnecessarily, but to strike a balance between transparency and operational security,' he says, adding that transparency is still a guiding principle of Nacsa. He further says that the agency does share further information such as Tactics, Techniques, and Procedures (TTPs) used in attacks, along with recommended mitigation strategies whenever possible. 'Through this measured and strategic approach, we ensure that forensic investigations not only resolve incidents effectively but also contribute to long-term national and regional cyber resilience,' he says. Raymon says that cyber forensics is 'the process of identifying, preserving, analysing, and presenting digital evidence following a security breach or suspicious cyber incident', with the end goal of uncovering 'what transpired, how it happened, and who was involved' after a cybersecurity incident. — RAYMON RAM Similar thoughts are shared by both Raymon and Tahrizi, who believe in taking a more measured approach in transparency with the public. 'The balance lies in sharing general findings – such as the nature of the breach, affected systems, and response measures – without revealing sensitive forensic techniques or evidence trails. 'Once investigations are concluded, sharing lessons learnt can bolster public confidence and help others strengthen their own defences,' says Raymon. Megat Zuhairy says that the full conclusion of an investigation can only be shared once all necessary legal actions have concluded, as otherwise it may jeopardise the trial involving the perpetrators, adding that such investigations are time-consuming. He adds that while the agency does not usually publicly announce the full conclusion of investigations, it does publish important findings in the form of advisories that may be of use for others. These are regularly published on the Nacsa website without explicitly referring to any specific incidents. 'Updates may be issued when they serve the public interest, reinforce regulatory compliance, or provide clarity on systemic issues, while ensuring that confidential or classified details remain protected,' he says. Meanwhile, Tahrizi believes that there needs to be nuance, with clear enough information being provided to build public trust and accountability without jeopardising the cyber forensic investigation. 'Privacy concerns are also paramount. Digital forensics often involves highly sensitive data, including personal communications, medical records, and financial transactions. 'Forensic professionals have an ethical responsibility to avoid unauthorised data access, respect individual privacy, and ensure proper handling of evidence. 'In Malaysia, the recent Cyber Security Act 2024 and the Publicly Accessible Data Universe (Padu) database have sparked significant debate regarding privacy, especially since the Personal Data Protection Act 2010 (PDPA) does not apply to government agencies, leaving citizens without legal recourse in case of misuse or breaches,' he says. Workforce woes All three agree that Malaysia is suffering from a significant lack of manpower when it comes to the broader field of cybersecurity, which has also affected cyber forensics. From Tahrizi's perspective, the shortfall is something that Malaysia struggles with, especially due to the rapid digital transformation in the country, with talent pipelines not matching the pace of development. 'The numbers paint a clear picture: as of mid-2024, Malaysia had approximately 16,765 cybersecurity personnel. 'Yet, the projected requirement stands at 26,430 by the end of 2025 and 28,068 by 2026. After a cyber incident, investigators work to preserve volatile evidence such as memory dumps, system logs, and network traffic, which can be easily lost when a compromised system, virtual machine, or cloud container is shut down. — Pixabay 'This talent gap isn't just an abstract number; it's a tangible vulnerability. Over 90% of organisations in Malaysia and neighbouring countries have reported security breaches attributed, at least in part, to a lack of skilled cybersecurity professionals. 'This directly impacts our national security and economic stability,' he says, adding that the reasons for this gap are multi-faceted, with a disconnect between academia and the industry, limited industry-aligned training, and intense global competition making it difficult to attract and retain top talents in Malaysia. Raymon drives the message home, saying that the problem compounds on itself since 'forensics is even more niche – it demands a unique blend of technical acumen, investigative rigour, and legal awareness'. 'Few institutions offer focused training in this field, and most graduates gravitate towards more mainstream roles like SOC (Security Operations Centre) analysts or network engineers. 'Consequently, many organisations depend on a small pool of specialists or outsource to consultancies like ours,' he says. Megat Zuhairy says that this has to do with how cyber forensics as a whole is viewed by the public. He calls for a reshaping of how the field is perceived in order to appear more attractive to Malaysians. 'Cybersecurity is not limited to coding or working in high-tech environments. It plays a crucial role in protecting everyday aspects of modern life, from digital banking and transportation systems to healthcare data and national infrastructure. 'Presenting cyber forensics as a purpose-driven, problem-solving profession can make it more relatable, impactful, and aspirational to a broader audience. It is a field where individuals can make a real impact. A key part of the cyber forensic process is communication with the public, which is carefully managed to avoid misinformation or premature conclusions on the cybersecurity incident. — Pixabay 'Importantly, we must break the misconception that talent must only come from traditional IT backgrounds. The field of cyber forensics benefits greatly from diverse disciplines. Individuals from engineering, mathematics, and science can bring analytical and technical strengths. 'At the same time, those with backgrounds in psychology offer valuable insights into human behaviour, especially in areas like social engineering and behavioural analysis during forensic investigations,' he says. He adds that many officers within PDRM's cyber forensic team 'enter the field without formal technical training but develop cyber investigative expertise over time through targeted training and practical experience'. What's next? Aside from the shortage in expertise, Megat Zuhairy believes that the rapid growth and evolution of the cyber landscape, which includes bad actors and threats to the nation at large, outpacing existing legislation and operational frameworks, have become a significant challenge to cyber forensic teams. Both Tahrizi and Raymon have similarly pointed out that cross-border cooperation is made cumbersome due to time-consuming processes, such as Mutual Legal Assistance Treaties (MLATs), to share information and evidence for criminal law enforcement. This is something that Nacsa is currently looking to address through legislation, according to Megat Zuhairy. 'Much of today's digital evidence is encrypted or stored across multiple jurisdictions, often within cloud infrastructures. 'This complicates access and creates legal obstacles, especially when cross-border data sharing requires mutual legal assistance treaties or diplomatic coordination,' he says. While Malaysia led the way with the Computer Crimes Act 1997, Megat Zuhairy says that it has since lost relevance and is 'inadequate' at addressing the modern complexities of cybercrime. 'Notably, the Act does not differentiate between cyberattacks targeting national critical information infrastructure (NCII) and those affecting individuals or non-critical systems. 'This legal gap hampers the ability to impose proportionate penalties and prioritise national security interests. 'In response, Nacsa is in the process of drafting a Cybercrime Bill, which is designed to provide a more robust, technology-neutral and future-ready legal framework. 'This Bill will introduce enhanced penalties for cyberattacks targeting NCII and will also explicitly address emerging and sophisticated threats such as ransomware, social engineering attacks, AI-driven exploits, malware, and supply chain attacks,' he says. The Cybercrime Bill will also be aligned with international legal standards, specifically the Budapest Convention on Cybercrime and the UN Convention against Cybercrime, which he foresees will better facilitate cooperation across borders.
The Sun
30-05-2025
- The Sun
NACSA, Kaspersky release Malay online safety book for kids
PETALING JAYA: In an effort to raise online safety awareness among children, the National Cyber Security Agency (NACSA), in collaboration with global cybersecurity firm Kaspersky, today launched the Malay-language edition of the book Midori Kuma and a Very Special Race. NACSA chief executive Dr Megat Zuhairy Megat Tajuddin said the translation marks a significant step in cultivating cybersecurity awareness from an early age, in line with efforts to educate a digital-native generation increasingly exposed to online risks. 'Statistics show that nearly 60 to 70 percent of children today spend more than three hours online daily. This increases their vulnerability to threats such as online grooming, which is becoming a growing concern in our country. 'For instance, in online games, children may unknowingly engage with individuals they believe to be peers, when in fact they may be impersonators with malicious intent seeking to obtain personal information such as location, passwords and more,' he said. Dr Megat Zuhairy was speaking at the launch of Midori Kuma dan Perlumbaan Yang Sangat Istimewa, the Malay-language version of the children's educational book, at the Petaling Jaya Community Library today. Also present at the event were Kaspersky's head of Government Affairs and Public Policy for Asia Pacific, Heng Lee; Petaling Jaya City Council legal officer, Mohd Yusof Che Aziz; and Petaling Jaya Community Library senior assistant director II (Knowledge Resources) Zainal Abidin Rahim. Megat Zuhairy said the storytelling approach used in Midori Kuma helps convey cybersecurity messages in a way that is accessible and effective not only for children but also for parents, teachers and the wider community. Meanwhile, Heng Lee said the book is more than just a children's title; it forms part of a broader Kaspersky-led initiative across the region to equip children with the knowledge they need to grow up in a safe, informed and resilient digital environment. 'Children today are growing up as digital natives, instinctively curious and constantly connected. They need the right guidance to navigate this universe of possibilities,' he said. He also cited Kaspersky's Digital Habits Report, which found that 61 percent of children receive their first digital device between the ages of eight and 12, while 11 percent are introduced to such devices even earlier. Heng added that the data highlights the importance of building healthy digital habits from a young age, and this book provides a simple yet meaningful way for parents and children to learn about online safety together.
The Sun
30-05-2025
- The Sun
NACSA and Kaspersky launch Malay edition of online safety book for children
PETALING JAYA: In an effort to raise online safety awareness among children, the National Cyber Security Agency (NACSA), in collaboration with global cybersecurity firm Kaspersky, today launched the Malay-language edition of the book Midori Kuma and a Very Special Race. NACSA chief executive Dr Megat Zuhairy Megat Tajuddin said the translation marks a significant step in cultivating cybersecurity awareness from an early age, in line with efforts to educate a digital-native generation increasingly exposed to online risks. 'Statistics show that nearly 60 to 70 percent of children today spend more than three hours online daily. This increases their vulnerability to threats such as online grooming, which is becoming a growing concern in our country. 'For instance, in online games, children may unknowingly engage with individuals they believe to be peers, when in fact they may be impersonators with malicious intent seeking to obtain personal information such as location, passwords and more,' he said. Dr Megat Zuhairy was speaking at the launch of Midori Kuma dan Perlumbaan Yang Sangat Istimewa, the Malay-language version of the children's educational book, at the Petaling Jaya Community Library today. Also present at the event were Kaspersky's head of Government Affairs and Public Policy for Asia Pacific, Heng Lee; Petaling Jaya City Council legal officer, Mohd Yusof Che Aziz; and Petaling Jaya Community Library senior assistant director II (Knowledge Resources) Zainal Abidin Rahim. Megat Zuhairy said the storytelling approach used in Midori Kuma helps convey cybersecurity messages in a way that is accessible and effective not only for children but also for parents, teachers and the wider community. Meanwhile, Heng Lee said the book is more than just a children's title; it forms part of a broader Kaspersky-led initiative across the region to equip children with the knowledge they need to grow up in a safe, informed and resilient digital environment. 'Children today are growing up as digital natives, instinctively curious and constantly connected. They need the right guidance to navigate this universe of possibilities,' he said. He also cited Kaspersky's Digital Habits Report, which found that 61 percent of children receive their first digital device between the ages of eight and 12, while 11 percent are introduced to such devices even earlier. Heng added that the data highlights the importance of building healthy digital habits from a young age, and this book provides a simple yet meaningful way for parents and children to learn about online safety together.
Barnama
30-05-2025
- General
- Barnama
NACSA And Kaspersky Launch Malay Edition Of Online Safety Book For Children
GENERAL PETALING JAYA, May 30 (Bernama) -- In an effort to raise online safety awareness among children, the National Cyber Security Agency (NACSA), in collaboration with global cybersecurity firm Kaspersky, today launched the Malay-language edition of the book Midori Kuma and a Very Special Race. NACSA chief executive Dr Megat Zuhairy Megat Tajuddin said the translation marks a significant step in cultivating cybersecurity awareness from an early age, in line with efforts to educate a digital-native generation increasingly exposed to online risks. 'Statistics show that nearly 60 to 70 percent of children today spend more than three hours online daily. This increases their vulnerability to threats such as online grooming, which is becoming a growing concern in our country. 'For instance, in online games, children may unknowingly engage with individuals they believe to be peers, when in fact they may be impersonators with malicious intent seeking to obtain personal information such as location, passwords and more,' he said. Dr Megat Zuhairy was speaking at the launch of Midori Kuma dan Perlumbaan Yang Sangat Istimewa, the Malay-language version of the children's educational book, at the Petaling Jaya Community Library today. Also present at the event were Kaspersky's head of Government Affairs and Public Policy for Asia Pacific, Heng Lee; Petaling Jaya City Council legal officer, Mohd Yusof Che Aziz; and Petaling Jaya Community Library senior assistant director II (Knowledge Resources) Zainal Abidin Rahim. Megat Zuhairy said the storytelling approach used in Midori Kuma helps convey cybersecurity messages in a way that is accessible and effective not only for children but also for parents, teachers and the wider community. Meanwhile, Heng Lee said the book is more than just a children's title; it forms part of a broader Kaspersky-led initiative across the region to equip children with the knowledge they need to grow up in a safe, informed and resilient digital environment. 'Children today are growing up as digital natives, instinctively curious and constantly connected. They need the right guidance to navigate this universe of possibilities,' he said.
New Straits Times
23-05-2025
- Business
- New Straits Times
Malaysia-led Asean cybersecurity strategy to be finalised by year-end
KUALA LUMPUR: The Asean Cybersecurity Collaboration Strategy 2026–2030, led by Malaysia, is expected to be finalised by the end of this year. The initiative is part of a regional effort to strengthen digital defence and resilience. National Cyber Security Agency (Nacsa) chief executive officer Dr Megat Zuhairy Megat Tajuddin said the draft strategy would be deliberated during a series of forums and workshops in July, held in conjunction with the Cyber Defence and Security Exhibition and Conference (Cydes) 2025. He said the discussions, involving representatives from all 10 Asean member states, would focus on a five-year action plan centred around three core pillars: information sharing, joint technology development, and human capital growth. "All 10 Asean countries have pledged their support for the development of the Asean Cybersecurity Collaboration Strategy 2026–2030, which represents a joint effort among the member states. We have received strong backing from across the region. "The strategy will focus not only on information sharing but also on technology development, talent cultivation, and the exchange of expertise to address emerging cybersecurity threats. "One of the biggest challenges is the growing threat of ransomware and the transition to post-quantum cryptography. These are not just national issues - they are global in scope, and Asean must be ready," he told reporters at the closing ceremony of Cyber Games 2025 here today. Megat Zuhairy said the Malaysia Cyber Security Strategy 2025–2030 would also be launched during the upcoming Cydes in July. He added that the strategy complements Malaysia's active participation in international cybersecurity frameworks, including its endorsement of the Budapest Convention. "Over the past two years, we have made significant strides in strengthening our cyber defence capabilities. "It began with the Cyber Security Act 2024, followed by the formulation of the Malaysia Cyber Security Strategy, which is set to be launched this July. "This includes various talent development initiatives and Malaysia's alignment with international frameworks such as the Budapest Convention," he said. He said this reflects Malaysia's leadership in driving regional cybersecurity initiatives and underscores its ambition to become a regional cybersecurity hub. "All of this demonstrates the government's strong commitment to ensuring national cybersecurity readiness, as well as our leadership in expertise, technological advancement, innovation and overall cyber resilience." He also highlighted Malaysia's pivotal role as lead coordinator of the Asean Regional Computer Emergency Response Team (Cert), which serves as a platform for intelligence sharing and coordinated responses to cyber incidents among Asean nations. "We are also collaborating with regional partners to develop homegrown cybersecurity products and solutions that leverage Asean's talent pool. It's not just about Malaysia, it's about building regional capabilities," he said. On talent development, he commended Malaysian participants in the Cydes-hosted Asean Cyber Games, where three Malaysians were part of the teams that secured first, second, and third places in the regional competition. "We believe cybersecurity is no longer a domain dominated solely by Western or more developed nations. Malaysia, too, has high-level expertise in this field. "This ensures that we are capable of defending ourselves, with cybersecurity driven by our own local talent and the people of Malaysia," he added.
