Latest news with #RiskManagementinTechnology
Focus Malaysia
31-07-2025
- Business
- Focus Malaysia
Cyber resilience in Malaysia: Why compliance isn't enough
IN today's hyperconnected world, compliance is often seen as the gold standard for cybersecurity. Across Malaysia, financial institutions, critical infrastructure providers, and businesses have made significant strides aligning with frameworks such as Bank Negara Malaysia's Risk Management in Technology (RMiT) guidelines, the Personal Data Protection Act (PDPA), and various sector-specific regulations. Yet breaches continue to make headlines, affecting even the most 'compliant' organisations. Why? The reality is compliance is only the starting line, not the finish line. In a rapidly evolving threat landscape, true cyber resilience demands much more. Compliance alone can't keep pace with threats While regulatory frameworks are a crucial foundation, they represent only the minimum baseline. Threat actors are not bound by minimum standards, they are innovating faster than regulations can evolve. Sophisticated ransomware gangs, state-sponsored groups, and cybercriminal syndicates are constantly refining their tactics. According to CyberSecurity Malaysia, local organisations faced over 19 million cyber threats in the first half of 2024, resulting in financial losses exceeding RM1.2 bil. Regional findings from Sophos indicate that 83% of APJ organisations report increased operational complexity due to cybersecurity regulations, with 36% citing employee stress and burnout as a direct result. Yet, 56% still recognise that these frameworks improve both cybersecurity and business resilience, highlighting the need to balance compliance with practical, scalable implementation. Clearly, businesses must go beyond regulatory checklists and adopt proactive, intelligence-driven security measures. At Sophos, our 2024 Threat Report highlights emerging tactics such as data extortion without encryption, AI-powered phishing campaigns, and the exploitation of zero-day vulnerabilities, all occurring faster than typical regulatory update cycles. In Malaysia, sectors like education, healthcare, SMEs, and financial services are increasingly targeted by multi-extortion ransomware attacks. For business leaders, compliance should be seen as a foundation, not a complete strategy. Cyber resilience demands real-time threat monitoring, AI-driven automation for faster incident response, and comprehensive recovery frameworks. In today's environment, 'checking the box' is no longer enough; security must be responsive, intelligence-led, and fully embedded across operations. The growing problem of framework fatigue At the same time, organisations are grappling with an ever-expanding maze of cybersecurity frameworks; international, industry-specific, and national. This burden is particularly acute for SMEs, which often lack the resources and expertise needed for robust cybersecurity implementation. This complexity can lead to framework fatigue: confusion, burnout, and decision paralysis that prevent effective action. While frameworks aim to provide clarity, without the right support, they risk overwhelming the very organisations they are meant to protect. Malaysia's evolving regulatory environment holds promise for streamlining this complexity. However, businesses must be equipped with practical guidance, scalable technologies, and actionable strategies to bridge the gap between compliance and true resilience. From compliance to resilience: A strategic imperative It's no longer enough to ask, 'Are we compliant?' Organisations must ask: Are our cybersecurity strategies aligned with real-world threats? Do we have the visibility, control, and speed necessary to detect and respond to incidents? Cyber resilience must be a board-level priority, recognised as a critical enabler of trust, operational continuity, and competitive advantage. Organisations that treat cybersecurity as a strategic business imperative today will be the ones that thrive in Malaysia's increasingly digital economy. ‒ July 31, 2025 Aaron Bugal is the Field CTO of Sophos. The views expressed are solely of the author and do not necessarily reflect those of Focus Malaysia. Main image: Tech Wire Asia
The Sun
07-05-2025
- Business
- The Sun
TH ensures data and system security for pilgrims
MAKKAH: Lembaga Tabung Haji (TH) continues to strengthen the security of Malaysian haj pilgrims' data by ensuring that all systems and digital applications used in its haj operations for the 1446H/2025M season comply with stringent cybersecurity guidelines. TH Information Technology operations director Hanizam Hanif said all systems developed are protected by firewall technology and data encryption methods to safeguard the confidentiality and security of pilgrims' personal information from any form of cyber intrusion. 'We adhere to the Risk Management in Technology (RMIT) guidelines issued by Bank Negara Malaysia to ensure our systems remain secure and resilient,' he said at a recent press conference here. Hanizam reassured pilgrims that their personal information is classified as confidential data and is fully protected through advanced security technology used by TH, making it difficult to be exposed or leaked. He added that TH has also integrated its i-Sihat system with the MyVAS and MySejahtera systems owned by the Ministry of Health Malaysia to enable staff to access pilgrims' health information more easily. 'This move allows medical personnel in the Holy Land to access pilgrims' health records more quickly and efficiently, reducing the reliance on physical treatment record books,' he said. To ensure stable internet connectivity, Hanizam said TH has partnered with Saudi Arabia's telecommunications company, Saudi Telecom Company (STC), to enhance fibre optic infrastructure in pilgrims' accommodation buildings. 'TH has also subscribed to 5G mobile data services from three major Saudi providers — STC, Mobily, and Zain — for use during outdoor operations, including in the Masyair area,' he said. He added that with these digital enhancements and the comprehensive use of information technology, TH is optimistic that the worship experience for Malaysian pilgrims in the Holy Land will be improved, ensuring smooth overall haj operations this year. In addition, pilgrims can use the THiJARI, THhujjaj, e-Bimbingan and e-Taib applications to help manage their affairs throughout their stay in the Holy Land. 'All applications developed by TH are user-friendly, simple and not overly complicated, catering to all age groups, including those in their 60s and 70s,' he said.
