Malaysia Continues Facing Growing Cyber Threats Amidst Data Centre Expansion

October 29, 2024

The latest report from Kaspersky reveals that cyber threats targeting Malaysian users remain high, which may coincide with the rapid expansion of data centres in the country.

According to Kaspersky Security Network (KSN), Kaspersky products detected 7,250,590 different internet-borne cyberthreats on the computers of KSN participants in Malaysia during the period July till September 2024. KSN recorded 7,395,515 different internet-borne cyberattacks in Q3 last year.

The cyberattacks is particularly concerning as Malaysia continues to invest heavily in data centre infrastructure. The concentration of sensitive data and critical infrastructure in these facilities makes them attractive targets for cybercriminals. The current Malaysian data centres, primarily serve domestic clients, including banks, telecommunications companies, and smaller international cloud providers.

According to Adrian Hia, Managing Director for Asia Pacific at Kaspersky, due to the vast amount of sensitive data the data centres store, they are highly vulnerable to cyberattacks. To safeguard information and maintain customer confidence, companies need to ensure robust cybersecurity measures such as advanced threat detection, intrusion prevention, and data encryption are essential.

Johor Bahru is recognised as the fastest-growing data centre in Southeast Asia, boosting a total data center capacity of 1.6 gigawatts. Four world’s leading technology companies are already investing and developing their data centres in Malaysia.

The Prime Minister announced that Malaysia will partner with industry leaders and stakeholders in positioning itself as a leading artificial intelligence (AI) driven nation in ASEAN region.

“Malaysia’s burgeoning data centre landscape presents both significant opportunities and challenges. While the country continues to thrive in this sector, there is still an urgent need to invest more in cybersecurity education and training. By developing a skilled cybersecurity workforce, Malaysia can ensure the protection of its critical digital infrastructure and maintain its competitive edge in the global data centre market,” says Hia.

KSN data shows that in Q3 this year, there was 0.07% or 341,021 incidents originating from Malaysian servers. The alarming data should concern the Malaysian as there was 180,215 incidents reported in Q3 last year.  

Commenting on the Budget 2025, Hia is of the view that Kaspersky welcomes the Malaysian government’s allocation of RM30 million to combat scams and strengthen cybersecurity.

“This investment is a positive step towards addressing the rising cyberthreats highlighted in our recent report. We urge Malaysian government to continue to focus on developing a comprehensive cybersecurity strategy, such as prioritising upskilling the workforce, raising public awareness about online threats, and promoting collaboration between government, private sector, and cybersecurity experts. By working together, Malaysia can truly build a more advanced digital ecosystem that foster trust and protects citizens and businesses from cyber criminals,” adds Hia.

Kaspersky experts recommend the following for businesses to fight cyberattacks even with limited cybersecurity staff:

• Upgrade cybersecurity solutions and use centralised and automated platforms like Kaspersky Unified Monitoring and Analysis Platform (KUMA),a unified console for monitoring and analysing information security incidents, and solutions such as Kaspersky Next, a robust cybersecurity solution that defends against sophisticated cyberthreats
• Use the latest Threat Intelligence information to stay aware of actual TTPs used by threat actors.
• As many AI solutions are built on containers, it’s important to secure the infrastructure they are integrated in with cybersecurity products – such as Kaspersky Container Security – that allows companies to detect security issues at every stage of the app lifecycle, from development to operation.
• Train and upskill workforce. Building a cyber-aware culture requires a comprehensive strategy that empowers employees to gain knowledge and put it into practice. Educate employees and improve their cybersecurity literacy through tools such as Kaspersky Automated Security Awareness Platform – Employees should be aware of the risks of cybersecurity threats and how to protect themselves and organisation from them.

With Kaspersky Expert training, InfoSec professionals can advance their skills and defend their companies against attacks.

• Meet regulations to avoid legal problems or reputational damage, by ensuring your cybersecurity practice meets changing standards and legal requirements.
• Adopt secure-by-design principles. By integrating cybersecurity into each stage of the software development lifecycle, secure-by-design software and hardware become resilient against cyberattacks, contributing to the overall security of digital systems. Cyber Immune solutions based on KasperskyOS, for instance, allow companies to minimise the threat surface and significantly decrease the ability of cybercriminals to perform a successful attack.    

Kaspersky experts also advice the following for users to reduce some of the online risks:

• Use strong and unique passwords. The weakest link is often the entry point to the platform, which is the password. This should be unique and not one that you re-use on multiple social media platforms. If you struggle to come up with a unique password, consider using a password manager to generate a unique and strong password.
• Two-factor authentication. While many people choose to use SMS or email as the source of the second verification, Kaspersky recommend using an authenticator app.
• People you do not know, do not click to read the direct message. There is no reason for you to assume that you should click on any link sent from people you do not know. It may be a goal to chase the influencer wagon and make fast cash, if something sounds too good to be true, it probably is.