Navigating Malaysia’s Digital Seas: A Guide for SMEs on PDPA and Cybersecurity Act Compliance

Malaysia’s digital economy is booming, but with growth comes increased cyber threats.

For Small and Medium Enterprises (SMEs), this means navigating a complex landscape of data protection and cybersecurity.

The Personal Data Protection Act (PDPA) 2010, updated in 2024, and the new Cybersecurity Act (CSA) 2024 are crucial for safeguarding personal data and fortifying national cyber defenses.

Compliance isn’t just about avoiding penalties; it’s about ensuring business continuity, building trust, and maintaining your reputation.

Why Compliance is Your Business’s New Best Friend

In 2023 alone, Malaysia saw over 10,000 cybersecurity incidents, leading to financial losses exceeding RM1.22 billion.

SMEs are particularly vulnerable due to limited resources and expertise.

These new acts, with their substantially increased penalties, underscore the urgent need for SMEs to prioritize data privacy and cybersecurity. A “wait-and-see” approach is simply too risky.

Understanding the Pillars of Protection

The PDPA focuses on safeguarding personal data within commercial transactions, emphasizing explicit consent, data security, and transparency.

Key principles include:

• General Principle: Obtain explicit consent for data processing and limit data collection to its intended purpose.
• Security Principle: Implement technical and organizational measures to protect data from misuse or unauthorized access.
• Mandatory Data Breach Notification (effective June 1, 2025): Notify the Personal Data Protection Commissioner (JPDP) within 72 hours and affected individuals within seven days if there’s a risk of significant harm.
• DPO Appointment (effective June 1, 2025): Appoint a Data Protection Officer to oversee compliance.
• Data Portability Rights (effective June 1, 2025): Individuals can request their data in a machine-readable format to transfer it to another service provider.

The Cybersecurity Act 2024, effective August 26, 2024, strengthens Malaysia’s cyber defenses.

While its primary focus is on National Critical Information Infrastructure (NCII) sectors like banking and healthcare, its influence extends to non-NCII SMEs through supply chain requirements and the promotion of general cybersecurity best practices.

The Interconnected World of Data Privacy and Cybersecurity

These two acts are deeply interconnected. Strong cybersecurity measures, as mandated by the CSA, are fundamental for fulfilling the “Security Principle” under the PDPA.

A cyberattack often leads to a personal data breach, triggering obligations under both acts simultaneously.

Common Misconceptions to Avoid

• “These laws don’t apply to my small business.” False. The PDPA applies broadly to all organizations processing personal data in commercial transactions, and the CSA indirectly impacts non-NCII SMEs.
• “Cybersecurity is solely an IT department’s problem.” False. Human error is a leading cause of breaches, making employee training and a security-aware culture crucial for everyone in the organization.
• “Compliance is just a legal checkbox to avoid fines.” False. Beyond significant financial penalties (up to MYR 1 million and/or three years imprisonment under PDPA, and up to MYR 500,000 and/or ten years imprisonment under CSA), non-compliance can cause irreparable reputational damage, loss of customer trust, and even business closure.

Your Action Plan for Compliance

1. Develop Comprehensive Policies: Create a blueprint for data handling and cybersecurity that aligns with both PDPA and CSA requirements.
2. Train Your Employees: Regular, mandatory training on data protection and cybersecurity best practices is paramount.
3. Implement Robust Technical Security: Utilize firewalls, antivirus, encryption, multi-factor authentication (MFA), regular system updates, and data backups.
4. Prepare for Incidents: Develop and regularly test an incident response plan, including mandatory data breach notification procedures.
5. Vet Third-Party Vendors: Conduct due diligence on vendors handling your data and include data protection clauses in contracts.
6. Appoint a DPO: Fulfill the new PDPA requirement by appointing a Data Protection Officer.
7. Conduct Regular Risk Assessments and Audits: Continuously identify vulnerabilities and ensure adherence to regulations.
8. Prioritize Record Keeping: Meticulously document all compliance activities, policies, and incident responses.

Final Thoughts

Proactive compliance isn’t just a legal obligation; it’s a strategic imperative that enhances customer trust, provides a competitive advantage, and ensures your SME’s long-term sustainability in Malaysia’s evolving digital economy.

Engage with regulatory bodies like JPDP and NACSA, who also serve as valuable resources and partners in your compliance journey.

The rise of AI agents is revolutionizing how we work, but with great power comes great responsibility – and new attack vectors. Recently, a groundbreaking and concerning vulnerability, dubbed EchoLeak (CVE-2025-32711), was discovered in Microsoft 365 Copilot, exposing a critical flaw in how AI agents handle sensitive information. What makes EchoLeak particularly alarming is its “zero-click” nature, meaning an attacker could exfiltrate confidential data without any user interaction.

What is EchoLeak and Why is it so Dangerous?

Discovered by Aim Security, EchoLeak is an AI command injection vulnerability that allowed unauthorized attackers to bypass security measures and disclose information over a network. Unlike traditional phishing attacks that rely on a user clicking a malicious link or opening an attachment, EchoLeak required no action from the victim.

Here’s how it worked:

• Malicious Email, Hidden Prompt: An attacker would send a seemingly innocuous business-like email to the target’s Outlook inbox. This email contained a hidden, specially crafted prompt designed to manipulate the AI assistant.
• AI’s Unintended Retrieval: When the user later asked Copilot a related question, the AI’s Retrieval-Augmented Generation (RAG) engine would retrieve the earlier, seemingly benign email, believing it was relevant to the query.
• Silent Data Exfiltration: At this point, the hidden prompt would activate. It silently instructed Copilot to extract internal data and embed it within a link or image. When this content was displayed, the embedded link was automatically accessed by the browser, sending sensitive internal data to the attacker’s server without the user ever realizing it.

This exploit leveraged how Copilot processes information from emails and documents, blurring the lines between trusted and untrusted inputs. It highlights a new class of threats called “LLM Scope Violations”, where large language models are tricked into leaking information beyond their intended context.

The Broader Implications for AI Security

While Microsoft swiftly addressed CVE-2025-32711 with a server-side fix in May 2025, and there’s no evidence of real-world exploitation, the EchoLeak discovery serves as a stark warning. It signifies a significant turning point in AI security for several reasons:

• Zero-Click is a Game Changer: The ability to compromise systems without any user interaction significantly lowers the bar for attackers and makes detection incredibly difficult.
• LLM Scope Violations: This new vulnerability class demonstrates that prompt injection isn’t the only concern for AI agents. The way AI models blend and process data from various sources can inadvertently create data leakage pathways.
• Integration Risks: As AI agents become more deeply integrated into enterprise environments and critical business workflows, the potential for data exfiltration and disruption escalates dramatically.
• Beyond Microsoft: Researchers warn that the underlying principles behind EchoLeak could affect other RAG-based AI systems that process untrusted inputs alongside internal data.

What Does This Mean for the Future of AI?

The EchoLeak vulnerability underscores the urgent need for robust security frameworks specifically designed for AI systems. Traditional cybersecurity defenses, while important, may not be sufficient to protect against these evolving threats.

Moving forward, the industry must focus on:

• Stricter Input Scoping: Implementing mechanisms to strictly separate and validate trusted and untrusted content processed by AI agents.
• Enhanced Runtime Guardrails: Developing real-time monitoring and control mechanisms to detect and prevent AI agents from performing unintended actions or leaking sensitive data.
• Continuous Vulnerability Research: Investing in ongoing research to identify and mitigate novel AI-specific vulnerabilities as the technology matures.
• Responsible AI Development: Prioritizing security by design in the development and deployment of AI agents, ensuring they operate with the principle of least privilege.

Final Thought

The EchoLeak incident is a powerful reminder that while AI promises immense benefits, its security cannot be an afterthought. As AI continues to evolve and integrate into our daily lives, vigilance and proactive security measures will be paramount to safeguarding our digital world. The silent threat of zero-click vulnerabilities demands a new era of AI security, where defense is built into the very core of these intelligent systems.

References

• The Hacker News. (2025). Zero-Click AI Vulnerability Exposes Sensitive Data Via Microsoft 365 Copilot.
• Fortune. (2025). Microsoft Copilot vulnerability with AI agents could let hackers attack users via email, say researchers.
• SOC Prime. (2025). CVE-2025-32711: Zero-Click AI Vulnerability in Microsoft 365 Copilot.
• India Today. (2025). First ever security flaw detected in an AI agent could allow hacker to attack user via email.

Introduction

Artificial Intelligence (AI) has rapidly become integral to cybersecurity operations, transforming how Security Operations Center (SOC) teams detect, analyse, and respond to threats.

Tools like Stellar Cyber’s Open XDR and SentinelOne’s behavioral AI endpoint protection leverage AI to automate threat hunting and response at scale.

However, as AI’s role expands, ethical considerations surrounding its use become increasingly important. SOC teams, especially those certified under ISO 27001:2022, must understand AI ethics to ensure responsible, transparent, and fair deployment of automated cybersecurity solutions.

The Growing Role of AI in Cybersecurity

AI and machine learning models have revolutionized cybersecurity by enabling:

• Behavioral anomaly detection: Identifying subtle indicators of compromise by learning “normal” activity baselines.
• Automated threat response: Quickly quarantining or remediating threats without manual intervention.
• Threat intelligence correlation: Analyzing large datasets to detect emerging threats or attack patterns.

Stellar Cyber’s XDR platform aggregates and correlates telemetry across endpoints, networks, and cloud environments using AI-powered analytics to highlight relevant incidents.

SentinelOne’s endpoint agent uses AI behavioral engines to autonomously detect and mitigate malware, ransomware, and fileless attacks in real time.

Key Ethical Challenges for SOC Teams Using AI

1. Bias and Fairness
   AI models rely on training data that may contain historical biases or gaps. If training data lacks diversity or includes false assumptions, AI may misclassify benign activities as malicious (false positives), or worse, overlook actual threats (false negatives). This can disproportionately impact specific user groups or cause alert fatigue.
2. Privacy Concerns
   AI-driven security tools continuously monitor user activity, raising privacy risks. Over-surveillance can expose sensitive personal data or lead to misuse of information if not properly controlled.
3. Autonomy vs Human Oversight
   While automation accelerates response times, excessive reliance on AI without human review can result in inappropriate actions, such as shutting down critical systems or blocking legitimate users.

How SOC Teams Can Address AI Ethics

• Rigorous Model Validation: Regularly test AI models against diverse datasets to evaluate accuracy, fairness, and bias. VAPT teams can simulate attacks to assess detection capabilities and false positive rates.
• Explainable AI (XAI) Integration: Use AI tools that provide interpretable outputs and justifications for alerts. Stellar Cyber and SentinelOne incorporate explainability features to aid analysts.
• Privacy-Respecting Design: Implement strict data governance policies to ensure AI systems only access necessary data, following ISO 27001:2022 privacy controls (Annex A.18).
• Human-in-the-Loop Framework: Maintain human analyst oversight for AI-driven decisions, especially in critical or ambiguous situations. Automation should assist, not replace, expert judgment.
• Ethical Governance Policies: GRC teams must develop policies outlining acceptable AI use, ensuring compliance with ethical standards and regulatory requirements.

ISO 27001:2022 and AI Ethics

ISO 27001’s risk-based approach mandates organizations to identify and treat risks from all assets and processes—including AI systems.

Controls related to access management, privacy, and incident response (Annex A.9, A.18, A.16) apply directly to AI-driven cybersecurity operations.

Continual improvement (Clause 10) encourages ongoing evaluation and adaptation of AI tools to ethical standards.

The Future of AI Ethics in SOC

As AI advances, emerging concepts like federated learning, privacy-preserving AI, and bias mitigation techniques will shape responsible cybersecurity automation.

SOC teams must stay informed, balancing technological innovation with ethical imperatives to maintain trust, compliance, and security effectiveness.

Conclusion

AI empowers SOC teams with unprecedented capabilities but also introduces complex ethical challenges.

By prioritizing fairness, transparency, privacy, and human oversight, SOCs leveraging Stellar Cyber, SentinelOne, and ISO 27001:2022 frameworks can deploy AI responsibly.

This ensures automated cybersecurity not only protects assets efficiently but also aligns with organizational values and regulatory expectations.

Final Thoughts

Cybersecurity is not a one-time task—it’s a continuous process in a landscape of ever-changing threats. As technology progresses, so do the tactics of cybercriminals. Organizations must stay one step ahead through proactive strategies.

Robust security depends on layered defenses, informed decisions, and a culture of awareness. No single tool guarantees safety—but combining smart technologies, strong policies, and skilled teams significantly reduces your risk exposure.

🛡️ Don’t rely on employees as your last line of defense.

👉 Learn how Exabytes eSecure can help fortify your cybersecurity posture before threats strike.

References

• ISMS.online. ISO 27001:2022 Annex A Explained & Simplified.
• SentinelOne. (2023). Decrypting SentinelOne Detection: The Behavioral AI Engine in Real-Time CWPP.
• Stellar Cyber. XDR Key Benefits and Use Cases.

The rise of remote work and Bring Your Own Device (BYOD) policies has reshaped workplace security.

While enabling flexibility, personal devices often lack the strict security standards of corporate assets, increasing cyberattack risks.

For ISO 27001:2022-certified SOC teams, securing these devices without harming productivity is essential.

This article explores how Stellar Cyber’s Open XDR and SentinelOne’s AI-powered endpoint protection can help secure personal devices effectively.

The Risks of Personal Devices

• Inconsistent Patch Management: Delayed or skipped updates leave devices vulnerable.
• Insecure Networks: Public Wi-Fi increases the risk of data interception.
• Malware Introduction: Devices can become infected outside corporate controls.
• Data Leakage: Sensitive data on personal devices can be exposed or stolen.
• Device Theft or Loss: Stolen or lost devices can result in unauthorized data access.

The BYOD model increases the attack surface, requiring enhanced visibility and control mechanisms.

Stellar Cyber’s Role in Securing Personal Devices

Stellar Cyber’s Open XDR platform provides unified visibility by aggregating telemetry across endpoints, networks, cloud, and applications.

• Device Behavior Analytics: Uses AI to detect anomalies on devices connected to corporate networks.
• Contextual Correlation: Correlates data across multiple vectors to highlight high-risk activities and reduce false positives.
• Automated Response: Automatically isolates compromised devices to prevent lateral movement.

This approach ensures SOC teams maintain visibility and control without being intrusive.

SentinelOne Endpoint Protection on Personal Devices

SentinelOne leverages behavioral AI to enhance endpoint protection, particularly on personal devices.

• Lightweight Agent: Operates with low system impact to ensure user compliance.
• Real-Time Behavioral Detection: Detects threats like ransomware by analyzing behavior, not just signatures.
• Automated Remediation: Neutralizes threats and restores system changes automatically.
• Device Health Monitoring: Ensures devices meet compliance standards for secure access.

Integration with VAPT and GRC Teams

• Vulnerability Assessment and Penetration Testing (VAPT): Tools like Tenable.io, Burp Suite, and SentinelOne Cloud Security help detect, assess, and remediate vulnerabilities across environments.
• Governance, Risk, and Compliance (GRC): GRC teams define BYOD policies aligned with ISO 27001:2022 to ensure secure and compliant usage.

Collaboration between SOC, VAPT, and GRC ensures comprehensive and evolving protection.

Best Practices for Securing Personal Devices

1. Strong Authentication: Enforce Multi-Factor Authentication (MFA) for device access.
2. Device Compliance Checks: Validate device security baselines before granting access using Stellar Cyber.
3. Endpoint Protection Deployment: Require SentinelOne agents on all personal devices.
4. Network Segmentation: Place personal devices on isolated VLANs to contain threats.
5. User Awareness Training: Educate users on phishing and secure practices.
6. Data Encryption: Ensure encryption of both stored and transmitted sensitive data.
7. Regular Auditing: Conduct regular checks for compliance and timely patching.

Alignment with ISO 27001:2022

ISO 27001:2022 requires risk-based controls and ongoing monitoring.

It emphasizes documented policies under Annex A.8 (Asset Management) and A.9 (Access Control), making secure personal device practices essential for certification and resilience.

Conclusion

Securing personal devices in today’s hybrid work environment demands advanced tools, clear policies, and continuous monitoring.

With Stellar Cyber’s unified visibility and SentinelOne’s automated protection, SOC teams can enforce strong security without sacrificing productivity.

Working closely with VAPT and GRC teams further ensures compliance with ISO 27001:2022 and protects organizational assets.

Final Thoughts

Cybersecurity is not a one-time task—it’s a continuous process in a landscape of ever-changing threats. As technology progresses, so do the tactics of cybercriminals. Organizations must stay one step ahead through proactive strategies.

Robust security depends on layered defenses, informed decisions, and a culture of awareness. No single tool guarantees safety—but combining smart technologies, strong policies, and skilled teams significantly reduces your risk exposure.

🛡️ Don’t rely on employees as your last line of defense.

👉 Learn how Exabytes eSecure can help fortify your cybersecurity posture before threats strike.

References

• ISMS.online. (n.d.). ISO 27001:2022 Annex A Explained & Simplified. www.isms.online/iso-27001/annex-a/
• Stellar Cyber. (n.d.). XDR Key Benefits and Use Cases. stellarcyber.ai/learn/xdr-benefits-and-use-cases/
• SentinelOne. (2023). Decrypting SentinelOne Detection: The Behavioral AI Engine in Real-Time CWPP. www.sentinelone.com/blog/decrypting-sentinelone-detection-the-behavioral-ai-engine-in-real-time-cwpp/

The cybersecurity landscape in 2025 is evolving at an unprecedented pace, largely due to the rapid development of Generative AI, particularly Large Language Models (LLMs).

While LLMs bring innovation and automation to enterprises, they also introduce new and potent risks.

One such risk is the rise of LLM-based phishing attacks — phishing campaigns crafted by AI that are nearly indistinguishable from genuine communications.

In organizations using platforms like Stellar Cyber, SentinelOne, and Tenable.io, detecting these new threats is more important than ever.

This article explores how these threats work, why they are dangerous, and how cybersecurity teams (SOC, GRC, and VAPT) certified with ISO 27001:2022 can mitigate them effectively.

In today’s digital world, cybersecurity is no longer just a concern for large corporations.

As defenses become more sophisticated, attackers are also becoming more creative.

They no longer only target tech giants like Apple or Amazon, everyone, including small and medium enterprises (SMEs), is at risk.

In fact, Malaysia recorded 6,512 cybersecurity incidents in 2020 alone, with 4,615 cases reported between January and May. The next target could be you.

In this article, we’ll highlight five commonly overlooked cybersecurity mistakes that could seriously harm your business, and show you how to avoid them.

1. Weak or Reused Passwords

One of the easiest and most common ways hackers breach security is by brute-forcing account passwords using wordlists filled with weak or reused passwords.

Many employees still use simple passwords like “123456” or “password,” and it’s not uncommon for them to reuse the same password across multiple accounts containing sensitive company data.

While this might make passwords easier to remember, it significantly increases the risk to your business.

Once one account is compromised, all other accounts using the same password are also vulnerable.

Additionally, using personal information such as birthdays or names makes passwords even easier to crack.

Hackers often use tools that can test thousands of combinations in seconds.

👉 How to avoid it:

• Do not use the same passwords on all accounts.
• Enforce strong, unique passwords for all users.
• Create a 12-to-14-character passwords that includes uppercase letters, lowercase letters, numbers and symbols.
• Make use of password managers like Bitwarden or 1Password mandatory.

2. Not Using Two-Factor Authentication (2FA)

Relying on passwords alone is no longer sufficient.

Two-factor authentication (2FA) adds an essential layer of security by requiring a second form of verification, typically through an authentication app, email, or QR code.

Without 2FA, attackers who obtain a password can easily gain full access to your systems.

This can result in data breaches, financial losses, and long-term reputational damage.

👉 How to avoid it:

• Enable 2FA on all critical services like email, cloud storage, CMS platforms, and admin portals.
• Choose app-based authentication methods like Google Authenticator or Authy instead of SMS-based codes, which can be intercepted.
• Make 2FA mandatory for all employees, not just administrators as attackers can escalate privileges once inside.

3. Ignoring Software Updates

Postponing or ignoring software updates leaves your business exposed to known vulnerabilities.

Exploits are often made public in the form of Common Vulnerabilities and Exposures (CVEs) before they are patched.

If you’re using outdated software, hackers can easily take advantage of these known flaws.

Cybercriminals actively look for outdated systems. A single unpatched vulnerability can open the door to malware, ransomware, or unauthorised access.

At Exabytes, we offer cloud services tailored for SMEs to help mitigate this risk.

Learn more on Cloud Solutions here.

👉 How to avoid it:

• Enable automatic updates for operating systems, apps, and antivirus tools.
• Designate someone (or an IT partner) to manage and monitor updates.
• Regularly audit your software to ensure it’s up to date and still supported.

4. Lack of Data Backup Strategy

Data is one of your business’s most valuable assets.

Losing it, whether due to hardware failure, ransomware, accidental deletion, or natural disasters can cripple your operations.

Unfortunately, many SMEs either don’t back up their data or rely on inconsistent manual backups.

Without secure and tested backups, recovery can be slow or even impossible.

Worse still, some companies are forced to pay ransoms to retrieve their data, encouraging future attacks.

👉 How to avoid it:

• Use automated backup tools that run daily or weekly.
• Maintain at least two backup locations: one local (external drive, NAS) and one offsite (secure cloud service).
• Test backups regularly to ensure they can be restored when needed.
• Encrypt and restrict access to your backups.

5. No Cybersecurity Training for Staff

Even with the best tools, human error remains one of the biggest cybersecurity risks.

Employees may unknowingly click on phishing links, use unsecured Wi-Fi, or download malicious files.

Unfortunately, many SMEs don’t provide regular cybersecurity training, leaving staff unaware of the risks or how to recognise them.

This is especially dangerous in remote work environments where employees manage their own devices and networks.

👉 How to avoid it:

• Provide practical cybersecurity training at least twice a year.
• Cover essential topics such as phishing awareness, secure browsing, strong password habits, and safe remote work practices.
• Use real-world examples and simulated phishing emails to reinforce learning.
• Foster a culture where employees feel comfortable reporting suspicious activities.

Conclusions

Cybersecurity isn’t just an IT problem, it’s a business-critical issue.

These five common mistakes often go unnoticed, especially in SMEs with limited resources.

The good news?

Fixing them doesn’t require a huge budget, just awareness, consistent practices, and the right tools.

Think of cybersecurity as digital hygiene.

Regular care and attention go a long way toward keeping your systems, data, and customers safe.

Final Thoughts

• (2024). Komunikasi.gov.my. Protecting SME From Cyber Attacks.
• Microsoft. (2024). Create and Use Strong Passwords.
• François Amigorena. (2022, August 4). When Two-Factor Authentication Becomes a Security Requirement, IS Decisions.
• Canada, E. (2020). Cybersecurity for small businesses: Why software updates are essential – Get Cyber Safe.
• The Essential Need for SMEs to Back Up Business Data: An MSP Perspective – TBIG Managed Solutions. (2024, August 6).
• SentinelOne. (2024, September 3). Why Employee Cybersecurity Awareness Training Is Important.

As cyber threats become faster, more complex, and increasingly automated, artificial intelligence (AI) is stepping in as the most powerful ally in modern cybersecurity defence.

In 2025, the integration of AI and machine learning (ML) into cybersecurity operations is no longer experimental—it is essential.

From real-time threat detection to automating Security Operations Center (SOC) workflows, AI is not only enhancing the efficiency of cybersecurity teams but is also filling critical gaps in the cybersecurity workforce, especially in countries like Malaysia where demand for skilled professionals outpaces supply.

The Shift to AI-Powered Threat Detection

Traditional signature-based antivirus tools are proving inadequate in an era of polymorphic malware and advanced persistent threats (APTs). AI-powered systems, such as those offered by Stellar Cyber and SentinelOne, use behavioural analytics to identify anomalies rather than relying on known attack patterns.

Stellar Cyber, for instance, utilises Open XDR (Extended Detection and Response) that ingests data from across an organisation’s infrastructure, applies machine learning models to detect abnormal behaviour, and automates responses—all within seconds (Stellar Cyber, 2025).

Similarly, SentinelOne’s Singularity platform uses AI to analyse billions of telemetry data points to autonomously detect, investigate, and respond to threats across endpoints, containers, and the cloud (SentinelOne, 2025).

AI Reduces Time-to-Detection and Response

The average time to detect a breach in traditional systems was over 200 days as of 2022, according to IBM. In contrast, AI-driven platforms can reduce this to mere minutes. This speed is critical for limiting the damage of ransomware, insider threats, or zero-day exploits.

According to a 2024 report by Capgemini, 69% of organisations believe they will not be able to respond to cyberattacks without the support of AI. The report also highlights that companies using AI experienced a 12% improvement in threat detection accuracy and a 15% reduction in the cost of breach response.

Real-World Use Cases in Malaysia

Several Malaysian enterprises and government-linked companies (GLCs) are adopting AI-based solutions to secure critical infrastructure.

Telekom Malaysia, for example, has begun piloting AI-enhanced anomaly detection within its core network infrastructure, while local banks have started integrating AI-powered fraud detection engines that monitor millions of transactions in real time.

The Malaysian Communications and Multimedia Commission (MCMC) has encouraged organisations to adopt AI in cybersecurity, especially for protecting 5G infrastructure and smart city deployments, where the attack surface is vast and complex.

Automated SOCs: AI as a Force Multiplier

AI is transforming the traditional SOC into a more agile, responsive, and data-driven environment. AI automates tasks like log analysis, threat correlation, incident prioritisation, and even remediation actions such as isolating infected endpoints.

According to a Gartner forecast, by 2026, more than 60% of SOC operations will rely on AI and machine learning to function efficiently—particularly in hybrid or cloud-native infrastructures.

This automation is particularly valuable in Malaysia where SOC analyst burnout and skill shortages remain critical issues. Automated platforms enable smaller teams to manage larger attack surfaces, especially in SMEs with limited budgets.

The Ethics of Autonomous Cyber Defence

However, as with all AI applications, ethical considerations remain crucial. False positives, model bias, and over-reliance on automation can introduce new risks. Moreover, attackers are also leveraging AI to build more convincing phishing campaigns and evade detection.

Thus, industry best practices stress the need for human oversight in automated systems. Tools like SentinelOne and Stellar Cyber include mechanisms for analyst feedback to improve detection models continuously.

Malaysia’s National AI Roadmap 2021–2025 also emphasizes the importance of “human-in-the-loop” principles to ensure ethical, accountable AI deployment in critical sectors.

Conclusion: From Defence to Prediction

AI is moving cybersecurity from a defensive posture to a predictive one. Instead of merely reacting to incidents, organisations are now using AI to anticipate potential threats, assess vulnerabilities, and proactively strengthen defences.

For Malaysian businesses—especially those in finance, healthcare, logistics, and telecommunications—investing in AI-powered cybersecurity is no longer a luxury, but a necessity for survival in a threat landscape that evolves by the second.

Final Thoughts

Cybercriminals are evolving—and so should your cybersecurity. AI isn’t just a tool; it’s your frontline defence in a rapidly shifting digital battlefield.

Modern threats demand smarter, faster, and predictive solutions. With AI-powered platforms, you’re not just reacting to attacks—you’re preventing them before they start.

🛡️ Don’t wait for your employees to be the last line of defence.

👉 Start with Exabytes eSecure to explore how we can help you with cybersecurity-related issues.

References

• Capgemini. (2024). Reinventing Cybersecurity with Artificial Intelligence.
• Gartner. (2025). Cybersecurity Trends: Resilience Through Transformation.
• IBM. (2022). Cost of a Data Breach Report 2022.
• MCMC. (2025). Cybersecurity Guidelines for 5G and Smart Infrastructure.
• MyDigital. (2025). National Artificial Intelligence Roadmap 2021–2025.
• SentinelOne. (2025). Singularity XDR Platform Overview.
• Stellar Cyber. (2025). Open XDR Explained.

In 2025, ransomware remains one of the most severe and disruptive cybersecurity threats facing businesses globally.

As attack methods grow more sophisticated and ransom demands rise, companies—regardless of size—must reassess their preparedness for an incident that is no longer a question of “if,” but “when.”

According to a 2025 report by Sophos, 66% of organisations experienced a ransomware attack in 2024, with average ransom payments soaring past USD 1.5 million.

Malaysia, like many Southeast Asian nations, has seen a sharp increase in reported cases, particularly among SMEs and healthcare providers.

Ransomware-as-a-Service (RaaS): Lowering the Barrier for Cybercriminals

The rise of Ransomware-as-a-Service (RaaS) is fueling this wave of attacks.

RaaS platforms—such as LockBit, BlackCat, and Akira—offer user-friendly interfaces, subscription models, and even customer support, allowing individuals with limited technical skills to launch devastating campaigns.

These platforms often include features like encryption algorithms, automated payload delivery, and real-time dashboards to track infections—blurring the line between malware and legitimate SaaS platforms.

Double and Triple Extortion Tactics

Modern ransomware campaigns frequently involve more than just encrypting files. Double extortion—where attackers steal sensitive data before encrypting it—gives them leverage to demand payment or risk public exposure. In 2025, triple extortion has become prevalent, involving threats to customers, vendors, or regulatory authorities.

A recent case in Malaysia involved a logistics company whose client data was leaked on a dark web forum after refusing to pay a ransom demand in Bitcoin. CyberSecurity Malaysia confirmed that the breach exploited an unpatched vulnerability in an outdated firewall appliance.

Why Malaysian Businesses Are at Higher Risk

Malaysia’s digital economy is booming, but cybersecurity maturity across industries remains uneven. Many small and medium enterprises (SMEs) lack the resources or knowledge to implement comprehensive cybersecurity strategies.

According to the Malaysia Cyber Security Strategy 2020–2024, ransomware is among the top five threats targeted at national critical information infrastructure. The government has issued multiple advisories urging businesses to improve endpoint protection, back up data regularly, and conduct tabletop exercises to simulate breach scenarios.

Furthermore, new amendments to the PDPA 2024 mandate breach notification obligations, making ransomware attacks not just a security risk but also a legal one.

The Financial and Reputational Fallout

Beyond ransom payments, ransomware incidents cause severe business disruption. Downtime, data recovery, reputational damage, legal liabilities, and regulatory fines can accumulate costs far beyond the ransom itself.

A study by IBM estimates that the average cost of a data breach in 2024 was USD 4.45 million, with ransomware breaches ranking among the most expensive due to their complex nature.

Preparing for the Inevitable

The most effective defence is preparation. Experts recommend the following steps:

1. Implement a 3-2-1 backup strategy — Maintain three copies of data, on two different storage types, with one copy offline.
2. Patch early, patch often — Most ransomware exploits known vulnerabilities. Maintain a strict patch management routine.
3. Use Endpoint Detection & Response (EDR) — Solutions like SentinelOne and Microsoft Defender for Endpoint can detect and stop threats in real-time.
4. Employee training — Human error remains the most common entry point. Regular phishing simulations and cybersecurity training are essential.
5. Have a ransomware response plan — Prepare a communication plan, legal contacts, and incident response protocols.

The Role of Law Enforcement and International Cooperation

In 2025, international cooperation has become a cornerstone in fighting ransomware. Operations led by INTERPOL and Europol have successfully disrupted several ransomware gangs, including the takedown of the notorious Hive group in early 2025 (Europol, 2025).

In Malaysia, the National Cyber Security Agency (NACSA) has strengthened its partnerships with ASEAN counterparts, working closely with industry players through public-private information sharing.

Conclusion: Resilience Over Reaction

As ransomware becomes more targeted and complex, businesses must shift from reactive to resilient cybersecurity strategies. The threat is real, growing, and expensive—but with adequate planning and investment, it is also manageable.

Ransomware isn’t going away. But those who prepare will not only survive—they’ll outpace competitors still stuck in reactive mode.

Final Thoughts

Ransomware and other cyber threats aren’t slowing down—and neither should your defences. Security isn’t a checklist item; it’s a mindset.

A truly resilient organisation invests in layered protection, up-to-date intelligence, and ongoing employee awareness. The goal? Stay one step ahead, always.

🛡️ Don’t wait for your employees to be the last line of defence.

👉 Start with Exabytes eSecure to explore how we can help you with cybersecurity-related issues.

References

• IBM. (2024). Cost of a Data Breach Report 2024. Retrieved from ibm.com/reports/data-breach
• Kaspersky. (2025). What is Ransomware-as-a-Service?. Retrieved from kaspersky.com/blog/what-is-ransomware-as-a-service/48313/
• Christopher & Lee Ong. (2025). Launch of Personal Data Protection Guideline for Cross Border Data Transfers. Retrieved from christopherleeong.com/viewpoints/launch-of-personal-data-protection-guideline-for-cross-border-data-transfers/
• Europol. (2025). Cybercriminals stung as HIVE infrastructure shut down.
• Sophos. (2025). The State of Ransomware 2024.
• National Cyber Security Agency (NACSA). (2024). Malaysia Cyber Security Strategy 2020–2024. Retrieved from nacsa.gov.my