The Covid-19 pandemic, lockdowns, and the shift to remote working have contributed to a rapid rise in ransomware in Malaysia.
According to Sophos’ annual study of Ransomware 2022, 79% of Malaysian businesses are seeing an alarmingly high number of ransomware attacks in 2021 compared to other regions.
Targets range from small unlisted companies to large organisations and government agencies, often with sophisticated cyber defences and policies.
However, with more organisations embracing remote working, it is more critical than ever that they protect themselves and their people from ransomware attacks — but how?
In this article, we explore the government bodies that supervise cyber security and legislation that deters ransomware in Malaysia.
Malaysia Government Agencies That Are Deal With Cyber Security
There are many government agencies and units that are responsible for handling matters relating to cyber security and ransomware in Malaysia.
Among them are:
National Cyber Security Agency (NACSA)
It coordinates and consolidates the nation’s cyber security experts and resources to develop and implement national-level cyber security policies and strategies.
Malaysian Common Criteria Evaluation and Certification (MyCC) Scheme
The MyCC Scheme is a systematic process for evaluating and certifying the security functionality of ICT products against strict criteria or standards.
This scheme also consists of an Evaluation Facility that carries out security evaluations against agreed standards in an independently accredited environment.
Cyber999 Help Centre
Cyber999 is a cyber security incident response centre operated by MyCERT (Malaysia Computer Emergency Response Team) to report cyberbullying incidents that threaten internet users’ safety or privacy.
A trained incident handler will work with CyberSecurity Malaysia, law enforcement agencies, and internet service providers to resolve security complaints.
Awareness also plays a crucial role in protecting ourselves from ransomware attacks. CyberSAFE Malaysia is an initiative by the government to increase public awareness and knowledge of cyber safety and ransomware attacks in Malaysia.
It provides guidelines and resources for Malaysians to ensure their online experience is positive and secure.
You can also use security solutions such as Acronis Cyber Protect to provide protection against external threats and help you avoid data loss.
This encryption technology provides a new level of security for your business & ensures you recover from a ransomware situation if it is ever faced.
Legislations Relating to Ransomware Cyber Security
The following legislations are in place to prevent cybercrime and ransomware attacks in Malaysia:
Computer Crimes Act 1997 (CCA 1997)
As one of the earliest legislations enacted to battle cybercrime in Malaysia, CCA 1997 is a statutory legislation governing offences relating to computer misuse.
Section 5 of CCA 1997 makes infection of IT systems with malware (ransomware, spyware, worms, trojans and viruses) an offence when the act is made knowing that it will cause unauthorised modification to contents in any computer.
Communications and Multimedia Act 1998 (CMA 1998)
CMA 1998 regulates the administration and licensing requirements of multimedia operations as well as the utilisation of network services.
Its objectives are:
- To promote national policy goals for the communications and multimedia industry
- To develop a licensing and regulatory framework that supports the national policy objectives for the communications and multimedia industry
- To establish the powers and functions of the Malaysian Communications and Multimedia Commission (MCMC)
- To establish procedures for the administration of the CMA 1998
Penal Code (PC)
Besides that, the offence of extortion under Section 383 of PC is also a measure to deter cybercrime related to a ransomware attack.
This provision states that when one intentionally puts the victim in fear of any injury to themself or any other and thereby dishonestly induces the victim to deliver any property or valuable security, it amounts to extortion.
Therefore, if anyone is found guilty of extorting money from a victim through a cybercrime, the person may be found guilty under PC.
Once a company falls victim to a successful ransomware attack, the technical and legal considerations are significant.
However, they can be prevented by following guidelines provided under the various cybersecurity legislations enacted in Malaysia.
We recommend that all organisations keep a close eye on legal developments and seek advice from IT security professionals in Malaysia.
They have the expertise to evaluate whether your security controls will safeguard your data from ransomware.
In addition, you should consider using all-time cloud security services and solutions such as Cloudflare, Acronis, SentinelOne and McAfee to meet your company’s needs while maintaining critical data sovereignty.
Aegis Cloud Endpoint Backup (CEB)
Aegis offers comprehensive cloud endpoint backup services designed around our customers and delivered on the platform that best meets their needs.
Whether you are looking to solve IT issues, develop a strategy, utilise managed services, or secure your IT infrastructure, we are the end-to-end services provider that can help.
Aegis CEB is the ideal data protection solution for your business.
It is an automatic backup solution for your endpoint devices, with pro-active monitoring and maintenance to protect your data from human error, malware and theft.
Originally from: www.aegis.com.my/ransomware-malaysia