Best of 2022: Data protection vigilance needed amid rising cyber crime

A data privacy expert has advised that organisations in Malaysia need to remain vigilant, and to have their data protection measures in place, in light of news that cyber crime is on the rise.

According to Bernama, there were more than 20,000 cyber crime cases recorded in Malaysia in 2021, with losses amounting to RM560 million (USD125.6 million). These figures were up from the 13,000 cyber crime cases in 2019, which had resulted in losses of RM539 million (USD 120.9 million).

The figures were revealed by deputy secretary-general (Security) of the Home Ministry, Datuk Abdul Halim Abdul Rahman at the National-Level Key Targets Seminar 2022.

This announcement was made a day before the Communications and Multimedia Ministry (K-KOMM) said that it would take immediate action regarding a data breach incident involving online payment service provider iPay88.

According to K-KOMM minister Tan Sri Annuar Musa, the Malaysian Communications and Multimedia Commission (MCMC), the Personal Data Protection Department (PDPD) and CyberSecurity Malaysia (CSM) had met with iPay88 and would investigate the incident involving an affected server.

Media outlets had previously reported that iPay88 had confirmed a cybersecurity incident that may have compromised consumer credit card data.

The director of PDPD, Mazmalek Mohamad, also said recently that there had been 3,699 reports of personal data breach in Malaysia since 2017.

Benjamin Shepherdson, Country Manager, Malaysia, for data protection consultancy firm Straits Interactive, has been a data protection practitioner and trainer for the past 7 years, said that these news reports were a sign that organisations in the country needed to remain vigilant against cyber threats.

“Data is the hottest commodity today. Consumers, as data subjects, find that we need to provide our data to organisations to access products and services. So organisations need to ensure they are handling personal data properly,” he said.

One way of doing so is for organisations to appoint a Data Protection Officer as part of a Data Protection Committee, and to establish a Data Protection Management Programme, in order to ensure best practices and processes are in place to protect sensitive personal data.

Such data needs to be safeguarded to help organisations be more resilient in the face of the rising tide of cyber crimes.

Sherpherdson also recommends that businesses document the flow of personal information within the organisation.

“Through this exercise, gaps can be identified and to put proper controls in place. The Covid-19 pandemic has forced businesses to change their ways of working, such as change of vendors due to price factor can cause negligence in the way personal data is being handled.

“With a data map flow, organisations can take precautionary measures to ensure that personal and special categories of data (sensitive data) is not stored on the same platform and further controls are being implemented.

“Experiencing a cyber attack is one thing, if it involves loss of personal data in the process, that is where the Personal Data Protection Act (PDPA) will haunt the organisation,” he said.

Abdul Halim said the need to have safe and secure cyberspace today was vital to raise the cyber security agenda in the interest of the country’s key targets.

“It [is] important for the owners or occupants of the key targets to always focus or pay attention so as to ensure information security and are guarded for safety to ensure no information leaks, more so from inside the installations.”

He added that by 2025, the digital economy is expected to contribute to 22.6 percent of the country’s Gross Domestic Product (GDP).

To keep up with data protection trends and news from across the Southeast Asian region, please visit the News feed on DPEX Network.

To assess your organisation’s data protection readiness, and to take proactive measures to protect the personal data in your care, please schedule a strategy call with our consultants at sales@straitsinteractive.com.

This article was originally published on 18 August 2022.