2024 Cyberattacks Shook Malaysia—Now What?

By Salleh Kodri, SE Regional Supervisor, Cyble

2024 wasn’t simply one other 12 months in Malaysia’s digital journey — it was a wake-up name.

For these of us who’ve spent many years within the trenches of cybersecurity, watching logs, tracing threats, and hardening infrastructure, the wave of cyberattacks that hit our nation this previous 12 months wasn’t shocking. However the scale, the coordination, and the financial fallout? That was one thing else totally.

Let me break down what occurred — not simply the headlines, however what it means for our economic system, and why Malaysia must cease treating cybersecurity as a footnote and begin treating it like nationwide infrastructure.

The Breach That Broke Our Complacency

By the point we hit Q3 in 2024, over 1,500 cyberattacks had been recorded towards authorities ministries and important infrastructure methods. These weren’t novice phishing attempts. They had been sustained, subtle, and clearly state-backed or state-level in complexity. Just a few key ministries went darkish for hours. Considered one of our public healthcare methods skilled short-term data corruption. And a utilities supplier needed to isolate its management methods for 36 hours to keep away from an entire system compromise.

And right here’s the factor: not all of it made the information.

Behind closed doors, systems were patched, teams scrambled, and boards panicked. The cost wasn’t just digital — it was economic.

Counting the Economic Damage

You might think, “It’s just data.” But cyberattacks bleed actual cash. Based on IBM’s 2024 data breach report, the typical value of a breach in ASEAN rose to $3.23 million, with the monetary companies sector averaging over $5.57 million per incident. Malaysia wasn’t spared. A number of main Malaysian corporations — together with one logistics large and a digital financial institution — quietly shelled out hundreds of thousands to include the harm, restore methods, and placate regulators and clients.

Right here’s the place it hits the broader economic system:

• Overseas traders started questioning the resilience of our digital infrastructure.
• SMEs, which make up over 97% of our companies, lacked cyber-readiness and noticed disrupted operations and misplaced belief.
• Public belief in digital authorities companies took successful, simply once we had been attempting to push digital ID and e-payments deeper into every day life.

A senior official in a single ministry informed me bluntly: “We thought we had 5 extra years to organize. We didn’t.”

The RM60 Million Band-Help

To its credit score, the federal government responded. Funds 2024 allotted RM60 million to strengthen cyberattack preparedness, develop native cybersecurity testing frameworks, and assist 5G tech safety.

It’s a begin — however let’s be clear. RM60 million doesn’t stretch far in cyber protection. That’s possibly a dozen enterprise-scale security upgrades or just a few hundred well-trained specialists. For comparability, Singapore’s Cyber Security Agency has had an annual finances exceeding SGD 100 million since 2019. That’s the type of funding we’re up towards regionally.

A Legislation Lengthy Overdue

What we actually wanted — and at last acquired — was the National Cyber Security Bill, handed in March 2024. It was years within the making and offers actual authorized spine to our cyber protection efforts.

Now, Essential Nationwide Info Infrastructure (CNII) operators are legally certain to report incidents, meet compliance requirements, and endure common risk assessments. It’s now not voluntary — and that’s a very good factor.

However enforcement will likely be key. We’ve seen legal guidelines on paper with out chunk earlier than.

The Expertise Disaster No one’s Speaking About Sufficient in Malaysia

Let’s discuss concerning the folks behind the screens.

Malaysia at the moment has 15,000 cybersecurity professionals, and we want not less than 27,000 simply to fulfill present demand. That’s a niche of 12,000 expert people. And the assaults are solely going to get extra advanced.

This talent shortage is killing us.

Lots of our greatest minds are being poached by MNCs or lured overseas. We’ve acquired polytechnic grads doing L1 safety ops after they may very well be skilled into penetration testers, incident responders, and SOC analysts.

If we don’t begin investing in folks as a lot as in tech, we’re going to lose this combat earlier than it actually begins.

A Nation’s Resilience Is Now Digital

Cybersecurity isn’t a distinct segment IT downside anymore. It’s nationwide safety. It’s financial safety. And it’s about belief.

In 2024, Malaysians noticed what occurs when digital methods fail: queues at clinics, financial institution transfers on maintain, GPS routes offline, and even transient water provide disruptions in a northern state. These aren’t “tech points.” These are real-life disruptions to actual folks.

And the knock-on impact? Delayed investments, rattled provide chains, and successful to our digital economic system ambitions.

If we’re critical about being a Southeast Asian digital hub, we have to act prefer it, and which means constructing cybersecurity into each layer of our economic system.

The place Do We Go From Right here?

Right here’s what must occur in 2025 if we need to bounce again stronger:

1. Double our cyber workforce coaching pipeline – fast-track packages, sponsor certifications, retrain IT execs.
2. Mandate cyber-readiness for all important infrastructure operators, not simply these in authorities.
3. Set up a nationwide bug bounty program – crowdsource safety with white-hat hackers.
4. Assist SMEs with reasonably priced, shared cybersecurity companies – they’re our most susceptible phase.
5. Deal with cyber threat the identical as monetary threat – embrace it in board conferences, audits, and nationwide financial planning.

Remaining Phrase

We dodged a bullet in 2024. However bullets maintain coming.

Malaysia has expertise, drive, and potential. However within the cyber world, potential isn’t sufficient. Preparedness is every thing.

Let’s make 2025 the 12 months we cease reacting and begin main.

Associated