The COVID-19 pandemic, lockdowns and the shift to remote working have contributed to a rapid rise in ransomware in Malaysia. Targets range from small unlisted companies to large organisations and government agencies, often with sophisticated cyber defences and policies.
However, with more organisations embracing remote working, they must protect themselves and their people from ransomware attacks — but how?
In this article, we explore the government bodies that supervise cyber security and legislation that deters ransomware in Malaysia.
Government Bodies that Manage Cyber Security in Malaysia
There are many government agencies and units that handle matters relating to cyber security and ransomware in Malaysia. Among them are:
1. National Cyber Security Agency (NACSA)
It also coordinates and consolidates the nation’s cyber security experts and resources. By doing so, they help develop and implement national-level cyber security policies and strategies.
2. Malaysian Common Criteria Evaluation and Certification (MyCC) Scheme
The MyCC Scheme evaluates and certifies the security functionality of ICT products against strict criteria or standards.
It also consists of an Evaluation Facility that carries out security evaluations against agreed standards in an independently accredited environment.
3. Cyber999 Help Centre
MyCERT (Malaysia Computer Emergency Response Team) operates Cyber999, a cyber security incident response centre in Malaysia.
A trained incident handler will work with CyberSecurity Malaysia, law enforcement agencies, and internet service providers to resolve security complaints.
4. CyberSAFE Malaysia
Awareness also plays a crucial role in protecting ourselves from ransomware attacks. CyberSAFE Malaysia is an initiative to increase public awareness and knowledge of cyber safety and ransomware attacks in Malaysia.
It provides guidelines and resources for Malaysians to ensure their online experience is positive and secure.
Legislations Relating to Ransomware
The following legislations are in place to prevent cybercrime and ransomware attacks in Malaysia:
1. Computer Crimes Act 1997 (CCA 1997)
As one of the earliest legislations enacted to battle cybercrime in Malaysia, CCA 1997 is a statutory legislation governing offences relating to computer misuse.
Section 5 of CCA 1997 makes infection of IT systems with malware (ransomware, spyware, worms, trojans and viruses) an offence when the act is made knowing that it will cause unauthorised modification to contents in any computer.
2. Communications and Multimedia Act 1998 (CMA 1998)
CMA 1998 regulates the administration and licensing requirements of multimedia operations as well as the utilisation of network services.
Its objectives include:
- Promoting national policy goals for the communications and multimedia industry
- Developing a licensing and regulatory framework that supports the national policy objectives for the communications and multimedia industry
- Establishing the powers and functions of the Malaysian Communications and Multimedia Commission (MCMC)
- Establishing the procedures for the administration of the CMA 1998
3. Penal Code (PC)
Besides that, the offence of extortion under Section 383 of PC is also a measure to deter cybercrime related to a ransomware attack.
This provision states that when one intentionally puts the victim in fear of any injury to themself or any other and thereby dishonestly induces the victim to deliver any property or valuable security, it amounts to extortion.
Therefore, if anyone is found guilty of extorting money from a victim through a cybercrime, the person may be found guilty under PC.
Read More: Endpoint Backup Saves Businesses
Once a company falls victim to a successful ransomware attack, the technical and legal considerations are significant. However, they can be prevented by following guidelines provided under the various cybersecurity legislations enacted in Malaysia.
We recommend that all organisations keep a close eye on legal developments and seek advice from IT security professionals in Malaysia. They have the expertise to evaluate whether your security controls will safeguard your data from ransomware.
Aegis Cloud Endpoint Backup (CEB)
Aegis offers comprehensive cloud endpoint backup services designed around our customers and delivered on the platform that best meets their needs.
Whether you are looking to solve IT issues, develop a strategy, utilise managed services, or secure your IT infrastructure, we are the end-to-end services provider that can help.
Aegis CEB is the ideal automatic backup solution for your business. It is an automatic backup solution for your endpoint devices, with pro-active monitoring and maintenance to protect your data from human error, malware and theft.