Wan Agyl Wan Hassan commended Prasarana for acting swiftly to secure its systems but said the breach exposed deep-rooted vulnerabilities that must be addressed immediately.
“This is not an isolated case. It’s part of a worrying trend.
he told FMT.Our reactive stance on cybersecurity has repeatedly left critical infrastructure and sensitive data at risk,
Wan Agyl said the Prasarana incident adds to a growing list of breaches, including one in 2017 that exposed the personal data of over 46 million mobile phone service subscribers as well as multiple breaches that have struck Telekom Malaysia.
Despite these red flags, the national approach to cybersecurity remains largely reactive, focused on damage control rather than prevention, he said.
The reality is, this approach isn’t keeping up with the fast-evolving cyber threats we face today, and that’s a problem we can no longer afford to ignore.
On Monday, Prasarana confirmed a significant cybersecurity incident involving a ransomware attack that accessed parts of its internal systems and compromised approximately 316GB of data from its website.
Despite this, the public transport operator assured the public that its daily operations and public transport services have not been affected by the attack.
The ransomware attack was reportedly linked to RansomHub, a group known for creating and distributing ransomware to other cybercriminals.
Prasarana said it is coordinating with the National Cyber Security Agency (Nacsa) and CyberSecurity Malaysia to provide a thorough response and safeguard its systems against further threats.
But Wan Agyl said there is a need to change the approach to cybersecurity. He said the data breaches that have occurred were proof the current approach is ineffective.
Wan Agyl said the time has come for persons to be held accountable for incidents rather than merely calling for improvements to cybersecurity protocols.
Agencies like CyberSecurity Malaysia and the Nacsa need to have clear mandates, the authority to act, and the resources to make real changes, he said.
The Cyber Security Act 2024 which came into force on Monday deals with the establishment of the national cybersecurity committee. It also spells out the duties and powers of the Nacsa chief executive.
Wan Agyl also called for advanced security frameworks to be adopted, including by harnessing AI-driven solutions for real-time threat detection and prevention.
he added.(The) days of relying on outdated, reactive security approaches are over,
He said there was also a need to make regular assessments and drills mandatory, as proactive preparation is one way to stay ahead of these threats.
Waiting for the next breach before taking action is not an option. The government must mandate regular vulnerability assessments and incident response drills across all critical sectors, including GLCs.
Wan Agyl said there is also a need to invest in building a skilled cybersecurity workforce capable of anticipating and mitigating threats.
This means comprehensive training for everyone involved, from IT professionals to general staff, to create a proactive security culture. - FMT
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.