Strengthening Malaysia's Digital Frontline: Cybersecurity Realities and Roles

Tuesday, 28 October 2025 |
3 mins read

As Malaysia accelerates its digital transformation, the nation stands at a critical juncture where opportunity must meet resilience. With cyber threats becoming more frequent and sophisticated, Ts. Mohammad Zaharudin Ahmad Darus, Head of Cyber Risk Intelligence at CyberSecurity Malaysia, shares insights into national-level cyber risks, the sectors most at risk and why stronger collaboration is crucial to defending Malaysia's digital frontlines.

Ts. Mohammad Zaharudin Ahmad Darus
Head of Cyber Risk Intelligence
CyberSecurity Malaysia

Q1. What is Malaysia's current cybersecurity landscape amid its digital leaps?

Ts. Mohammad Zaharudin: Malaysia's digital growth is rapidly advancing but so are its cyber risks. In 2024, 6,209 incidents were reported (cybersecurityasia.net). At the same time, the country is attracting significant investment in cloud computing and Artificial Intelligence ("AI") infrastructure. Google has committed $2 billion to establish its first data centre and cloud hub in Malaysia, while Microsoft has pledged $2.2 billion towards expanding its cloud and AI services. These developments position Malaysia as a key digital hub in Southeast Asia but also increase its exposure to cyber threats.

While national policies like the Cyber Security Act 854 (2024) and amendments to the PDPA are important, true resilience lies in how fast organisations can detect, respond, and recover from cyber incidents. Situational awareness is critical. Many SMEs still only take cybersecurity seriously once they've already been hit. Whether it's financial loss or emotional stress, the panic often sets in too late.

Q2. Which sectors are most vulnerable and why?

Ts. Mohammad Zaharudin: High-value sectors like government, finance, telco, healthcare, and manufacturing are the primary targets due to the sensitivity and value of their data. The 12,643 ransomware cases reported in 2024 (Kaspersky), a rise from 2023, highlight how attackers exploit vulnerable and compromised credentials. More than half of the campaigns we studied used stolen credentials. Identity-based attacks are now the most common entry point.

Q3. What emerging threats should businesses prepare for in 2025?

Ts. Mohammad Zaharudin:

Ransomware-as-a-Service (RaaS)

There's been a 45% increase in RaaS attacks, often targeting SMEs with limited resources.

Advanced Phishing and Social Engineering

Still the top concern for 54% of Malaysian organisations. The use of AI-powered social engineering tactics and deepfakes makes phishing attacks more sophisticated and convincing.

Supply Chain Exploits

As systems become more interconnected, vendor vulnerabilities are increasingly targeted. Malaysia's exposure rate is above global norms.

Identity and Account Exploits

With rising internet use and forced data collection, stolen data is used to create fake digital identities. This highlights the urgency for stronger policies like the Amended PDPA 2024.

Attackers are faster and more deceptive, often exploiting human error. Businesses must invest in threat intelligence, third-party risk management and AI-powered security tools. Social engineering remains the simplest way in — once an attacker has your credentials, they can impersonate you. Our three years of dark web analysis confirm that this tactic is surging.

Q4. How are attackers evolving their tactics?

Ts. Mohammad Zaharudin: Attackers now leverage AI to automate and personalise attacks, like deepfake-powered phishing. We're seeing more multi-vector assaults targeting several systems at once, as well as greater exploitation of zero-day vulnerabilities.

Attackers no longer need to break in. They just log in, often with your stolen credentials. That's why multi-factor authentication ("MFA") is no longer optional; it's a basic yet critical layer of protection every organisation must have. Traditional defences aren't enough on their own. They must be supported by adaptive, real-time threat detection and response systems.

Q5. What role can telcos like TIME dotCom play in national cyber defence?

Ts. Mohammad Zaharudin: Telcos like Time are positioned as both a connectivity provider and a cybersecurity enabler. Through partnerships with LGMS, Tecforte and a strategic collaboration with CyberSecurity Malaysia, Time is helping to strengthen the nation's cyber resilience. One key initiative includes safeguarding AI-driven financial platforms, such as the partnership with IBPO Group, ensuring data integrity and regulatory compliance in high-risk environments.

Q6. How does the collaboration between Time and CyberSecurity Malaysia enhance cyber resilience?

Ts. Mohammad Zaharudin: The collaboration focuses on:

Threat intelligence sharing

Threat intelligence sharing

Joint policy and framework development

Joint policy and framework development

Coordinated incident response

Coordinated incident response

Public awareness and education initiatives

Public awareness and education initiatives

These efforts align with the Malaysian Cyber Security Strategy ("MCSS") and reinforce the importance of shared responsibility between public and private sectors in securing the national digital ecosystem, especially as Malaysia prepares for more aggressive digital adoption across sectors.

As Malaysia continues to advance its digital ambitions, the real test lies in how well we safeguard the systems that support them. Ts. Zaharudin's insights remind us that cybersecurity is not just a technical responsibility; it's a shared one. With proactive collaboration between government, industry players, and technology partners, Malaysia is taking the right steps to secure its digital future. While challenges remain, the foundations for a more resilient, cyber-aware nation are already being laid.

Stay Ahead of Modern Cyber Threats

Ransomware, identity theft, and digital deception are reshaping today’s risk. Fortify your defences with tailored protection that keeps your business resilient.

SCHEDULE A CONSULTATION
Back to Security

About Time

Our Company

Newsroom

Investor Relations

Career

Sustainability

Governance

Reference Access Offer

More From Time

Home Fibre

Time Business

Time Enterprise

Time Wholesale

Emit Solar

Time Charge N Go

Students

Help

Live Chat

FAQ

FAQ

Application Status

Announcements

Follow Us

Download App

Copyright 2025 TIME dotCom Bhd 199601040939 (413292-P). All rights reserved.

Redress your complaints at the Consumer Forum Malaysia CFM www.cfm.my/complaint-channels