It is an undeniable fact that humans are becoming increasingly dependent on technology, particularly communication and digital technology, in navigating life in this modern world.
However, the same technology also has the potential to pose threats to national security and even cripple an entire nation when misused by those with malicious intent.
Take social media as an example – originally created as a platform for building social networks, it has now also become a tool for spreading extremism, hate speech and fake news, which can lead to devastating consequences.
NCII THREATS
Describing cybersecurity threats as complex, diverse and evolving alongside technological advancements, National Cyber Security Agency (NACSA) chief executive Ir Dr Megat Zuhairy Megat Tajuddin said while technologies such as artificial intelligence (AI) and the Internet of Things provide opportunities for innovation, they also come at a cost due to the risk of misuse.
Ir Dr Megat Zuhairy Megat Tajuddin, National Cyber Security Agency (NACSA) Malaysia chief executive.
He also said cybersecurity threats in Malaysia today include attacks on the National Critical Information Infrastructure (NCII) which, according to the National Cybersecurity Act 2024 (Act 854), is a computer or computer system where any disruption or destruction of the computer or system could have detrimental effects on the delivery of essential services related to security, defence, foreign relations, economy, public health, public well-being or public order in Malaysia, or on the ability of the federal government or any state government to perform its functions effectively.
Megat Zuhairy said at present, NACSA has identified 11 NCII sectors, namely government; banking and finance; transportation; defence and national security; information, communication and digital; healthcare services; water, sewerage and waste management; energy; agriculture and plantation; trade, industry and economy; and science, technology and innovation.
“As of end-January 2025, a total of 43 heads for all NCII sectors have been identified and appointed. All these sector heads must designate the NCII entities under their respective supervision based on the criteria set by NACSA,” he told Bernama recently.
On Jan 27, Bernama reported that global cybersecurity company Kaspersky detected and blocked 27.9 million web threats in Malaysia in 2024, an increase of four percent from 2023. According to Kaspersky’s latest Security Network report, Malaysia now ranks 30th worldwide for web threats.
HUMAN RIGHTS CHALLENGES
Megat Zuhairy acknowledged that balancing security with human rights, particularly the right to freedom of speech, presents a significant challenge for law enforcement in maintaining national security. However, he stressed, in the context of cybersecurity, national sovereignty and interests remain the top priority without any compromise.
“In this regard, NACSA adheres to the principle of transparency in providing information to stakeholders,” he said.
The agency has strategic collaborations and continuously engages with multi-stakeholders, including law enforcement agencies, civil society organisations and others, to ensure a collective understanding and agreement in addressing cybersecurity issues.
National Cyber Security Agency (NACSA) promotes awareness about cyber security and cybercrime prevention across all social levels, including children.
NACSA has also established strategic partnerships with the Malaysian Communications and Multimedia Commission (MCMC), police and other relevant agencies to curb and address the misuse of social media and online platforms for terrorism purposes.
With the Cyber Security Act 2024 having come into effect on Aug 26, 2024, three sub-committees have been formed under the National Cyber Security Committee, namely Cyber Crime Combat Committee, Cyber Security Crisis Management Committee and Cyber Security Awareness Coordination Committee.
“The sub-committees’ role is to ensure all cybersecurity threats – including those posed by terrorists – are thoroughly examined and addressed accordingly,” Megat Zuhairy said, adding NACSA also works with law enforcement agencies to combat foreign terrorist propaganda targeting Malaysians on cyberspace.
He also said Malaysia’s legal framework will be strengthened and improved from time to time. NACSA is also currently coordinating follow-up actions with regard to the drafting of the Cybercrime Bill, which is expected to be tabled in Parliament in October 2025. The new bill, when passed, will replace the outdated Computer Crimes Act 1997, which has never been amended since it was enforced.
TRAFFIC ANALYSIS CONSTRAINTS
Meanwhile, sharing his perspective, Malaysia Cyber Consumer Association (MCCA) president Siraj Jalil said ensuring national cybersecurity is closely linked to the ability to monitor and analyse cyber traffic in real-time, a task that is becoming increasingly challenging due to the growing volume of data and the speed of cyberattacks.
This challenge is further compounded by the rise in irresponsible online activities, including malware attacks, phishing scams, denial-of-service (DoS/DDoS) attacks, hacking and ransomware attacks.
“AI can be used to filter and detect threats but cybercriminals are becoming more sophisticated in concealing their tracks by using, among others, fake SIM cards – which allow their telecommunications identity to be registered under someone else’s name – and virtual private networks which can alter IP ownership information,” he said.
However, technological advancements have led to the development of various tools and systems that can help detect and prevent cyberterrorism activities. AI, for example, can be used to analyse digital behaviour patterns to identify potential threats in real time.
President of the Malaysian Cyber Consumer Association (MCCA), Siraj Jalil.
“AI can automatically filter extremist content on social media and detect suspicious communications across various digital platforms. And, big data analytics enables authorities to analyse vast amounts of data to track individuals involved in terrorist activities,” he added.
Siraj also highlighted the role of blockchain technology in tracking financial transactions to fund terrorism activities, thanks to its transparent and immutable records.
“Intrusion Detection Systems (IDS) and Intrusion Prevention Systems are widely used within the country’s cybersecurity infrastructure to detect and block cyberattacks before they compromise critical systems,” he said.
He also noted that biometric authentication and digital identity tracking help ensure secure access to high-risk systems.
According to Malaysia Computer Emergency Response Team (MyCERT) statistics, online fraud accounted for the highest number of incidents reported in 2024 with 4,219 cases, followed by content-related offences (578 cases), malicious code transmissions (427 cases), intrusion attempts (408 cases), intrusions (347 cases), vulnerability reports (113 cases), spam (97 cases) and denial-of-service attacks (20 cases).
EXTORTION, EXPLOITATION
Commenting on the threat of cyberattacks on the nation’s critical sectors, Siraj said the financial sector is one of the high-risk targets for cybercriminals attempting to steal banking information and customer funds, which can disrupt the economy.
He said cyberattacks on the healthcare sector, particularly medical record systems, can lead to leaks of sensitive patient data, which may be exploited for blackmail or extortion. In the defence sector, the risk of cyber espionage and attacks could cripple the national security system.
Despite the benefits of unlimited access to information and seamless communication, concerns have emerged regarding the potential ‘costs’ associated with the advantages of this borderless world created by social media platforms. This includes psychological stress, emotional disturbances and challenges in communication and social relationships among children.
“Attacks on these critical sectors not only cause major economic and social losses but can also serve as a strategic tool for terrorist groups to destabilise a country. Continuous monitoring by authorities and security agencies enables early detection of suspicious activities, allowing for preventive actions to be taken.
“Collaboration with digital service providers, particularly social media platforms, is essential to ensure that terrorism-related content is swiftly removed. Community involvement in reporting suspicious activities on digital platforms can also aid in curbing the spread of extremism,” he said.
Siraj added the proactive steps taken by the MADANI government to strengthen cybersecurity – including efforts to protect personal data, combat cyber terrorism and curb extremist propaganda – are evident in the introduction of the Cyber Security Act 2024 and Personal Data Protection (Amendment) Act 2024, as well as amendments to the Penal Code and Criminal Procedure Code.
He said the proposed Cybercrime Bill seeks to provide clearer guidelines on various forms of cyber offences and impose harsher penalties on offenders.
“This will, in turn, grant authorities broader powers to address any misconduct online that poses a threat to users,” he added.
INTERNATIONAL COOPERATION
Megat Zuhairy, meanwhile, said international cooperation is crucial in combating global terrorism. He said when countries share information, resources and intelligence pertaining to cybersecurity threats, NACSA can act more effectively against entities that support or finance terrorism.
He added that this strategic synergy enhances active monitoring and effective responses to cross-border cyber threats while reinforcing stronger defence networks.
“At the regional level, the ASEAN Regional Computer Emergency Response Team (ASEAN Regional CERT) was launched in October 2024, with NACSA serving as the overall coordinator for the year 2025. NACSA is also actively pursuing initiatives and collaborations with various countries, including through the instrument of an MoU (Memorandum of Understanding). For example, Malaysia signed an MoU on Cyber Security Cooperation with Australia on March 4, 2024, during the official visit of the Prime Minister to Australia. NACSA is also exploring collaboration through MoUs with several other countries, such as the United Arab Emirates, Brunei and Indonesia,” he said.
NACSA is also actively working towards Malaysia’s participation in the Council of Europe’s Convention on Cybercrime (Budapest Convention) and the signing of the United Nations Convention against Cybercrime (UN Convention).
The Budapest Convention is the first international treaty on cybercrime, aimed at combating offences related to computer systems and data misuse, including illegal access, unlawful interception, data and system interference, computer-related fraud, child sexual exploitation materials and other cybersecurity breaches.
The UN Convention, on the other hand, is a comprehensive international treaty on cybercrime that outlines various measures for its prevention and prosecution. It aims to enhance international cooperation in the exchange of electronic evidence related to serious crimes.
