ANNOUNCEMENT

Best Practices on Data Breach Prevention

Introduction

In the light of the current threat landscape in Malaysia, National Cyber Coordination and Command Centre (NC4), would like to urge all organisations both public and private sectors to take immediate actions in implementing stronger cyber security measures and perform due diligence to ensure that systems and networks are adequately protected against unauthorised data access.

Impact

Information leakage, loss of reputation, loss of confidence and service disruption.

Brief Description

With the recent escalation of several events from high impact vulnerabilities, hacking activities to sales of Personal Identifiable Information (PII), NC4 urged all organisations to perform routine security reviews, regular full compromise assessment, security posture assessment, access control reviews and other cyber security measures to ensure that all critical systems and services that host PII of Malaysian citizen were protected against cyber attacks that will result in data breaches. Organisations also need to enhance existing controls and ensure that adequate protection against latest cyber threats have been in place and functioning as expected.

National Cyber Security Agency (NACSA) continuously collaborates with the Royal Malaysian Police (RMP), the Malaysian Communications and Multimedia Commission (MCMC), Personal Data Protection Department (JPDP), Chief Government Security Office (CGSO), Critical National Information Infrastructure (CNII) organisations and other stakeholders in our efforts to make sure that national digital space is secure.

Therefore, necessary actions to prevent cyber security incidents that may affect citizen and investor’s confidence are urged to be taken seriously.

System Affected

All operating systems, web servers and online services.

Recommendation

Aligned with the previous alert published on 16 April 2022, NC4 urge organisations to take the following additional measures:

  1. Perform personnel and vendor’s security checks prior to giving access to your data, system and network.
  2. Perform periodic user access control list reviews to ensure that only authorised personnel have access to your resources.
  3. Ensure that all individuals who have access to the system and data/database have read and agreed to the terms of acceptable use policies.
  4. Ensure that personnel and vendors have gone through a thorough security vetting and have signed Non Disclosure Agreement.
  5. Practice the 7 Principles of Data Protection.

References

NC4-ALR-2022-000001 Heightened Alert On Cyber Activity Towards Malaysia

13-06-2022

CONTACT US

NATIONAL CYBER SECURITY AGENCY (NACSA)

National Security Council
Prime Minister's Department
Level LG & G, West Wing,
Perdana Putra Building,
Federal Government Administrative Center,
62502 Putrajaya, Malaysia.

FOLLOW US

Number of Visitors Last Updated
504,731 6 October 2022