How to Report Cyber Attacks in Malaysia

A Guide for Organizations

Cyber threats are on the rise in Malaysia, with many businesses becoming targets of cyber attacks. No matter how strong the measures, these threats are always lurking, waiting for a moment to strike. As soon as a cyber incident is reported within an organization, the first priority of leadership is to act quickly and responsibly. Immediate steps should be taken to assess the situation, verify the threat, and contain the incident according to the organization’s incident response plan. This initial response is vital for minimizing damage and stopping the attack from spreading. The faster an organization can contain the incident internally, the less damage it is likely to cause to operations and reputation.

Once the internal response is underway, it is the responsibility of the organization’s leadership to report the incident to the relevant authorities and stakeholders. The decision on where and whom to report to depends on factors such as the nature and severity of the incident, as well as the sector involved. Taking the right steps to report the attack ensures proper investigation, strengthens the overall cyber security effort, and helps prevent similar attacks in the future. This article will explore the essential steps involved in reporting a cyber attack in Malaysia and highlight the importance of acting responsibly in the aftermath of an incident.

When and How to Report Cyber Attacks After Internal Incident Response?

Below is a list of key parties to whom such incidents should be reported and when to report them:

1. Inform Affected Parties

Notifying affected parties, such as customers, employees, or partners, is a high priority because they have the ultimate right to know, especially if their data has been breached. The sooner they are informed, the sooner they can take action to protect themselves, such as changing passwords, monitoring accounts for suspicious activity, or taking extra security measures. Clear and timely communication is crucial because, in the case of a data breach, there is a high chance their information could be misused for targeted attacks. Transparency helps mitigate concerns, maintain trust, and allows those affected to take the necessary steps to protect themselves.

2. Report to CyberSecurity Malaysia (CSM)

CyberSecurity Malaysia, the national cyber security specialist agency under the purview of the Ministry of Digital, plays a critical role in managing and responding to cyber incidents, serving as the main point of contact for reporting such events. MyCERT (Malaysian Computer Emergency Response Team) is a government initiative under CyberSecurity Malaysia. As the national cyber emergency response team, MyCERT is responsible for monitoring, managing, and responding to cyber threats and incidents in Malaysia. It operates the Cyber999 service, which serves as the official point of contact for reporting cyber security incidents. It provides immediate response to assist Malaysian Internet users in addressing and resolving these incidents.

When to report: All cyber incidents, including phishing, malware infections, unauthorized access, and denial-of-service attacks, should be reported promptly.

How to report: Cyber999 provides several channels for reporting cyber incidents, including an online form, email, phone calls, and the Cyber999 mobile app, making it accessible for users to report security issues promptly.

• Phone Call – For emergency incidents, you can contact Cyber999 through the hotline at 1-300-88-2999. For 24/7 assistance, MyCERT can be reached at +6019-266 5850. Please note that calls to MyCERT and the Cyber999 hotline are monitored during business hours, from 8:30 AM to 5:30 PM.
• Email – Security incidents can be reported to MyCERT by sending an email to cyber999 [at] cybersecurity.my

To effectively report a cyber attack, it is good to include the following information or artifacts, if available: the source and destination of the attack, the email header, relevant log files, and the time of the attack. These details will aid in the investigation and response process.

3. Reporting to the National Cyber Security Agency (NACSA)

The National Cyber Security Agency (NACSA) was officially established in February 2017 as the national lead agency for cyber security matters. Its objectives include securing Malaysia’s National Critical Information Infrastructures (NCII), developing and implementing national cyber security policies, and strengthening the nation’s resilience against cyber threats. National Critical Information Infrastructures (NCII) refer to essential computer resources, the disruption of which would have a significant impact on national security, the economy, or public welfare.

When to report: If the cyber incident affects national critical information infrastructure (NCII) or poses a threat to national security.

How to report: To report an incident to the National Cyber Security Agency (NACSA), you can use the incident reporting form available here.

4. File a Police Report

The Royal Malaysia Police (PDRM) is the centralized national and federal police force in Malaysia, responsible for maintaining law and order across the country. PDRM has a specialized Cyber Crime Unit that investigates cyber-related criminal activities. Reporting a cyber attack to PDRM is crucial for initiating an official investigation, addressing the criminal aspects of the attack, and ensuring the proper legal actions are taken. This report also serves to document the crime for future legal proceedings.

When to report: If the cyber attack involves criminal activities such as data theft, financial fraud, or unauthorized access.

How to report: You can file a report at the nearest police station or through the PDRM’s online portal.

5. Report Personal Data Breaches

The Personal Data Protection Act 2010 (PDPA) in Malaysia came into effect on November 15, 2013. This comprehensive law regulates the handling of personal data by individuals and organizations, ensuring the privacy and digital rights of the individuals.

When to report: If the cyber attack compromises personal data, organizations are required to notify the Personal Data Protection Commissioner (PDP) under the Personal Data Protection Act (PDPA). Organizations must inform the PDP within 72 hours of discovering a breach. This step ensures that the proper steps are taken to mitigate the breach and safeguard affected individuals’ data.

How to report: Personal data breaches can be reported through the official PDP portal or via email.

6. Notify Sector-Specific Regulators

Depending on the nature of the cyber attack and the sector involved, it is advisable to report the incident to the relevant sector-specific regulators. This ensures that the appropriate authorities are informed and can take necessary actions to address the incident within their respective sectors. Reporting to the right regulatory body can help facilitate a more coordinated response and mitigate potential sector-wide risks.

For instance, the Securities Commission of Malaysia requires capital market entities to report any cyber incidents affecting their information assets or systems to the Commission. Similarly, financial service providers are subject to a strict regulatory framework established by Bank Negara Malaysia (BNM).

Turning Hesitation Into Action

Many may hesitate to report cyber incidents promptly, weighed down by concerns over reputation, legal complications, or potential fallout. However, before getting caught up in these worries, it’s important to remember that prompt reporting plays a critical role in improving incident response plans and enhancing security strategies. Not only does this protect the individual or organization involved, but it also benefits the broader community. Every reported incident contributes to the collective cyber security knowledge, helping everyone learn from past experiences. The lessons learned can be leveraged to better prepare for future threats, ultimately fostering progress in the fight against cyber crime.