With the digital economy set to contribute to over a quarter of Malaysia’s gross domestic product (GDP) by 2025, safeguarding against the evolving cyber threats becomes imperative. Malaysia faces an increasing risk of cyberattacks, ranking among the top three countries in ASEAN for phishing incidents, according to cybersecurity provider Kaspersky Asia-Pacific.

Alarming statistics reveal a 50% or more rise in cybersecurity incidents reported by one-third of Malaysian organisations, as stated in Palo Alto Networks’ “The 2023 State of Cybersecurity ASEAN” report. In 2023 alone, over 32,000 cybercrime cases in Malaysia resulted in RM1.13 billion in financial losses, emphasising the urgency of addressing these challenges.

Digitalisation has revolutionised the world in numerous ways that were undreamt of, especially in the last decade. Alongside the innate ability to access the world with a simple touch or a click, it has placed huge question marks on our safety in the cyberworld, more so towards large conglomerates or corporations harnessing large volumes of data through their businesses.

At Sunway, we recognise the risks – as well as the duty to secure data across our 13 business divisions against cyber threats and hackers. In response, we have put together a dedicated cybersecurity team that continuously cultivates a positive cybersecurity culture throughout the organisation, enhance our cybersecurity posture, as well as develop information security programmes to minimise cybersecurity risks.

Being prepared for all eventualities in the cyberspace.

Addressing cybersecurity vulnerabilities aligns with our commitment to achieving United Nations Sustainable Development Goal (UN-SDG) 9, focusing on “building resilient infrastructure, promoting inclusive and sustainable industrialization, and fostering innovation.”

Only when our digital infrastructure networks are resilient and optimised can we be well-poised to seize economic opportunities in the digital economy.

“As a brick-and-mortar company housing different businesses from hospitals, to malls and universities, and as we journey further into the digital space, we have to think about data security and data privacy. We need to be careful and structured in how we manage our customer information,” says Kevin Khoo, Chief information officer, Sunway Group.

Managing threats, from within

As the adage goes, a chain is only as strong as its weakest link.

Similarly, an organisation’s cybersecurity measures are only as good as its first line of defence – its people.

To strengthen our first line of defence, our staff undergoes an annual phishing simulation exercise. This not only identifies knowledge gaps but also ensures that our team remains vigilant against potential threats. Staff who respond to the phishing emails are then required to attend awareness courses that address specific areas of improvement based on their risk profiles.

Introduced in 2023, Sunway’s Cybersecurity Portal functions as an awareness material hub, where we gather the latest know-how, tools, and best practices, which enables our staff to proactively keep abreast of the latest cybersecurity information that are implemented across the Group.

This is part and parcel of our goal to create a culture of continuous learning and cybersecurity vigilance – in line with UN-SDG Goal 4 to “ensure inclusive and equitable quality education and promote lifelong learning opportunities for all”.

Besides using monthly newsletters, email blasts, and quizzes to create cybersecurity awareness, Sunway is introducing new data governance and privacy initiatives including mandatory staff training, bite-sized training videos, Data Privacy Impact Assessments, as well as implementing privacy by design principles and the introduction of AI Ethics.

Strengthening Sunway’s cyber defences

Beyond awareness, we are enhancing our ability to predict, prevent, and respond to cyber threats. Automation has streamlined our cybersecurity measures, ensuring compliance with ISO 27001, a globally recognised standard for information security management.

How will we fare in the face of cyber threats? To assess our readiness, we conduct disaster recovery plans and simulations, allowing business divisions to identify vulnerabilities and finetune their incident response procedures in preparation for future cyberattacks.

For the youth and the young at heart in our organisation, we continuously educate them on the know-hows to stay safe online.

To enhance data security at the operational level, our compliance standards adhere to industry-recognised guidelines, such as the ISO27001: 2013 Information Security Management Standard.

Additionally, we reference the Cloud Security Alliance as a guiding framework for business divisions heavily reliant on cloud services. Providing a bird’s eye view of our cybersecurity measures, the Sunway’s Cybersecurity Portal aims to offer real-time risk profile, security incidents and compliance status.

This dashboard allows our business divisions to promptly identify and rectify potential security weaknesses, as well as proactively detect and mitigate cybersecurity threats.

In a world where digital interactions dominate, every individual has a role to play in safeguarding data privacy and cybersecurity. Through our initiatives, we hope to create a shared sense of responsibility, fostering a culture of vigilance and resilience throughout our organisation in the realm of cybersecurity.

Like sentries standing guard around a fortress, each of our staff member plays a crucial role in upholding constant cyber awareness. This collective effort not only safeguards our privacy and assets but also ensures a secure and conducive workspace, whether at home or in the office.