Beefing up the cyber workforce; helping vulnerable SMEs; establishing cyber intelligence networks through public-private-partnerships; and assimilating international cyber trends are key
As the digital landscape continues to evolve, the demand for cybersecurity professionals has surged.
In Malaysia, this challenge is particularly pressing, with projections indicating a need for thousands of cybersecurity experts by 2025.
To address this urgent issue, CyberSecurity Malaysia is implementing strategic initiatives aimed at enhancing cybersecurity education and fostering collaboration among government, educational institutions, and industry stakeholders.
According to the agency’s CEO, Dato’ Ts Dr Haji Amirudin Abdul Wahab, these efforts are crucial for building a robust workforce capable of tackling contemporary cyber threats and ensuring national security in an increasingly interconnected world…
CybersecAsia: What strategies is CyberSecurity Malaysia employing to address the growing cyber skills gap in the region, and how do you envision collaboration with educational institutions to enhance cybersecurity education?
AW: We are addressing the skills gap through a multi-faceted approach. A 2023 study had revealed a global shortfall of approximately 2.6m cybersecurity professionals, with Malaysia needing around 27,000 experts by 2025, but currently having only about 15,248.
To tackle this issue, CyberSecurity Malaysia is establishing the Malaysia Cyber Security Academy to foster collaboration among government, educational institutions, and industry stakeholders. This initiative aims to standardize training and certification processes.
The agency has engaged with 70–80% of Malaysian universities to integrate industry-driven curricula, ensuring graduates are equipped with relevant skills. Additionally, affordable micro-credentialing programs will provide accessible professional certification training.
Collaboration with educational institutions is crucial for enhancing cybersecurity education and creating a skilled workforce ready to address cyber threats. By aligning academic programs with industry needs and promoting continuous learning, CyberSecurity Malaysia aims to secure the nation’s digital future and strengthen national security against evolving cyber risks.
CybersecAsia: What measures are being taken to ensure that small- and medium- sized enterprises (SMEs) can effectively defend against increasingly sophisticated cyber threats?
AW: SMEs in Malaysia often prioritize business sustainability over cybersecurity. With many SMEs operating under tight financial constraints, investing in robust security measures frequently takes a backseat. This neglect can expose them to cyber threats, making them vulnerable not only to attacks but also to becoming conduits for breaches that affect larger organizations within their supply chains.
Recognizing this challenge, CyberSecurity Malaysia has initiated the PGPKS program, which offers a comprehensive cyber health check tailored for SMEs. This program not only raises awareness about the importance of cybersecurity but also provides essential training and free security assessments subsidized by the government.
Hundreds of SMEs will be helped to evaluate their cybersecurity readiness and identify areas for improvement. The initiative includes vulnerability assessments and penetration testing to underscore the critical need for effective security measures. By equipping SMEs with the tools and knowledge necessary to defend against cyber threats, Cyber Security Malaysia aims to help the vulnerable businesses mitigate cyber risks.
Moreover, the growing reliance on digital platforms has made it imperative for SMEs to enhance their cybersecurity posture. As they integrate more technology into their operations, a lack of adequate cybersecurity can lead to significant operational disruptions. Consequently, CyberSecurity Malaysia emphasizes the importance of public-private partnerships and collaboration with industry stakeholders to create a more resilient cybersecurity ecosystem. This approach not only addresses immediate security concerns but also fosters long-term sustainability for SMEs in an increasingly digital economy. By ensuring that these organizations are well-prepared to face cyber threats, Malaysia can strengthen its overall economic resilience and security landscape.
CybersecAsia: How does CyberSecurity Malaysia assess the effectiveness of its public-private partnerships in combating cybercrime?
AW: CyberSecurity Malaysia emphasizes the significance of public-private partnerships in combating cybercrime through its Cyber Security Malaysia Collaboration Program (CCP), which has registered over 100 local and foreign firms.
This initiative fosters community building, focusing on technical cooperation, business collaboration, and capacity building. The CCP serves as a networking platform for knowledge sharing, training, and certification, recognizing that CyberSecurity Malaysia cannot encompass all cybersecurity expertise alone.
To assess the effectiveness of these partnerships, the agency monitors engagement levels and feedback from participants. However, improvements are needed for greater impact: increasing cybersecurity awareness among SMEs; tailoring training programs to specific sector needs; and establishing clearer metrics for success.
By addressing these areas, CyberSecurity Malaysia can enhance its partnerships and strengthen defenses against cybercrime.
CybersecAsia: How does your agency adapt to the evolving compliance requirements of international standards, and what challenges do you face in harmonizing these regulations with local laws?
AW: We are adapting to evolving compliance requirements through recent legislative updates, including the introduction of the Cyber Security Act in June 2024, and the amendment of the Personal Data Protection Act (PDPA) in 2024, which aligns with the General Data Protection Regulation (GDPR).
These regulations emphasize the protection of critical national information infrastructure and mandate compliance with international standards such as ISO/IEC 27001. As a certification body, CyberSecurity Malaysia provides audits and risk assessments to ensure adherence to these standards.
One of the challenges faced in harmonizing these regulations with local laws is balancing international compliance requirements with Malaysia’s unique legal context.
While aligning with global standards is essential for protecting critical infrastructure, it can be complex to integrate these standards into existing local frameworks without causing conflicts or gaps in enforcement.
Additionally, raising awareness among stakeholders about these compliance requirements is crucial. CyberSecurity Malaysia actively engages with various stakeholders, including SMEs and public organizations, to promote best practices and ensure the organizations are equipped to defend against cyber threats effectively.
By fostering collaboration and providing training, CyberSecurity Malaysia aims to enhance overall cybersecurity resilience across the nation.
CybersecAsia thanks Haji Amirudin Abdul Wahab for sharing his agency’s national cyber resilience blueprint