Daily Express Subscriber
Sign in to your account.

CYBERJAYA: New guidelines on information and network security for the communications and multimedia industry are underway to safeguard internet users.

The guidelines, to be developed by the Malaysian Communications and Multimedia Commission (MCMC) and the relevant stakeholders, will enhance cybersecurity standards, prioritising public safety and highlighting the need for minimum auditable cybersecurity standards focused on protecting the public.

MCMC member Derek John Fernandez said the current guidelines were not “fully effective” and that the new guidelines would benefit telecommunication service providers, data centres, and most importantly, the public.

“The current standard uses the term ‘best effort’, so we must define what that means. It involves organising your organisation, assessing threats, protecting your customers, and ensuring that they are not at risk from scams,” he told Bernama on Tuesday.

Fernandez also said that digitalisation had empowered cybercriminals, underscoring the need to protect the most vulnerable.

“We must protect our rakyat, the service users, and phone subscribers. Service providers often consider their technology, hardware, and software as assets but overlook the importance of their customers,” he added.

Referring to Section 263 of the Communications and Multimedia Act 1998, Fernandez said that licensees have a duty to prevent their networks or services from being used in connection with criminal activities.

“The act mandates minimum levels of security. Under Section 263, all licensees must ensure that their networks are not used for criminal or attempted criminal activities like ransomware or scams,” he said.

On Tuesday, Fernandez attended a briefing session on the draft guidelines which included about 40 cybersecurity services companies, accounting and risk management firms.

He described the initial briefing as promising, adding that more engagements are planned with stakeholders such as the home ministry and digital ministry, the police and the National Cyber Security Agency.

“We will also discuss setting minimum standards with the telecommunications service providers and data centres.

“Initially, these will serve as best practices and guidelines, but they may eventually become mandatory standards,” he said.

The guidelines also aim to ensure that service providers effectively address cybersecurity threats including scams, fraud, offences related to ransomware, child sexual abuse materials and any other breaches of Malaysian law.