KUALA LUMPUR: The Malaysian Communications and Multimedia Commission's recently introduced Information and Network Security Guidelines (INSG) is a timely step that could bolster the country's cybersecurity infrastructure, experts said.
Universiti Tun Hussein Onn Malaysia's Information Security Research Centre researcher Dr Zubaile Abdullah described the move as positive and forward thinking.
"Positioning INSG as a best practices framework rather than an immediate regulation, is a collaborative approach, allowing organisations to adopt the guidelines progressively," he told the New Straits Times.
He said the initiative could increase awareness, improve readiness, and gain trust.
"This will encourage organisations to prioritise cybersecurity as a business-critical function.
"Adoption of the INSG will enhance the capability of Malaysian organisations to respond to cyber threats, reducing the risks of breaches, malware attacks, denial of services, or other cybercrime related threats.
"The inclusive development process builds trust among stakeholders and sets a strong precedent for future initiatives."
However, Zubaile cautioned that organisations could face challenges in complying with the guidelines.
He said smaller companies might lack the financial or technical resources to implement the best practices.
He added that organisations might struggle to find skilled personnel to execute the guidelines.
"Some organisations may view the guidelines as non-essential, especially if they do not perceive themselves as high-risk targets.
"They may be more motivated to implement the guidelines if there are clear benefits, such as tax breaks, certification programmes, or public recognition.
"Adapting existing systems to align with INSG might require significant investment in terms of time and cost," he said.
Associate Professor Dr Muhamad Khairulnizam Zaini from the College of Computing, Informatics and Mathematics of Universiti Teknologi Mara said the guidelines could lead to stronger public-private collaboration and increased investment in cybersecurity research and technologies.
INSG, he said, could improve public awareness to ensure that all stakeholders were equipped to handle cybersecurity threats.
"I believe that the guidelines will drive a shift towards more robust cybersecurity culture and practices, especially in this nation.
"And I also anticipate that those organisations involved will become more vigilant, especially in identifying cybersecurity threats and able to adopt to the preventive measures."
He added that while challenges might arise, such as implementation and cost, they were manageable.
"Critical sectors that need to adopt the guidelines include telecommunications, banking and healthcare.
"These organisations are the ones that need to significantly adapt to the guidelines because we know the nature of data in these organisations or sectors is huge."