MalaysianUpdates

Tag: #CyberThreats

  • Having Backups Isn’t Enough: Recovery Readiness Malaysian Businesses Need in 2026

    By Guan Tian Lai, COO of Exabytes

    Imagine a typical workday suddenly disrupted. A critical system goes down, employees are locked out, customer orders stall, and support lines start ringing non-stop. In the midst of the chaos, someone says, “It’s fine, we have backups.” It sounds reassuring—but in reality, that statement often hides a dangerous misconception.

    Backups are not the same as recovery. A backup only confirms that a copy of data exists. Disaster recovery, on the other hand, determines whether a business can restore its systems, applications, and operations within an acceptable timeframe—and with minimal data loss. The gap between these two is where many organisations lose valuable hours, revenue, and customer trust.

    This distinction is becoming increasingly critical as Malaysia’s digital economy grows more complex. Businesses today face a range of disruptions, from human error and system misconfigurations to credential breaches and cloud service outages. These are not rare, large-scale disasters—they are everyday risks that expose a deeper issue: most organisations are not truly prepared to recover.

    Warnings from the Malaysia Computer Emergency Response Team have also highlighted a rise in ransomware incidents in early 2026, reinforcing the urgency for stronger cybersecurity and recovery strategies. As threats evolve alongside cloud and AI adoption, relying on backups alone is no longer sufficient.

    At the heart of recovery readiness are two key concepts: Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTO defines how quickly a system must be restored before the impact becomes unacceptable, while RPO determines how much data loss a business can tolerate. These are not merely technical metrics—they are business decisions that directly affect operations, customer experience, and financial performance.

    However, many organisations fail not because they lack backups, but because they have never tested recovery. A system may show “backup successful,” yet no one knows how long restoration will take—or whether it will work at all. Dependencies such as identity systems, network configurations, and application integrations are often overlooked, making full recovery far more complex than expected.

    Another common challenge is the lack of clear ownership during incidents. When everything is urgent, teams can become paralysed, unsure of what to restore first. Without a defined recovery sequence or runbook, valuable time is lost in decision-making instead of action. Access issues can further complicate the situation, especially when the right personnel cannot retrieve or restore systems quickly.

    Modern cyber threats add another layer of risk. In cases of credential compromise, attackers may not need to destroy backups—they can simply restrict access or delete them using the same privileged accounts. This is why secure, immutable backups and separated access controls are essential components of any recovery strategy.

    It is also important to understand the difference between Backup-as-a-Service (BaaS) and Disaster Recovery-as-a-Service (DRaaS). While BaaS focuses on storing data copies, DRaaS ensures that entire systems and operations can be restored. Confusing the two can lead to prolonged downtime and costly disruptions.

    To build true resilience, Malaysian businesses must shift from a backup mindset to a recovery-first approach. This begins with identifying critical systems that must be restored immediately, defining realistic RTO and RPO targets, and creating a clear recovery plan. Regular disaster recovery drills are equally important, as they reveal gaps that are often invisible during normal operations.

    Ultimately, the goal is not just to have data—it is to restore business continuity quickly, confidently, and with minimal impact. Because in today’s environment, the real risk is not that something will break. It is that when it does, the organisation is not ready to recover.

    As businesses reflect on initiatives like World Backup Day, the message for 2026 is clear: backing up data is only the first step. True resilience lies in the ability to recover.

  • Samsung Expands Mobile Security Rewards Program with $1 Million Payouts to Strengthen User Protection

    Samsung Expands Mobile Security Rewards Program with $1 Million Payouts to Strengthen User Protection

    Samsung Electronics has introduced significant updates to its Mobile Security Rewards Program, including an increase in the maximum reward amount to $1 million for reporting high-risk security vulnerabilities. This expansion highlights Samsung’s ongoing commitment to improving mobile security by fostering a deeper partnership with cybersecurity researchers, ethical hackers, and security experts worldwide. The program now covers a broader spectrum of vulnerabilities, including critical scenarios that could jeopardize users’ data and privacy, offering enhanced incentives for responsible disclosures.

    Since its initiation in 2017, the program has been central to Samsung’s strategy to stay ahead of rapidly evolving cyber threats. It encourages the global security community to identify weaknesses in Samsung’s mobile devices and services, helping to ensure that vulnerabilities are addressed before they can be exploited. With the rise of increasingly sophisticated cyberattacks, the updated program reflects Samsung’s dedication to proactive, collaborative efforts to secure its products and protect user data.

    The newly enhanced Important Scenario Vulnerability Program within the Mobile Security Rewards initiative focuses on the most severe vulnerabilities, such as those that enable unauthorized access to privileged system components, arbitrary code execution, or data extraction. For these high-impact issues, Samsung now offers rewards up to $1 million, underscoring the importance of swift action to resolve the most dangerous security risks.

    “We understand that the cybersecurity landscape is becoming more complex and harder to defend against,” said Justin Choi, Corporate Vice President and Head of the Security Team at Samsung Electronics. “By working closely with the security community, we can identify potential threats earlier, giving us the best chance to mitigate risks and protect our users.”

    These rewards not only encourage ethical hackers to participate but also align with Samsung’s overarching goal to ensure that its devices remain resilient against sophisticated attacks. The expanded program aims to quickly address vulnerabilities that could have a significant impact on users, from device protection bypasses to the potential exposure of sensitive personal data.

    Samsung has also made significant improvements to its Mobile Security Risk Classification system. This updated system now offers a more comprehensive and transparent framework for categorizing vulnerabilities, ensuring that the severity of each issue is evaluated based on its potential impact on user security.

    The classification system now includes five categories: Critical, High, Moderate, Low, and Ineligible. It also incorporates new factors such as downgrade criteria, which can lower a vulnerability’s risk level depending on the circumstances, and an Ineligible classification for vulnerabilities with minimal security impact. This added clarity enables both researchers and the broader security community to better understand how their findings are assessed and how they align with Samsung’s security priorities.

    This more structured approach also ensures that rewards are distributed based on the severity of the vulnerability and the level of risk posed to users, helping to streamline the entire process of vulnerability reporting and resolution.

    In addition to expanding the rewards program to include critical vulnerabilities in devices, Samsung has extended the scope to cover its growing suite of services. These include popular offerings like Samsung Wallet, Samsung Account, and Bixby, which are increasingly integrated into users’ everyday lives. As more users rely on these services for managing payments, personal information, and daily tasks, ensuring their security has become more important than ever.

    By covering vulnerabilities in both devices and services, Samsung is ensuring a holistic approach to security that protects the entire mobile experience, from hardware to cloud-based services. This approach allows Samsung to stay ahead of emerging risks in a rapidly changing digital landscape.

    The Mobile Security Rewards Program has proven to be a highly effective tool in strengthening Samsung’s cybersecurity. To date, the company has awarded over $4 million in rewards to researchers, with $800,000 allocated to 113 researchers in 2023 alone. These rewards reflect Samsung’s commitment to fostering collaboration and recognizing the value of external security experts who contribute to the company’s ongoing efforts to safeguard its products.

    By incentivizing the discovery and responsible reporting of vulnerabilities, Samsung has been able to address critical issues swiftly, reducing the potential for exploitation and improving the overall security of its devices and services.

    As the threat landscape continues to evolve, Samsung is determined to keep enhancing its Mobile Security Rewards Program. The company remains committed to collaborating with cybersecurity experts, ethical hackers, and security researchers worldwide to ensure its devices and services remain resilient against emerging threats. This partnership with the global security community is vital to maintaining the highest levels of protection for Samsung users.

    “Collaboration with the ethical hacking community has been instrumental in helping us identify and address vulnerabilities quickly,” said Choi. “Moving forward, we will continue to strengthen these partnerships to create a safer and more secure mobile environment for our customers.”

    By continually expanding its rewards program and making it more transparent, Samsung is setting a new standard for mobile security, one that emphasizes the importance of collaboration, proactive threat identification, and responsible vulnerability disclosure.