Building resilient digital ecosystems


Image: 123rf.com

A MAJOR security breach involving a leading telecommunications operator in Asia last year serves as a stark reminder of the scale and consequences such events can have. The breach reportedly affected tens of millions of users and triggered significant operational, financial and reputational consequences.

While the incident occurred outside Malaysia, its lessons are highly relevant to telecommunications operators and critical infrastructure providers here.

As digital ecosystems become increasingly interconnected, organisations must continuously strengthen resilience across governance, detection, response and third- party risk management.

The challenge is not simply preventing attacks but also ensuring that organisations can respond effectively when such incidents occur.

The key cybersecurity risks facing telecommunications operators today include data breaches, ransomware, supply chain compromise, identity misuse and attacks targeting critical systems.

Increasingly, these risks extend beyond core networks into cloud environments, application programming interfaces (APIs) and broader third-party ecosystems.

At the same time, cybercriminals are increasingly leveraging frontier AI to automate reconnaissance, enhance phishing campaigns, support social engineering attacks and accelerate vulnerability discovery.

These capabilities reduce the cost and effort required to conduct attacks at scale, enabling threat actors to operate with greater speed and sophistication.

For telecommunications operators, the challenge extends beyond protecting customer

information. They must also ensure service availability, operational continuity and public confidence.

This responsibility is particularly important given the critical role telecommunications infrastructure plays in supporting economic activity, public services and national connectivity.

Against this backdrop, operators should focus on several priority areas to strengthen resilience. These include privileged access control, network segmentation, encryption of sensitive information, enhanced monitoring of critical systems and rapid remediation of identified vulnerabilities.

Organisations must also address more fundamental questions about how environments are designed, managed and monitored. Are customer data systems appropriately segregated from operational environments? Are identity management platforms sufficiently protected? Are critical systems continuously monitored for indicators of compromise?

If the answer is not a clear yes, further work is required.

Detection speed is equally critical. In today’s threat environment, breaches must be identified in days rather than months.

Achieving this requires centralised logging, behavioural monitoring, threat intelligence integration and clearly defined incident response processes.

Most importantly, resilience must be validated through practice. Tabletop exercises, red teaming activities and breach simulations should be conducted regularly to assess preparedness and identify gaps before a real incident occurs.

Incident response plans should be tested under realistic conditions, including scenarios where primary communication channels may not be available.

Resilience can no longer be viewed solely through the lens of compliance. Organisations may satisfy audit requirements and still struggle to detect, contain or recover from a sophisticated cyber incident.

True resilience is demonstrated during a crisis, not during an assessment.

Strengthening resilience requires leadership commitment, operational discipline and continuous improvement. It also requires organisations to move beyond checklist-based approaches and focus on capabilities that can withstand real-world attacks.

Telecommunications operators, technology providers, regulators and industry stakeholders all have important roles to play in strengthening collective resilience.

Threat intelligence sharing, common security baselines, regular sector-wide exercises, supply chain assurance and continuous capability development can all contribute to a stronger security posture across the industry.

Protecting modern economies and ensuring resilient digital infrastructure is a shared responsibility that requires commitment from every stakeholder.

LEE HAN THER

Cybersecurity and privacy officer

Huawei Malaysia

Get 20% OFF The Star Digital Access

Monthly Plan

RM 13.90/month

RM 11.12/month

Billed as RM 11.12 for the 1st month, RM 13.90 thereafter.

Best Value

Annual Plan

RM 12.33/month

RM 9.87/month

Billed as RM 118.40 for the 1st year, RM 148 thereafter.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Letters

Heads-up on the enforcement of new cable colour code for electrical wiring
Why cash should remain a payment option�
Resolving the land status of Tamil schools in Perak
How Malaysia is advancing climate action, energy security, and resilience
Philippines school shooting: When warning signs become tragedy
A turning point for safer commercial transport
Protect them before the damage becomes irreversible
Safer in nature with better trail management
From hotels to biohacking: A view of executive wellness
The real labour crisis is mismatch�

Others Also Read