Cybersecurity expert raises alarm over increasing data leaks in Malaysia

Globally, 2,566 organisations’ data were leaked on the dark web, an 85% increase since the previous year, with posted organisations’ names and proof of compromise, said cybersecurity expert Palo Alto Networks.

网络安全专家 Palo Alto Networks 表示，在全球范围内，有 2,566 个组织的数据在暗网上泄露，比上一年增加了 85%，并公布了组织的名称和入侵证据。

The United States company said the situation is similar in Malaysia, where organisations’ data leaks are increasing alarmingly.

这家美国公司表示，马来西亚的情况也类似，那里组织的数据泄露正在以惊人的速度增加。

Palo Alto Networks principal Vicky Ray said data leakage has become a recurring issue, both globally and in Malaysia, caused by phishing, malware and ransomware attacks, or even unintentional sharing of sensitive data by users.

Palo Alto Networks 负责人 Vicky Ray 表示，由于网络钓鱼、恶意软件和勒索软件攻击，甚至是用户无意共享敏感数据，数据泄露已成为全球和马来西亚反复出现的问题。

“Regardless of the cause, organisations need to step up their game to implement a data loss prevention system to plug vulnerabilities in their infrastructure,” he said in a statement on 22nd September.

他在9 月 22 日的一份声明中说：“无论出于何种原因，组织都需要加强他们的游戏以实施数据丢失预防系统，以填补其基础设施中的漏洞。”

The Palo Alto Networks 2022 Unit 42 Ransomware Threat Report revealed that in 2021, cybercriminals increasingly turned to the dark web “leak sites” to post leaked data, in addition to demanding ransom from their victims.

Palo Alto Networks 2022 Unit 42 勒索软件威胁报告显示，在 2021年，网络犯罪分子越来越多地转向暗网“泄密网站”发布泄露的数据，并要求受害者支付赎金。

In Malaysia, a local news portal recently reported that a group of hackers, code-named “grey hat”, broke into civil servants’ ePenyata Gaji (ePaySlip) system and extracted nearly two million payslips and tax forms in PDF format, amounting to 188.75 gigabytes.

在马来西亚，当地一家新闻门户网站最近报道称，一群代号为“灰帽子”的黑客闯入公务员的ePenyata Gaji（ePaySlip）系统，提取了近200万张PDF格式的工资单和税表，总计188.75千兆字节。

Palo Alto Networks recommends some measures that companies should implement to minimise the possibilities of data breaches, such as conducting phishing prevention and recurring employee security training; centralise security management efforts such as threat detection and security alerts.

Palo Alto Networks 建议公司应采取一些措施来最大程度地减少数据泄露的可能性，例如进行网络钓鱼预防和定期员工安全培训；集中安全管理工作，例如威胁检测和安全警报。

Companies should also control user activities with the least privilege given, such as limited access to specific applications and data within a given timeframe; implement multi-factor authentication, besides email for the verification of third-party applications.

公司还应以最低权限控制用户活动，例如在给定时间范围内对特定应用程序和数据的有限访问；除了用于验证第三方应用程序的电子邮件之外，还实施多因素身份验证。

It also suggested that companies could implement a “zero trust” approach — “never trust, always verify” — to eliminate implicit trust and validate users’ activities continuously at every stage of digital interaction.

它还建议公司可以实施“零信任”方法——“从不信任，始终验证”——以消除隐含的信任，并在数字交互的每个阶段持续验证用户的活动。

“Organisations must develop an effective security strategy to uphold the integrity of their data, while it is at rest, in use and in motion.

“组织必须制定有效的安全策略，以维护其数据的完整性，无论是静止的、使用的还是动态的。

“By upgrading defences consistently to keep up with the evolving threats, IT teams can stay ahead of the attack curve and minimise the risks associated with such attacks,” said Ray.

“通过不断升级防御以跟上不断变化的威胁，IT 团队可以保持领先于攻击曲线，并将与此类攻击相关的风险降至最低，”Ray 说。