
Beyond Compliance: Strengthening Cyber Resilience in Malaysia’s Telecommunications Sector
TLDR
- Compliance is not resilience — real readiness shows during a crisis, not an audit
- 2025 Asian telco breach hit tens of millions of users and exposed telco weaknesses
- Malaysian telcos must identify breaches in days, not months
- Cybercriminals are scaling attacks with frontier AI tools
- Priority controls: privileged access, segmentation, encryption, monitoring, fast patching
- Resilience is a shared responsibility across operators, vendors and regulators

Beyond Compliance: Why Malaysian Telcos Need Real-World Cyber Resilience
This feature draws on an industry byline by Lee Han Ther, Cybersecurity and Privacy Officer (CSPO) at Huawei Malaysia.
The conversation around cybersecurity in Malaysia’s telecommunications sector is shifting. According to Lee Han Ther, cyber resilience is no longer measured by whether an organisation experiences an attack, but by how quickly it can detect, contain and recover from one. The wake-up call came from a major 2025 cyber incident involving a leading Asian telecommunications operator — a breach that reportedly affected tens of millions of users and triggered significant operational, financial and reputational consequences.
Although the incident occurred outside Malaysia, its lessons are highly relevant to local telcos and critical infrastructure providers. As digital ecosystems become increasingly interconnected, organisations must continuously strengthen resilience across governance, detection, response and third-party risk management. The challenge is no longer purely about preventing attacks — it is about ensuring that organisations can respond effectively when incidents occur.
Exposure Is Not Inevitability
Malaysia’s telecommunications sector is highly digitalised and deeply interconnected, which naturally increases its exposure to cyber threats. However, exposure does not equate to inevitability. The key cybersecurity risks facing telcos today include data breaches, ransomware, supply chain compromise, identity misuse and attacks targeting critical systems. Increasingly, these risks extend well beyond core networks into cloud environments, application programming interfaces (APIs) and broader third-party ecosystems.
At the same time, artificial intelligence is fundamentally reshaping the threat landscape. Cybercriminals are leveraging frontier AI to automate reconnaissance, enhance phishing campaigns, support social engineering attacks and accelerate vulnerability discovery. These capabilities dramatically reduce the cost and effort required to conduct attacks at scale, allowing threat actors to operate with far greater speed and sophistication than in previous years. For telecommunications operators, the challenge extends beyond protecting customer information — they must also safeguard service availability, operational continuity and public confidence, given the critical role telco infrastructure plays in supporting economic activity, public services and national connectivity.
Resilience Must Be Tested in Practice
Against this backdrop, operators should focus on several priority areas to strengthen resilience. These include privileged access control, network segmentation, encryption of sensitive information, enhanced monitoring of critical systems and rapid remediation of identified vulnerabilities. However, technical controls alone are not enough. Organisations must also address more fundamental questions about how environments are designed, managed and monitored.
Are customer data systems appropriately segregated from operational environments? Are identity management platforms sufficiently protected? Are critical systems continuously monitored for indicators of compromise? If the answer is not a clear yes, further work is required. Detection speed is equally critical — in today’s threat environment, breaches must be identified in days rather than months, which requires centralised logging, behavioural monitoring, threat intelligence integration and clearly defined incident response processes.
Most importantly, resilience cannot be proven in theory. It must be validated through practice. Tabletop exercises, red teaming activities and breach simulations should be conducted regularly to assess preparedness and identify gaps before a real incident occurs. Incident response plans should be tested under realistic conditions, including scenarios where primary communication channels may be unavailable.
Beyond Compliance
Around the world, telecommunications operators and critical infrastructure providers continue to face increasingly sophisticated cyber threats. As a result, resilience can no longer be viewed solely through the lens of compliance. Compliance and resilience are not the same thing — organisations may satisfy audit requirements and still struggle to detect, contain or recover from a sophisticated cyber incident. True resilience is demonstrated during a crisis, not during an assessment.
Strengthening resilience requires leadership commitment, operational discipline and continuous improvement. It also requires organisations to move beyond checklist-based approaches and focus on capabilities that can withstand real-world attacks.
A Shared Responsibility
Cyber resilience cannot be achieved by any single organisation acting alone. Effective protection depends on collaboration across the wider ecosystem. Telecommunications operators, technology providers, regulators and industry stakeholders all have important roles to play in strengthening collective resilience. Threat intelligence sharing, common security baselines, regular sector-wide exercises, supply chain assurance and continuous capability development can all contribute to a stronger security posture across the industry.
Technology providers also have an important role. As networks become increasingly complex and distributed, secure-by-design principles, secure architecture and close collaboration between operators and technology partners are essential to achieving end-to-end resilience. The reality is that paper plans are not enough — real-world incidents continue to demonstrate that untested plans often fail when organisations face an actual crisis. Continuous vigilance, disciplined execution and sustained collaboration are essential.
Our Take
The byline’s central message — compliance is not resilience — is one that Malaysian telecommunications operators would do well to internalise. The country’s telco sector has invested heavily in regulatory compliance frameworks, but the global pattern of major breaches shows that audit-ready does not mean attack-ready. With AI dramatically lowering the cost of launching sophisticated attacks, the window between initial intrusion and meaningful damage continues to shrink, and detection timelines measured in months are simply no longer acceptable.
What stands out from the byline is the emphasis on practice over theory. Tabletop exercises, red teaming and breach simulations under realistic conditions are exactly the kind of disciplined, unglamorous work that separates organisations that recover quickly from those that make headlines for the wrong reasons. For Malaysian operators, the practical priority should be tightening privileged access controls, segmenting customer data from operational environments and shortening mean-time-to-detect through better telemetry and threat intelligence.
Equally important is the ecosystem angle. No single telco can defend against nation-state-grade threats alone, and the absence of strong sector-wide threat intelligence sharing remains a real gap in the region. As 5G and AI-driven services continue to roll out across Malaysia, the telcos that treat cyber resilience as a continuous, collaborative discipline — not an annual audit checkbox — will be the ones best positioned to protect both their customers and the broader digital economy.
Source
- Industry byline by Lee Han Ther, Cybersecurity and Privacy Officer (CSPO), Huawei Malaysia





