PUTRAJAYA – Five government agencies were affected by the Microsoft outage last Friday, as reported by the National Cyber Security Agency (Nacsa) and Cybersecurity Malaysia, according to Digital Minister Gobind Singh Deo.
Gobind said the affected agencies were the Education Ministry, Transport Ministry, Rural and Regional Development Ministry, National Institutes of Health, and Lembaga Zakat Kedah.
“Despite the disruption, all data in these five agencies is secure, with no data leakage.
“The outage also affected nine private companies, including airlines, banks, and the health sector. However, as of now, all the agencies’ IT systems have returned to normal.
“After the outage incident, we saw many domains created by irresponsible parties, conducting ‘phishing exercises’ where those behind the domains claimed that they could help ‘retrieve’ or ‘reverse’ the outage. This resulted in people giving up their data, hoping for assistance.
“We have contacted the victims to assist them wherever possible, as we need to ensure that their data is not misused,” he told reporters at a press conference at the Digital Ministry headquarters today.
He emphasised that the outage was not a cyberattack but a system disruption that significantly impacted its users.
“It highlights the system’s weaknesses that could cause considerable damage and loss. We must prevent any possible recurrence in the future.
“This is crucial as we depend heavily on digital technology in our daily lives and work, whether in the private or government sectors.
“The recent episode underscores the importance of good digital platform management, especially as we encourage Malaysians to embrace digital technology.
“We need to assure the public that the digital platform is secure, which is why we take the recent outage very seriously.”
He also said that he had met with representatives from Microsoft and CrowdStrike to obtain a report on the recent outage, including an explanation of what happened and contingency plans in case of future incidents.
“I have requested a full report because we were informed that several sectors were affected, with some suffering financial losses and others not. We’re still awaiting this report to provide assistance.
“I have also requested a report from Microsoft and CrowdStrike on the recent outage to understand what happened and what steps can be taken to prevent a recurrence, as well as their suggestions for improving the system moving forward.”
In addition to meetings with Microsoft and CrowdStrike, Gobind said Cybersecurity Malaysia and Nacsa have outlined several suggestions to improve the IT systems of private and government sectors, including enhancing quality control before deploying such systems.
“These companies, whether in the private or government sectors, must have a comprehensive incident response plan and strategic communication to manage such incidents effectively in the future.
“Software providers must also conduct periodic reviews and update their plans, especially for software used in government sectors, to ensure data security is guaranteed at all times.
“Service providers have a role to play in this matter, and the government will continue to seek ways to ensure that the country’s technology system remains strong and resilient, particularly to overcome such issues if they happen again in the future,” he said.
The worldwide Microsoft outage that occurred on July 19, resulted in the infamous “blue screen of death,” affecting several major companies globally, including news outlets, airlines, and airports.
Microsoft reported that it had identified the root cause of the outage and successfully restored the majority of affected services. – July 24, 2024
