Cyber resilience is no longer measured by whether an organisation experiences an attack, but by how quickly it can detect, contain and recover from one. A major cyber incident involving a leading telecommunications operator in Asia during 2025 serves as a stark reminder of the scale and consequences such events can have. The breach reportedly affected tens of millions of users and triggered significant operational, financial and reputational consequences. While the incident occurred outside Malaysia, its lessons are highly relevant to telecommunications operators and critical infrastructure providers everywhere.
As digital ecosystems become increasingly interconnected, organisations must continuously strengthen resilience across governance, detection, response and third-party risk management. The challenge is not simply preventing attacks, but ensuring that organisations can respond effectively when incidents occur.
Exposure Is Not Inevitability
Malaysia’s telecommunications sector is highly digitalised and interconnected, which naturally increases exposure to cyber threats. However, exposure does not equate to inevitability.
The key cybersecurity risks facing telecommunications operators today include data breaches, ransomware, supply chain compromise, identity misuse and attacks targeting critical systems. Increasingly, these risks extend beyond core networks into cloud environments, application programming interfaces (APIs) and broader third-party ecosystems.

At the same time, artificial intelligence is changing the threat landscape. Cybercriminals are increasingly leveraging frontier AI to automate reconnaissance, enhance phishing campaigns, support social engineering attacks and accelerate vulnerability discovery. These capabilities reduce the cost and effort required to conduct attacks at scale, enabling threat actors to operate with greater speed and sophistication.
For telecommunications operators, the challenge extends beyond protecting customer information. They must also ensure service availability, operational continuity and public confidence. This responsibility is particularly important given the critical role telecommunications infrastructure plays in supporting economic activity, public services and national connectivity.
Resilience Must Be Tested in Practice
Against this backdrop, operators should focus on several priority areas to strengthen resilience. These include privileged access control, network segmentation, encryption of sensitive information, enhanced monitoring of critical systems and rapid remediation of identified vulnerabilities.
However, technical controls alone are not enough. Organisations must also address more fundamental questions about how environments are designed, managed and monitored.
Are customer data systems appropriately segregated from operational environments? Are identity management platforms sufficiently protected? Are critical systems continuously monitored for indicators of compromise? If the answer is not a clear yes, further work is required.
Detection speed is equally critical. In today’s threat environment, breaches must be identified in days rather than months. Achieving this requires centralised logging, behavioural monitoring, threat intelligence integration and clearly defined incident response processes.
Most importantly, resilience cannot be proven in theory. It must be validated through practice. Tabletop exercises, red teaming activities and breach simulations should be conducted regularly to assess preparedness and identify gaps before a real incident occurs. Incident response plans should be tested under realistic conditions, including scenarios where primary communication channels may be unavailable.
Beyond Compliance
Around the world, telecommunications operators and critical infrastructure providers continue to face increasingly sophisticated cyber threats. As a result, resilience can no longer be viewed solely through the lens of compliance.
Compliance and resilience are not the same thing. Organisations may satisfy audit requirements and still struggle to detect, contain or recover from a sophisticated cyber incident. True resilience is demonstrated during a crisis, not during an assessment.
Strengthening resilience requires leadership commitment, operational discipline and continuous improvement. It also requires organisations to move beyond checklist-based approaches and focus on capabilities that can withstand real-world attacks.
A Shared Responsibility
Cyber resilience cannot be achieved by any single organisation acting alone. Effective protection depends on collaboration across the wider ecosystem.
Telecommunications operators, technology providers, regulators and industry stakeholders all have important roles to play in strengthening collective resilience. Threat intelligence sharing, common security baselines, regular sector-wide exercises, supply chain assurance and continuous capability development can all contribute to a stronger security posture across the industry.
Technology providers also have an important role to play. As networks become increasingly complex and distributed, secure-by-design principles, secure architecture and close collaboration between operators and technology partners are essential to achieving end-to-end resilience.
The reality is that paper plans are not enough. Real-world incidents continue to demonstrate that untested plans often fail when organisations face an actual crisis. Continuous vigilance, disciplined execution and sustained collaboration are essential.
Cyber threats will continue to evolve, and no organisation can eliminate risks entirely. However, organisations can improve their ability to prepare, respond and recover. Protecting modern economies and ensuring resilient digital infrastructure is a shared responsibility that requires commitment from every stakeholder.
