As cars become smarter and more connected, Malaysia's booming automotive industry is facing growing cybersecurity risks that can no longer be ignored. According to a new report from Ensign Infosecurity, vulnerabilities within vehicle software and the wider automotive ecosystem are opening doors for cybercriminals—and the potential consequences stretch far beyond the roads.

A New Era of Automotive Risks

Modern vehicles today are no longer just mechanical machines; they're rolling computers. From infotainment systems to internet-connected sensors and telematics platforms, today's cars are deeply integrated with software and external networks. While this innovation enhances user experience and safety, it also creates a much larger attack surface for hackers.

Jeremy Moke, Senior Director at Ensign Infosecurity Malaysia, told the South China Morning Post that the country's vast web of automotive suppliers and service providers adds to the problem. Each point in the supply chain presents another opportunity for hackers to find weak spots. For example, one lesser-known vulnerability involves personal smartphones that connect to cars via Apple CarPlay or Android Auto—potential gateways for extracting sensitive information.

Not Just About Cars

It's not just the automotive sector under threat. The same Ensign report highlights rising cyber risks in other critical industries, such as energy, defence, utilities, law enforcement, and telecommunications. Cyberattacks are becoming more frequent and more advanced, often carried out by well-organized criminal groups or even state-sponsored entities across the Asia-Pacific region.

These attacks aren't always loud and disruptive. In fact, one of the most concerning trends is the increasing time it takes to detect a breach. Moke explains that, on average, cyber intrusions can remain undetected for a staggering 201 days. Even in high-security industries like banking, it can take around three weeks before a breach is identified—more than enough time for attackers to quietly siphon off valuable data.

The Clock is Ticking

This long dwell time is a huge red flag for cybersecurity professionals. The longer a hacker has access without detection, the more damage they can do. This issue is particularly troubling for Malaysia, a country that has already experienced several high-profile data breaches in recent years. With such prolonged exposure, businesses risk not only financial loss and data theft, but also reputational damage and loss of consumer trust.

What Can Be Done?

While Malaysia's digital transformation continues to accelerate, especially in sectors like automotive and mobility, it's critical that cybersecurity practices catch up. Organizations across the supply chain must implement stronger threat detection systems, ensure regular audits, and foster better communication between manufacturers, service providers, and security professionals.

Public awareness also plays a role. As consumers, understanding the risks of connecting personal devices to vehicles and keeping software up to date are small but vital steps.

Final Thoughts

The convergence of technology and transportation is inevitable, but without the right safeguards in place, it also becomes a playground for cybercriminals. The message from Ensign Infosecurity is clear: cybersecurity can no longer be an afterthought—it must be a fundamental part of Malaysia's automotive future.