Categories: NewsTechnology

Education crucial against cyber threats

The most common type of occurrence was fraud, with 57.54% of instances linked to phishing, impersonation, phoney emails and fraudulent websites 

by AUFA MARDHIAH / pic BLOOMBERG

THE ongoing cyber dangers that we face are concerning, and if not addressed, may jeopardise the country and people’s safety. 

When it comes to data security, data governance and cyber security are critical components. 

Not only should government entities, businesses and banks be aware of this threat, but so should the public, who must be aware of the methods to counteract it. 

Rising cyber security landscape in Malaysia and how it has changed over time

The most recent data on attacks paints a bleak picture of Malaysia’s cyber security landscape. 

In the fourth quarter (4Q) of last year, cyber security company Fortinet recorded an average of 84 million cyber attacks every day and the Malaysia Computer Emergency Response Team (MyCert) reported a 13% rise in occurrences in 3Q. 

The most common type of occurrence was fraud, with 57.54% of instances linked to phishing, impersonation, phoney emails and fraudulent websites. 

While it is difficult to assess the public’s understanding of cyber security, it is obvious that cyber threats in Malaysia are becoming more common and complex. 

To create a secure and resilient cyber-space, the government launched the National Cyber Security Policy in 2019. 

Advanced cyber security courses and training programmes are also being offered by organisations and educational institutions to assist individuals in developing their cyber security skills. 

However, considerable work remains to be done to raise awareness and understanding of the importance of cyber security. 

One of the most difficult tasks, according to Fortinet Malaysia country manager Dickson Woo, is ensuring that individuals and companies take the required precautions to prevent cyber-attacks, such as keeping their software up to date and using secure passwords. 

“It is critical that individuals and organisations stay informed and vigilant in this rapidly evolving landscape to stay safe from cyber threats,” he told The Malaysian Reserve (TMR). 

Meanwhile, Palo Alto network head of Asean Cortex and system engineering head David Rajoo said CyberSecurity Malaysia (CSM) has identified data breaches as the major cause of the rise in digital theft in Malaysia. 

“Tracing to the root, we noticed critical infrastructure often uses legacy systems far beyond their reasonable lifespan. 

“This means systems are more vulnerable to cyber threats and attacks because they may not receive regular security updates or patches, leaving them with known vulnerabilities that can be exploited by attackers. 

“With a growing number of devices, it is often a challenge for organisations to monitor and analyse users’ activities because these legacy systems are not designed with modern security features,” he added. 

Complete Human Network Sdn Bhd (CHN) CTO Vilakshan Jakhu, on the other hand, highlighted several factors that can contribute to the increasing threats in cyber security, such as rapidly evolving technology, increased connectivity, human error, cybercrime as a business model and a lack of cyber security awareness, among others. 

Mediha says Educating the children to be aware of the present threats and empowering them with digital literacy will go a long way (pic: Bernama)

To compare the pre-Covid and post- Covid periods, Communications and Multimedia Content Forum of Malaysia (Content Forum) Executive Director Mediha Mahmood highlighted a Kaspersky report which revealed that daily ransomware encounters have increased by 181% since 2021, with 122 million malicious files discovered in 2022, nearly equivalent to 500,000 harmful files daily.

Furthermore, according to a CSM study from February 2023, Malaysia reported 4,741 cases of cyber threats last year, while 456 fraud cases were registered this year as of February. 

Across the country, a number of severe cyber attacks, including ransomware attacks, cyber espionage efforts, data dumps and cyber frauds, occurred in the preceding year. “Although we are seeing a decrease in local threats — from 54 million in 2020 to 35 million in 2021 and 22 million in 2022 — we must remain vigilant and demonstrate our commitment to strengthening our cyber security.

“At Content Forum, our Complaints Bureau has seen an increasing number of complaints from social media in 2022, 518 cases compared to 412 cases the previous year. Complaints about cyber security ranged from cyberbullying to misuse of private information to love scams, to name a few,” Mediha said. 

Importance of data governance and cyber security plans in the boardroom

According to CHN, data governance is the set of policies, procedures and controls that an organisation implements to effectively manage its data assets, which includes data classification, data privacy, data retention and data access controls. 

Cyber security, on the other hand, refers to the protection of computer systems, networks and data from theft, damage or unauthorised access. 

It entails putting in place various security measures to protect against cyber threats, such as firewalls, antivirus software and access controls. 

Meanwhile, Fortinet said data governance and cyber security are inextricably linked since they both target the preservation of important information. 

Effective data governance policies and procedures can aid in the classification, management and protection of data throughout its lifecycle. 

This includes recognising the sensitivity of the data, as well as the needed levels of access, storage and disposal. 

David asserts that a strong security architecture is essential for efficient data governance to prevent unauthorised access, abuse or loss of sensitive data

“Organisations in Malaysia need to recognise the close correlation between data governance and cyber security. 

“A robust data governance framework can help to maintain consistent service delivery while also safeguarding sensitive data against cyber threats,” said Woo. 

On the other hand, David asserted that a strong security architecture is essential for efficient data governance to prevent unauthorised access, abuse or loss of sensitive data, hence protecting sensitive information from falling into the wrong hands. 

“Cloud applications and storage offer accessibility and scalability for data governance. However, today’s Cloud applications are built on numerous code packages that depend on a wide range of open-source programmes that could contain unpatched vulnerabilities or even hidden malicious code. 

“This is why the Zero Trust approach has become so important in today’s cyber security world. Zero Trust is a security paradigm that “Trust nothing, validate everything”, which removes implicit trust and continues to validate all users, devices, and activities across the networks, regardless of the location. 

“In the case of open source misconfiguration, Zero Trust mitigates the risk of an attacker exploiting the vulnerability,” he further explained. 

Content Forum also added that data governance and data security cannot be looked at separately in order to mitigate cyber security risk because everything is interconnected. 

“To create a more cyber-resilient landscape, it is critical to maximise the synergies between data governance, cyber security planning, and data security. 

“However, even with all of the systems and tools in place, it is crucial to empower community affiliates and the public to be more aware of their power in terms of preventing risky behaviour, increasing digital security literacy, and being aware of existing channels to turn to when things go wrong,” added Mediha. 

Commenting on the risk of putting data in the cloud increases the danger of cyber threats, Woo said while that may appear so, it is important to note that cloud technologies can be secured with the right security solutions. 

“The third-party nature of cloud servers may make hosted resources less visible to security teams, which could complicate operational continuity and recovery if they are attacked. However, the benefits of cloud technologies cannot be ignored as they enable organisations to harness more data points and boost operational efficiency. 

“To mitigate the risks of cloud technologies, organisations can integrate the right security solutions. Next-generation firewalls (NGFWs) can secure public or private cloud environments at any scale with a single-pane-of-glass view on all security activities. 

“Additionally, cloud access security brokers (CASBs) can provide visibility, compliance, and threat response to otherwise unsecured applications. By integrating these solutions, organisations can be better positioned to harness the full functionality of the cloud while also mitigating the risks of cyber threats to their data,” he further explained. 

Organisations in Malaysia need to recognise the close correlation between data governance and cyber security, says Woo

Cyber security foundation that needs to be laid today to mitigate future cyber threats

Among the upcoming risks identified by Jakhu are Advanced Persistent risks (APTs), ransomware, Internet of Things (IoT) attacks, cloud-based threats, and insider threats. 

Woo said IT services companies need to stay vigilant and up-to-date with the latest cyber security threats and trends to protect against these and other potential threats. 

“This requires ongoing monitoring, threat intelligence gathering and security awareness training for employees,” he said. 

Moreover, he added that mitigating future cyber threats can be done through risk assessment, security policies, employee training, network security, incident response plan, third-party risk management, as well as regular audits and reviews. 

“By implementing these foundational cyber security measures, an IT services company can better protect their systems and data against future cyber threats. 

“However, it is important to note that cyber security is an ongoing process and requires continuous monitoring, updating and improvement to stay ahead of evolving threats,” he added. 

Furthermore, Palo Alto Network also highlighted a few cyber threats that organisations should be aware of this year in its 2023 APAC Security Predictions. 

These include deepened vulnerabilities due to accelerated 5G adoption, threats related to increasingly connected medical devices, cloud supply chain attacks related to the increasing consumption of third-party code in their businesses’ critical applications, and metaverse as the new playground for cybercriminals. 

David said the race to a new computing technology — quantum computing — is heating up around the world. 

This has prompted worries about new dangers and exposures, including its capacity to break all forms of encryption, posing a threat to existing security measures and eventually, endangering our national security, economic prosperity, key infrastructure and daily life. 

While the timeline for quantum computer capacity is unknown (projections are for 2030), the first step is to recognise its influence on today’s cryptography and that present cybersecurity solutions will be largely insufficient. 

“Given the rapid evolution of technology, organisations must begin to consider how they will deploy, manage and implement next-generation security on their systems. Meanwhile, be ready for anything by remaining watchful and up to date on the ever-changing cyber threat scenario. 

“As the first line of defence, it is also critical to implement routine security evaluations and audits of the security system, as well as to educate personnel on cyber hygiene,” he said. 

Fortinet, on the other hand, takes a comprehensive and adaptive approach to cyber security with its Fortinet Security Fabric, which extends protection to remote and hybrid users globally and breaks down silos to expedite responses from numerous technologies. 

Before giving access to important apps and networks, the solution checks user and device identities using zero-trust controls. 

Other than that, through its Fortinet Academic Partner initiatives, Fortinet provides industry-recognised cyber security training and certifications to IT students, which is critical given the growing skills gap in the cyber security industry, where demand for trained individuals outnumbers supply. 

Fortinet is aiming to close this gap and create a pipeline of future cybersecurity professionals by educating students with the necessary skills and knowledge. 

Meanwhile, as a self-regulatory body, Content Forum strongly advocates for the power of self-regulation by setting a strong password with a combination of lowercase and uppercase characters, numerals and punctuation which is unique to each platform, as well as authentication with two factors, keeping up with current cyber security risks, be aware of public Wi-Fi networks and use Incognito mode while using a public connection. 

“Sometimes, all it takes is a brief step back to assess the validity and authenticity of what you are seeing or receiving. Those who are well-versed in keeping themselves safe in cyberspace are also encouraged to pass the knowledge and tricks to those who are more vulnerable to the threats, such as the elderly and the marginalised community. 

“Educating the children to be aware of the present threats and empowering them with digital literacy will also go a long way,” Mediha concluded. 


  • This article first appeared in The Malaysian Reserve weekly print edition
Dzul

Recent Posts

First-Ever State of Continuous Controls Monitoring (CCM) Report Highlights the Urgent Need for GRC Modernization

According to Insights from RegScale and The CISO Society, 94% of CISOs Believe CCM Could…

58 mins ago

Auto Link Announces New Partnership with RepairPal to Enhance Auto-Lending Success for Financial Institutions

HARAHAN, La., Jan. 22, 2025 /PRNewswire/ -- Auto Link, a leading provider of comprehensive auto-lending…

58 mins ago

SavingCalifornia.Vote Holds Official Press Conference on Notice of Intent to Recall Governor Gavin Newsom on Thursday, Jan. 23rd at 11 am at Kitson in Los Angeles

LOS ANGELES, Jan. 22, 2025 /PRNewswire/ --  WHAT: First official press conference where SavingCalifornia.vote publicly announces…

59 mins ago

Health Authority Books Editor Devin DeVries: Imprint Launched to Serve Health Business Author Niche

OCEANSIDE, Calif., Jan. 22, 2025 /PRNewswire/ -- Health Authority Books, a new book publishing imprint,…

60 mins ago

Water Systems Council Names New Board Positions for 2025-26 Term

WASHINGTON, Jan. 22, 2025 /PRNewswire/ -- The Water Systems Council, the only national nonprofit organization solely…

60 mins ago

Clyfford Still Museum Explores Competing Desires in the New Guest-Curated Exhibition, Held Impermanence, Opening on January 25

DENVER, Jan. 22, 2025 /PRNewswire/ -- The Clyfford Still Museum's (CSM) new guest-curated exhibition, Held Impermanence (Artists…

1 hour ago