After pandemic and floods, is Malaysia prepared for a cyber attack?


LOOKING at the response of the government agencies tasked to handle the outbreak of Covid and the floods that devastated the country, it appears that if there was a cyber attack against Malaysia, the people will again suffer from the incompetence of the government agencies tasked to identify, monitor and manage such a threat. 

For hackers, Malaysia and other Asean countries are low-hanging fruit and testing grounds, unlike developed countries, which generally have more advanced defences against hacking.

The government should not deny the poor state of the Malaysian cyberspace. The agencies tasked to monitor, investigate and maintain the country’s cyber preparedness will no doubt argue that the cyber security level in the country is above average and in many instances better that that of developed countries. These agencies will cite the response mechanisms in place and that cyber specialist centres are available for users to report complaints and cybercrime.

The agencies responsible for health and water and environment have asserted their preparedness only to let their people down at the first hint of disaster.

There is a pattern emerging among the hackers. They test their attack plan, make improvements, and then weeks or months later test it again before launching it at their true targets.

As the country rushed to go online, it provided a testing ground for hackers to try their skills in an environment where they can evade detection before deploying them against a company or state that has more advanced defences. 

The government has announced many initiatives to develop security measures to protect the country, the most notable being the Malaysia Cyber Security Strategy 2020-2024 (MCSS) that was launched last year. 

Still, despite the assurances and the plans, the number of reported cyber incidents and cybercrime is increasing. In May last year, the communications and multimedia minister stated that a total of 4,615 cybersecurity incidents were reported in January to May of 2021, the three most reported incidents being fraud (3,299 cases); intrusion (765) and malicious code (256). The numbers had doubled by November as shown in the figures reported by the deputy communications and multimedia minister in a speech in December.

While so-called spear-phishing remains a popular form of cyber attack, it largely depends on the attackers’ ability to deliver a message that can fool the victim into opening a link or attachment.  With advancements in artificial intelligence, hackers now deploy malware that can mimic the behaviour of the system user and and alter its methods to stay in the system longer. 

The push for digitisation means more attack opportunities for hackers. Is the push matched by equal urgency to address the challenges of filling the gaps in talent and visibility? 

Imagine being in a large, dark house where even with CCTVs installed everywhere, you can see in all the corners but not the tiny cracks and nooks that are not visible to a camera mounted high up. 

In fact, it is not surprising to note that majority of the government departments and the Critical National Information Infrastructure (CNII) assets – facilities, systems, sites, information, people, networks and processes – necessary for a country to function and upon which daily life depends on - still uses traditional antivirus technologies protecting against the risks of old.

The hack into Solarwinds – a company that provides information technology management software and its clients include US government agencies and large companies - in 2020 where hackers had gained access to US government and corporate networks by compromising Solarwinds’ systems serves as a grim reminder to those tasked with overseeing and monitoring cyber intrusions against the country that service providers - such as those who provide hosting or outsourcing services – should not be overlooked and should be accorded the same level of intense scrutiny as monitoring the CNII assets itself.

The country must rethink its cybersecurity protocols or we will suffer a security failure of enormous proportions.

We need better regulations and implementation so those who are responsible for our data leaks can be punished.

Our neighbior, Singapore is much more advanced in their cybersecurity preparedness than us. With its smaller size, theoretically, it is easier for them to identify, monitor and manage any cyber attack against the city state.

Yet, pursuant to a spate of attack and data breaches, the government has to resort to cutting off web access for public servants as a defence against potential cyber attack – a big step backward for a technologically advanced city-state that has trademarked the term “smart nation”.

The country is at an extremely vulnerable stage right now in the midst of the pandemic which is still causing untold damages on our lives and economy. Businesses, specifically the SMEs who are the main artery to the country’s economic wellbeing, were severely affected by the few rounds of lockdowns imposed by the government during the last 2 years. Shoring up their cyber defences will be pushed down to the bottom of their priority list for the next 12 months making them extremely vulnerable to all forms of cyber attacks specifically ransomware.

And hackers and cybercriminals have no mercy or compassion. They attack when organisations, be they public or private entities, are at their most vulnerable.

If Malaysia does not react now, it will be too late and the consequences will be unbearable. It is now or never. 

After the responses shown by the government in both the pandemic and the flood, the rakyat no longer buys the assurances of the ministries and agencies tasked to identify, monitor and manage threats and disasters in the country. – January 11, 2022.

* FLK reads The Malaysian Insight.

* This is the opinion of the writer or publication and does not necessarily represent the views of The Malaysian Insight. Article may be edited for brevity and clarity.


Sign up or sign in here to comment.


Comments


  • Just ponder ....... how did the scam syndicates got our telephone numbers if not through cyber breach and/or corruption.

    The rakyat had to suffer for the actions of crooks and idiots in the government and civil services (staff NOT chosen/promoted for their intelligence, competency, capability and integrity).

    Posted 2 years ago by Malaysian First · Reply