UNDERSTANDING CYBERSECURITY


“Malaysia should adopt a holistic approach in terms of human resources, processes and technologies in addressing cybersecurity.” Deputy Prime Minister Datuk Wan Azizah Ismail, said when launching the Malaysian edition of the 2020 Safer Internet Day (SID) programme on 11 February 2020.

Cybersecurity has become one of the main technologies that need to be focused on nowadays. Many people or companies around the world have experienced cyber threats or cybercrime. We need a strong and secure cybersecurity technology to protect our rights.

What is cybersecurity? Cybersecurity, also known as information technology security, are the techniques of protecting computers, networks, programs and data from unauthorized access or attacks that are aimed for exploitation. Cybersecurity can be classified into 5 main types: Critical infrastructure security, application security, network security, cloud security and Internet of Things (IoT) security. Cybersecurity is essential to govern the conduct and manners of interacting with computer systems from suspicious behavior.

According to latest studies done by The Center for Strategic and International Studies (CSIS) and McAfree, there are close to $600 billion or nearly one percent of global GDP is lost to cybercrime each year, which is up from a 2014 study that put global losses at about $445 billion. This report – Economic Impact of Cybercrime – No Slowing Down, attributes the growth over three years to cybercriminals quickly adopting new technologies and the ease of cybercrime growing as actors leverage black markets and digital currencies.

Some significant cybercrime cases in recent years:

  • Puerto Rico’s Industrial Development Company received an email scam known as BEC or EAC scam and swindled more than $2.6 million to a fraudulent account on 17th January 2020. This is a very serious situation to the company and the executive director of the agency said that they will continue the investigation until the last consequences.
  • According to the service’s internet crime complaint centre (IC3), in 2019, criminals netted $ 3.5 billion from cybercrimes. IC3 received 467,361 complaints from individuals and businesses during the year and has had nearly five million since its inception in 2000.
  • In March 2019, a criminal used artificial intelligence-based software to impersonate a chief executive’s voice and demand a fraudulent transfer of $243,000. Initially, the CEO of a U.K.-based energy firm thought he was speaking on the phone with his boss, the chief executive of the firm’s German parent company, who asked him to send the funds to a Hungarian supplier within an hour.

This shows that cybersecurity technology nowadays is still not mature and need to be improved.

How is the performance of the country in cybersecurity around the world?

The International Telecommunication Union (ITU) publishes an annual report on the Global Cybersecurity Index (GCI) to measure the commitment of countries to cybersecurity in order to raise cybersecurity awareness. The Global Cybersecurity Index (GCI) is a composite index which documents data on legal measures, technical measures, organizational measures, capacity building and cooperation and analysed 175 countries every year.

Malaysia ranked 8th in the GCI 2018 report, indicating that Malaysia is performing well on cybersecurity aspects. However, Malaysia still needs some improvement to reduce the cybersecurity incidents that occurred in recent years. According to a report done by Malaysia Computer Emergency Response Team (MyCERT), a total of 10,772 cybersecurity incidents occurred in 2019. The top three incidents reported to Cyber 999 were cases of fraud (7,774 cases), intrusion (1,359 cases) and malicious codes (738 cases).

Based on the graph above, the cybersecurity incidents rose from 2014 to 2019. These cybersecurity incidents gave a huge economic impact to Malaysia.

“Based on statistics released by the Commercial Crime Investigation Department, 11,875 cybercrime investigation papers were opened last year, compared to 10,753 in 2018.Deputy Prime Minister Datuk Wan Azizah Ismail, said when launching the Malaysian edition of the 2020 safer Internet Day (SID) programme on 11 February 2020.

Total losses incurred through cybercrime increased by 24.9 percent to RM497.7 million in 2019 from RM398.6 million the previous year while telecommunications fraud amounted to RM254.6 million which was the bulk of the losses and e-financial fraud recorded losses of RM135.9 million.

During a special interview by Bernama and RTM at Deputy Prime Minister’s office on 29th January 2020, she said that the National Cyber Security Agency (NACSA) is developing a Cyber Security Awareness Master Plan (PIKKS), a strategic plan that will outline the role and responsibilities of various stakeholders in the implementation of cybersecurity awareness programme in the country. The plan is aimed at coordinating the implementation of cybersecurity awareness programmes nationwide to ensure they benefit the people nationwide.

Besides that, PIKKS would also focus on instilling cyber hygiene to public and private organisations, including the Critical National Information Infrastructure (CNII). The document on PIKKS is expected to be released in October after it has been approved by the Cabinet.

WHAT NOW?

How to build an ecosystem conducive to cybersecurity?

Step 1: From government perspective

  • Establish an ongoing cybersecurity advisory council with industry and academia

Most cybersecurity expertise lies across industry sectors and academics. Established councils can bring them together to develop cybersecurity strategies for governments and help respond to ongoing threats.

  • Ground cybersecurity policy in established guidelines and standards

Governments should adopt federal frameworks (such as the NIST Cybersecurity Framework) to help lay the groundwork for strong, effective state cybersecurity policy. The framework provides a high-level, strategic view of the lifecycle of cybersecurity risk to help government better understand their cybersecurity risk, and it enables them to apply the principles and best practices of managing risk to improve the security and resilience of critical infrastructure and services.

  • Integrate cyber resilience into every step of strategic planning

Embracing cyber resilience can help to ensure that country is more secure; it can create opportunities for the government to build comprehensive, long-term strategies that set them on a path toward digital transformation.

Step 2: From a company perspective

  • Lead by example

People in leadership positions have greater influence because their subordinates seek them for direction. The success of a company depends on the boss as they have the ultimate authority, so the leader has to make security policies and procedures clear to everyone.

  • Make good practices habit and routine

Security culture is most effective when everyone cooperates as a team to engage in good security practices as a matter of habit and routine. The company should let their employees have this security culture at the beginning to make it more effective.

  • Make security training engaging and bite-sized

Repetition is the key to remind employees about cybercrime and know how to identify them. Everyone within the organization needs security training at regular intervals to remind them and teach them some new technology or knowledge in cybersecurity.

Step 3: From a personal perspective

  • Know your data

Many people do not know how many accounts they have and what information is stored on social media. This is very important as attackers could steal your information from any account that you have logged off for a long time.

  • Learn about Phishing Scams

You need to be very suspicious of emails, phone calls and flyers. According to a report, 90% of ransomware attacks originate from phishing attempts. Clicking a malicious link by accident or opening an attachment that infects the user’s system will lead to a ransomware attack.

  • Adopt Biometric Authentication

Switching from passwords to biometric authentication is becoming easier every day and more apps and devices adopt the technology. For secure accounts, using an advanced biometric authentication solution (not just Touch ID) will be a significant upgrade for not only securing access but being able to track authentication attempts and see who is accessing the account.

Cybersecurity’s importance is on the rise. Fundamentally, our society is more technologically reliant than ever before and there is no sign that this trend will slow. Understanding cybersecurity threats and know how to mitigate them is important. Talk to us to know more about cybersecurity that can protect your business.

Written by Ee Chern Ting, Intern at 27 Advisory.

Having more than 27 years in business, 27 Group is able to provide you with access to investors for competitive funding needs while providing better ways to operate your business through financial and corporate advisory. We are the only 100% Malaysian owned local consulting firm that is fast, flexible and focused with unique expertise that blends of local socio-economic policy setting, engineering-built assets globally and detailed in financial analysis.

We do project development integration to improve project returns and are committed to providing a sustainable environment for a better tomorrow. Our delivery model blends values important to humanity into business strategy through socio-economic transformation modules and we are passionate about building opportunities for the next generation to achieve their highest potential.

#rebuildinghumanity is 27 Group’s vision to collectively rebuild our nation through assets we build (eg. infrastructure, real estate, hospitals) and natural capital (gas resources, plantations, human talent) using innovative and sustainable methodologies.

Speak and rebuild with us if you need fresh ideas or more efficient financing or project implementation to improve your KPIs at ivan@27advisory.com.my