Let’s not wait for another wake-up call
Published on: Sunday, July 16, 2017
Text Size:
You could be piloting a self-driving car in the near future.
But what if cybercriminals hack into your vehicle’s computer system, remotely take control of it and hold it ransom to extort money from you?
Or does knowing that your pacemakers, defibrillators and insulin pumps can be hacked, as reported by the U.S.
Food and Drug Administration (FDA), send chills down your spine?
Hackers are lurking in the midst of exciting technological developments and are very quick at identifying vulnerabilities. In the Fourth Industrial Revolution, we will see artificial intelligence taking over functions otherwise performed by humans, aided by Internet of Things (IoT). Self-driving and self-parking cars for instance, are already in the advanced stage of development.
Cybercriminals would see this as another avenue for attacks.
Healthcare is another critical sector vulnerable to cyber threats. Medical devices too can be vulnerable to security breaches, compromising the safety and effectiveness of the device.
According to the Global Cybersecurity Index 2017 released early this month, Malaysia is ranked third among 193 countries in her commitment to cybersecurity, only behind Singapore and the United States.
We are certainly proud of the recognition of our advanced capability and state-of-the-art infrastructure in cybersecurity. While this is a strong testament to the unwavering commitment of Mosti’s CyberSecurity Malaysia in upgrading Malaysia’s cyber defence capability, there is still much work to be done.
We are living in an increasingly ultra-connected world where cyber threats are becoming more severe and prolific.
In May this year, WannaCry, a highly virulent ransomware strain, attacked more than 200,000 systems across 150 countries and crippled critical industries such as healthcare including the National Health System (NHS) in the UK, transportation, and banking.
Ransomware is a type of cyber-attack that involves hackers taking control of a computer system and blocking access to it until a ransom is paid.
Companies in Malaysia were not spared either. Although only one organisation reported to have been compromised by WannaCry, many often choose not to come forward for fear of loss of business confidence in them.
Last week we saw that hospitals with major trauma centres in the UK would receive £21 million (RM 118 million) to beef up their cybersecurity.
Shortly after the Wannacry saga, another wave of brazen cyber-attacks came in June.
The NotPetya ransomware took out systems belonging to banks, multinationals and major infrastructure providers in Ukraine, United Kingdom and Ireland.
Unlike WannaCry which encrypts a computer’s files, the NotPetya ransomware encrypts a segment of the hard drive that renders the entire computer inoperable.
Malaysia escaped the brunt but it was too soon to cry victory. Cyber calamity struck again in early July when several online trading brokerage firms in Malaysia were hit with DDoS (distributed denial-of-service) attacks.
Affected brokers received blackmails by an alleged cyber-group seeking payment to avert an attack that could crash their trading websites.
It will be challenging for Malaysia to advocate its Digital Economy agenda especially the Digital Free Trade Zone (DFTZ) if we do not to ensure full confidence in our digital infrastructure, communication networks, public sectors and businesses.
In today’s cyber threat landscape, information technology (IT) is not cybersecurity.
An IT professional’s role is in operations and optimisation, helping to run the business; a cybersecurity professional secure the business.
Unlike IT personnel, Cybersecurity experts do not just restore assets from backups and install a spam filter or firewall in the event of ransomware distributed via a phishing email, for example. The cybersecurity team would establish and submit a specific incident response plan to the executives for a cyberattack.
They would conduct forensics of the attack even after operations are running smoothly.
Businesses need to treat IT and cybersecurity as two different fields - such as the analogy of a policeman and a fire-fighter.
Cyber resilience is about an organisation’s ability to identify, prevent, and respond to process or technology failures and recover with minimal reputational damage or financial loss.
Through public-private collaboration between CyberSecurity Malaysia, Cyber Intelligence Sdn Bhd and University Islam Antarabangsa Malaysia, the country’s first cyber range was established last September.
At Cyber Range Malaysia, organisations can have their cybersecurity professionals trained in an empirically valid cyber war-gaming scenarios to develop skills and instincts for cyber defensive action.
The facility allows trainees to test-run real-world attack scenarios through the cyber equivalent of military war games. Malaysian companies can also take advantage of it to test and validate their systems to ensure greater resilience in their network infrastructure and operations.
Guided by the Malaysian National Cyber Security Policy to improve resiliency to cyber threats, we are working towards upgrading of Malaysia’s Cyber Range to a globally recognised Global ACE.
The Global Accredited Cybersecurity Education (ACE) Scheme will enhance the skill-sets of cyber security professionals congruent with local and regional requirements, producing high-quality accredited personnel.
We need to produce truly high-value and skilled digital citizens of the future that will keep our cyber space safe as we head into a new digital economy order. We already have a goal of producing 10,000 cyber security professionals in the next four years.
Mosti through CyberSecurity Malaysia will continue to upgrade skill sets of cyber professionals through annual trainings such as CSM-ACE conferences, cyber-drills and specialised cyber defence workshops.
As a Minister, when advocating for cybersecurity, I am often asked if IT systems in suburban areas would get affected. Yes! Incidents such as WannaCry and Petya are a poignant reminder that cyberattacks are imminent and no country or person will be spared, even the most unlikely places.
What we witnessed is but the tip of an iceberg. We would also need to proactively review our governance and legislations to embrace a whole new technological dimension.
The ability of Malaysian companies to be prepared and recover quickly from a cyber-attack with minimal disruption will be key to survival in the digital economy.
Our achievement in the latest Global Cybersecurity Index is encouraging. But Malaysia needs to be prepared for the worst.
ADVERTISEMENT
