Cybercriminals are getting savvier by the minute, with criminals taking advantage of victims who have low awareness of the importance of cybersecurity.
This is not to say that all people are in the dark about scams and cyberattacks. Many Malaysians are aware of basic cybersecurity facts, says Datuk Dr Husin Jazri, senior vice-president for cybersecurity at Serba Dinamik Group Bhd. “But that is not enough because cybercriminals are upping their game and digital platforms are developing rapidly, presenting new opportunities for exploitation. Cybercriminals can take advantage of current issues such as the Covid-19 pandemic, social unrest and the high unemployment rate to manipulate people as well.”
Hence, it is everyone’s responsibility to learn about cybersecurity and privacy, Husin adds. Governments, authorities and cybersecurity service providers can only do so much to protect individuals by sharing knowledge, skills and information.
“As responsible internet users, we must keep ourselves abreast of current news, threats and the tactics and techniques used by cybercriminals to trick us. The simple rule is, ‘If it sounds too good to be true, it likely is’,” he says.
“In the real world, we do not simply give strangers money for no reason. We do our due diligence. So, we should do the same when it comes to communicating with strangers over the internet or phone. Be careful and vigilant. Think before you click or say ‘yes’. We should be careful because if we are not, our business, families and those we care about might become victims,” he adds.
For instance, phishing attacks, which occur when a victim is tricked to click on a link, email or message, could expose an entire organisation to a cyberattack. All it takes is for one person in the organisation to make that mistake.
The same goes for businesses, which should understand their network and system infrastructure so they can be prepared if a cyberattack occurs. It would be even better if the business can put in place measures and make it difficult for cybercriminals to strike.
“Companies today are doing business using digital technology and data. The data is captured in many ways from many sources. Our adversaries are operating in the same way. They could already be in and out of our system. You might not realise that you are their next target,” says Husin.
“For instance, a ransomware attack is the worst thing that could happen to small and medium enterprises (SMEs). But if SMEs have the right security measures in place, the chances of their responding and recovering from a ransomware attack are probably higher. While the investigation goes on, they could still be up and running because they have back-up systems.”
Businesses must also be cognisant of digital privacy. Since the Personal Data Protection Act came into effect in 2013, businesses have had to put in place measures to safeguard their customers’ data. Part of this involves understanding what data can or cannot be shared without obtaining the customer’s consent.
However, putting these measures in place can be a relatively complex and costly process. “Some of these technologies are not cheap, especially for SMEs. But that is not an excuse for not abiding by the law. There are many ways to strengthen our network and system infrastructure,” says Husin.
For instance, businesses can segregate data into important and less important, and use passwords and encryption solutions to protect the important data, as well as disconnect back-up hard disks from the computer when it is not in use, he adds.
Husin: Some of these technologies [to protect customers’ data] are not cheap, especially for SMEs. But that is not an excuse for not abiding by the law. There are many ways to strengthen our network and system infrastructure.
“Make sure that the user and administration accounts are separated and configured properly. Data leakage can lead to hefty fines. Companies must have measures in place to protect customer information and be aware of regulations locally and internationally.”
One way to keep up to date is by following the e-Security and Privacy Channel (ESPC) developed by Serba Dinamik. ESPC provides current news, events and videos on cybersecurity and privacy issues. It also connects users with relevant service providers.
“Through ESPC, we work with various local and international partners to provide cybersecurity services and solutions, including training programmes, monitoring and end-point security solutions, digital signatures, operational technology solutions and critical infrastructure consultancy. ESPC is an online marketplace for cybersecurity and privacy services and solutions,” says Husin.
These services are customisable to the requirements of end users, who could be individuals, schools, SMEs, large organisations or government agencies.
“Besides ESPC, Serba Dinamik has many other end-to-end technical solutions, cybersecurity awareness and education programmes and consultancy services. We have solutions from Australia, Russia, Malaysia and more. Just let us know your organisation’s needs and we will provide assistance,” says Husin.
Through ESPC, Serba Dinamik also offers digital privacy solutions to customers. This could be security solutions for individual communication channels like WhatsApp or Telegram, or encryption solutions for commercial or government use in collaboration with its partners, such as Quantum Cryptography.
“The benefits of using digital privacy measures include protecting personal and business privacy, IP, maintaining confidentiality and business integrity and complying with regulatory requirements and corporate governance,” says Husin.
Serba Dinamik also works with partners to provide solutions that protect businesses from eight layers of vulnerabilities, covering the network, applications, firewall and human interactions with digital platforms.
As technology development occurs so quickly nowadays, it is essential for individuals and businesses to stay on top of things. Cybercriminals are always on the lookout for vulnerabilities.
“Bear in mind, technology can be configured to be secure but humans make mistakes. However, when we combine securely configured technology with continuous learning, those mistakes can be minimised. Consequently, this minimises business risks,” says Husin.
He suggests individuals make ESPC their go-to site for daily information about cybersecurity and privacy, allocating 30 minutes a day to read, listen to a podcast or watch a video about these topics.
“For employers, make time to be involved in cybersecurity and digital privacy meet-ups, events or webinars. Make it a KPI for your employees to attend these events and learn new things at least once a month or a quarter. Nowadays, there are many such webinars available for free or at a minimal fee,” says Husin.
Furthermore, businesses should build rapport with cybersecurity service providers in their city. “Get to know at least three of them. The more of them that you know, the better it is because when you experience a cyberattack, at least one of them may be available to assist you,” he says.
This should be a never-ending learning process, notes Husin, adding that it should be a goal for businesses to achieve global standards in cybersecurity and data privacy.
Meanwhile, Serba Dinamik will continue to provide relevant services and trainings that are customised to businesses’ needs. Some areas the company is venturing into include supervisory control and data acquisition (SCADA), ICS (industrial control system) security, fintech solutions, blockchain, secure data centres and secure cloud services.
“We are preparing for the demand in Malaysia and globally. Through ESPC, we are ready to service our partners and customers locally and internationally, connecting customers to the right service providers wherever possible,” says Husin.