Local companies should remain alert and continue to constantly update their cyber security measures as more “innovative” hacking activities are expected this year.
LGMS Services Sdn Bhd CEO Fong Choong Fook said the public and local corporations should be vigilant, as new variants of ransomware could penetrate Malaysia, resulting in various attacks as ransomware services are becoming easier to be accessed.
“Users should always stay updated with system and anti-virus developments, as well as avoid downloading or installing pirated softwares,” he said.
As hacking of Internet of Things devices are also expected to increase, the cyber security analyst urged industry players to perform regular risk assessments to evaluate their risks of cyber threats.
“They should also perform penetration testing in a proactive way and fix any loopholes before hackers take advantage of it,” he said.
Preemptive measures are vital, Fong said, as hackers are more innovative and creative in upgrading their skills and knowledge each day.
In retrospect, Fong said 2017 was the year where Malaysians were “awakened” by the threats of cyber attacks, beginning with a ransomware pandemic of WannaCry in May.
Malaysia has also faced the highly coordinated Distributed Denial of Service (DDoS) attack, followed by what was described as the biggest data leak incident in October.
CyberSecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab (picture) was reported as saying that, as Malaysians are still unaware of the existence of ransomware, they are advised to equip themselves with cyber security knowledge, as well as to use technology prudently and ethically.
In the incident, over 200,000 systems from 150 countries all over the world were hit by hackers charging US$300 (RM1,221) for their files to be decrypted.
On DDoS attack, it was reported that three linked stock brokerages and one bank were involved in the incident.
In order to ensure the success of DDoS attacks, hackers just need to leverage on computer connections and flood any targeted system with high traffic, or sending information that triggers a crash to the victim’s system.
The attack is capable to shut down a machine or network, causing the user to be blocked from accessing it.
“Company should subscribe cloud traffic scrubbing services such as ‘Cloudflare’, as well as having alternative Internet line on standby (as back up, should the attack happen),” Fong said.
He said the incident should be treated as a learning curve to the public and industry.
“We will learn to be wiser and become more proactive to prepare ourselves for volumetric DDoS attacks,” he said.
On the case of data leaks, Fong said the silver lining of it would be that the consumers have begun to realise the importance of data protection.
“The public are now starting to question the data custodians’ accountability on data privacy, which can be considered as a positive note of the entire data leak chaos,” he noted.