AS MALAYSIA moves towards greater participation in the digital economy, this will undoubtedly attract and expose the country to more cyber attacks, says BAE Systems Applied Intelligence Malaysia country manager Barry Johnson.
Speaking to Metrobiz last week at the sidelines of the Cyber Security Conference, he said understanding the motivation and methods of cybercriminals was vital in dealing with cyber attacks.
“There is a need to create awareness about who they are and equip companies with the necessary tools to defend against them,” he said.
The conference was held in conjunction with the 15th Defence Services Asia (DSA) 2016 Exhibition & Conference in Putra World Trade Centre, Kuala Lumpur.
Johnson said criminals were taking advantage of modern communications and computing techniques to plan and conduct their crimes.
“Added to all this, society is evolving the way we consume technology, putting more data out into the public arena than ever before and demanding that our privacy be protected,” he said.
He added that the attackers were using different techniques, including ransom-based cyber-crime known as ransomware and macro-based malware.
Malware refers to a variety of hostile or intrusive software which can take the form of executable code, scripts, active content, and other software whereas macros are scripts that contain commands for automating tasks in various applications.
He added that there was also a shift to target the healthcare sector where hospitals are increasingly being blackmailed.
This is because ransomware prevents or limits users from accessing their system and forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back.
Small and medium enterprises (SMEs), in particular, need to look into this as they are cost-sensitive and thus unlikely to invest in large enterprise solutions to defend themselves.
“They need to go back to the basics; beginning with consultations with cyber security experts on the standards and regulations surrounding their industry,” he said.
Apart from that, he emphasised the importance of training the staff as dealing with cyber security matters was not as simple as “buying a piece of technology”.
People designated with the task, usually chief information officers (CIOs), would need to look at business continuity and understand the threat.
“The CIOs need to understand the motivations, methods and capabilities of these criminals and what it is you want to protect from them. One needs to assess weaknesses across people, process and technology,” Johnson concluded.