Ethical hackers wanted

By REBECCA RAJAENDRAM

THEY look nothing like the Avengers battling to save the multiverse but in the silence of a computer laboratory, these students are in an intense war.

Hyper-focused on their screens, discussing and typing away furiously, these cyber warriors are training to be ethical hackers as they try to prevent a bug from destroying their network’s firewall.

The bug is coming from a room just across the corridor where their lecturers are launching malicious attacks on their students’ computers as part of a cybersecurity lesson on ethical hacking.

These lessons are important, especially if the students aspire to one day become part of their potential employer’s “army” of ethical hackers intercepting the growing number of cyberattacks happening globally.

The attacks are usually executed by malicious hackers who are either out to make money or are simply looking to vandalise the computer systems of companies, said UCSI Institute of Computer Science and Digital Innovation director Assistant Prof Dr Raenu Kolandaisamy.

The number of cyberattacks, he said, has grown exponentially from 28,000 in 2022 to 26 million in 2023. And that’s in Malaysia alone.

Many of these attacks are happening to the finance, healthcare and government sectors, he added.

Not all attacks, however, were successful.

Last month, Surfshark ranked Malaysia in the 31st spot based on the number of breached accounts globally.

This, according to the cybersecurity company, was thanks to our breach rate declining by 96% in Q4 of 2024 over the third quarter of the same year.

Cyber Security Malaysia (CSM) chief executive officer Datuk Dr Amirudin Abdul Wahab said Malaysia urgently requires a strong talent pool of ethical hackers.

AmirudinAmirudin

“As cyber threats become more frequent and sophisticated, it is crucial for organisations to stay ahead by proactively identifying vulnerabilities before threat actors can exploit them.

“Securing critical infrastructure, such as power grids, financial systems and government repositories, is key to national security,” he said, adding that a strong cybersecurity framework can help attract foreign investment.

He said while there is no official data on ethical hacking talents in the country, the number of certified professionals, such as those holding EC-Council’s Certified Ethical Hacker (CEH) certification, has been steadily increasing.

Additionally, Amirudin said the growing demand for cybersecurity experts, along with national cybersecurity initiatives and training programmes, indicates a rising interest in ethical hacking as a career.

What it takes

Ethical hackers, explained Kolandaisamy, need to check and identify security weaknesses before the malicious actor hacks the system.

These talents must then help organisations find and fix security flaws before cybercriminals can exploit them, added Asia Pacific University of Technology & Innovation (APU) Forensics and Cyber Security Research Centre head Dr Julia Juremi.

JuliaJulia

“With increasing cyber threats, ethical hackers are needed to protect businesses, government agencies and individuals from data breaches and fraud.

“They also support national cybersecurity efforts by strengthening defences and ensuring compliance with regulations,” she said, adding that there are three common categories of hacking.

White hat hacking, carried out by an ethical hacker or a penetration tester, is an authorised legal hacking activity carried out to strengthen security by identifying and fixing vulnerabilities, she said.

Then, there is black hat hacking, which is illegal hacking with malicious intent to commit crimes such as data theft, system breaches or cyberattacks.

“The third category involves grey hat hacking, which is unethical but not necessarily harmful. These hackers may uncover security flaws without permission, sometimes disclosing them to organisations or the public,” she added.

The main job of an ethical hacker, said Julia, is to perform penetration testing, vulnerability assessment and security audits on computer systems.

All three are heavily emphasised at APU in their Cyber Range Lab, which features over 400 scenarios covering areas like mobile security, system hardening, digital forensics, and capture the flag (CTF).

“This enables students to explore diverse attack and defence techniques, enhancing their cybersecurity expertise through immersive, real-world simulations,” she said.

To become an ethical hacker, Kolandaisamy said the individual would need to pursue a degree in cybersecurity or they can do a certification course such as the CEH, Offensive Security Certified Professional (OSCP) or Certified Information Systems Security Professional (CISSP).

High alert: Kolandaisamy (right) showing Guay (left) and Chee a live map displaying cyber attacks happening around the world. — LOW LAY PHON/The StarHigh alert: Kolandaisamy (right) showing Guay (left) and Chee a live map displaying cyber attacks happening around the world. — LOW LAY PHON/The Star

Of course, practical experience would also be necessary.

UCSI, he said, also offers a six-month digital skills technical and vocational education and training (TVET) course that would allow a school-leaver to become a cybersecurity expert.

“Those interested in pursuing ethical hacking and cybersecurity need to be good at C++, SQL and Python programming languages as well as know the Linux operating system,” he added.

The learning would not be complete without examining case studies tailored to Malaysia’s cybersecurity challenges, said Universiti Malaya Centre of Innovation and Enterprise (UMCIE) director Assoc Prof Dr Aznul Qalid Md Sabri.

Aznul QalidAznul Qalid

They would also need a combination of technical and soft skills, he added.

Among these are critical thinking to analyse and exploit vulnerabilities effectively as well as ethical integrity to ensure they adhere to legal and ethical standards.

“In today’s landscape, skills in artificial intelligence (AI) and machine learning are becoming increasingly vital for combating sophisticated cyber threats,” said Aznul Qalid, who is also attached to the university’s Faculty of Computer Science and Information Technology Department of AI.

 

New strategy

MALAYSIA’S new cybersecurity strategy document will be launched in July, says National Cyber Security Agency (Nacsa) chief executive Dr Megat Zuhairy Megat Tajuddin.

The Malaysia Cybersecurity Strategy 2020-2024, which recently came to an end, had called for cybersecurity to be embed in all ICT and computer engineering programmes.

For example, cybersecurity requirements need to be taught in software programming (secure coding), software and system development cycle (secure SDLC), database, operating systems, network, IT administration and management, as well as cross platform application development.

Cybersecurity-related issues also need to be introduced across non-ICT or non-engineering disciplines covering cyber law in law, fintech in finance, security risk management of network-ready medical devices in health, among others.

Meanwhile, the setting up of the Malaysia Cyber Security Academy, is expected to significantly enhance the country’s cybersecurity readiness by addressing the shortage of skilled professionals in the field.

The formation of the new cybersecurity academy will be managed by CSM in collaboration with TVET institutions, as announced by Deputy Prime Minister Datuk Seri Ahmad Zahid Hamidi last year.

Malaysia, said Prime Minister Datuk Seri Anwar Ibrahim, needs a 25,000-strong cybersecurity workforce.

These talents must include ethical hackers, to protect the country’s digital assets by 2025, he announced in 2023.

 

White hat hackers

"My interest in ethical hacking began when I came across a YouTube video in which the presenter exposed scam companies. He used his cybersecurity skills to hack into their computers, gather evidence and pass it to the police. There have been some successful cases where the police managed to gather enough evidence to stop the operations. After watching these videos, I was intrigued to learn more about cybersecurity and to use my skills to help strengthen security in the cyber world. What’s most interesting to me is that cybersecurity is always evolving and there are so many new things to learn all the time. In ethical hacking, you need to think from the perspective of the attacker in order to identify the vulnerabilities before they do."

Sheyrll Guay Ern Xin, 20

 

"I was inspired to join this field because someone in my family was a victim of hacking. So, I took up ethical hacking to understand the process and also to learn the countermeasures to protect everyone in the cyber world. Accounting, banking and many other important sectors are at risk in the cyberworld. I enjoy being exposed to the new technologies in this field. Especially now with AI, ethical hackers are able to identify different patterns in websites or servers to expose loopholes in the server. AI can also be used to find counter-measures to protect the systems."

Aldred Chee Kin Hoe, 22

*Guay and Chee are currently studying for their Bachelor of Computer Science in Cyber Security at UCSI University.

 

 

×
Follow us on our official WhatsApp channel for breaking news alerts and key updates!
ethical hackers , cyber security , cyber attacks , CSM , criminals , universities , higher education , IT , AI , UCSI , APU , UM

Next In Education
‘Chinese schools vital to education system in Sarawak’
Woman determined to sit for SPM to pursue medical dream
Training programme boosts flood crisis management skills
Building resilience
Malaysia Teacher Prize 2025
A spotlight on gender barriers
SHAPING DIGITAL NATIVES
‘We don’t want to be boss’
UTP’s water cube back in global race
A teen’s take on the Johor-S’pore link

Trending in News

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.