THERE should be more efforts to protect the community against cyberthreats and risks, including areas like online payments and personal data.
This is especially true with the emergence of e-wallets and the increasing number of cashless transactions among consumers.
National Tech Association of Malaysia (Pikom) chairman Danny Lee says a main concern is personal data protection, which has led to over 10,000 cases of security breaches, online theft and scams involving money.
“Despite the awareness programmes by both the government and industry, we still see a high number of such cases being reported.
“The question is, what has gone wrong? Is it the talent shortage, enforcement or simply public ignorance?” he questions.
With 5G on the cards, the main focus area on safety would be in banking, business operations and security of personal data.
“The e-wallet trend will also continue to grow, hence the security of such apps will need to be in place and upgraded as and when it needs to.
“At the moment, there are a lot of compliance aspects that e-wallets need to follow.
“Mobile security is also very important as most transactions are done on mobile platforms. Application based mobile security is also an area that should not be neglected, ” Lee adds.
Nevertheless, Lee praised the government for providing support for a safer cyberspace and for Pikom, which represents 80% of the tech sector in Malaysia.
More organisations, however, should increase efforts to build trust among consumers, says Microsoft Malaysia national technology officer Dr Dzahar Mansor.
“Only 24% of consumers in Malaysia believe that their personal data will be treated in a trustworthy manner by organisations offering digital services, ” he says.
Yet, despite widespread awareness of the dangers of poorly secured identities and passwords, customers are still our weakest link, Dr Dzahar adds.
“In fact, 63% of all confirmed data breaches involved weak, default or stolen passwords.
“We would advise people to be more vigilant and proactive when dealing with cybersecurity threats, including exerting greater caution and backing up important files so they can be restored if encrypted by ransomware, ” he urges.
Another trend is the use of outdated or pirated software, which remains prevalent despite widespread awareness of its risks.
“With over 75 billion mobile devices anticipated to be in use globally in 2020, gaps in outdated software and unsecured devices provide a wide range of vulnerabilities for cyber attackers to exploit, ” he points out.
As such, Dr Dzahar advises everyone to ensure that the software they are using is authentic, up-to-date and secure.
CyberSecurity Malaysia chief executive officer Datuk Dr Amirudin Abdul Wahab concurs that the fraudulent use of payment networks and data theft have gone up.
“There are several forms of cyberattacks where criminals look for vulnerabilities associated with the technology and use it to their advantage to trick people.
“For example, the 2012 Google Wallet was hacked and exposed user PINs which eventually made it available for the perpetrators to login to accounts for their own use, ” he illustrates.
In another incident, the Starbucks app was hacked in May 2015, which automatically withdrew funds from a user’s bank, credit, or PayPal accounts.
“In Malaysia, there were a few cases reported on users’ bank accounts being manipulated.
“For example, a user receives a TAC number through SMS, which was generated by someone who had access to the user’s account and made an illegal transaction without the user knowing about it, ” Dr Amirudin explains.
The perpetrator then sends a message to the user explaining that he had accidentally key-in the wrong mobile phone number belonging to the user and asks the user to share the TAC code with the perpetrator.
Right after the TAC number is shared, the money in the user’s bank account can be drained out.
“This is one of the tactics being widely used by criminals by manipulating the banking system and processes, ” he highlights.
Other cyber threats and risks include email hacking, malware and ransomware.