After Immigration hack, experts say more preventive measures needed for national cybersecurity


PETALING JAYA: With another instance of a public sector website being compromised, cybersecurity experts say it is high time the government takes cybersecurity measures more seriously.

Founder and chief executive officer of cybersecurity firm LGMS Berhad, Fong Choong Fook, said website compromise was something that should never happen in this day and age.

ALSO READ: Immigration DG confirms department website hacked

“There are so many available technologies – some even free – to help organisations protect their sites.

“Defacement hacking should be a thing of the past... we notice a serious lack of initiatives to keep even simple websites secure," he said when contacted.

On Tuesday (April 4), the Immigration Department confirmed that its website was attacked by hackers.

In a statement, Immigration director-general Datuk Ruslin Jusoh said the website was hit by a cyberattack at 2am by a hacker going by "CaptainSmok3r".

Other links related to Immigration services such as myImms, SSPI and others were unaffected by this incident, Ruslin said.

Website defacement refers to an attack that alters a site's visual appearance or content.

He said the government could perform regular security health checks to mitigate these occurrences.

ALSO READ: Britain sounds alarm on Russia-based hacking group

“The assessments should also be done by professionals. If this is not addressed, we may continue to see website defacements or worse, data leaks,” he said.

A vulnerability assessment was one possible preventive measure, Fong added.

This is a testing process used to identify and assign severity levels to as many security defects as possible in a given timeframe.

“This may involve automated and manual techniques with varying degrees of rigour and an emphasis on comprehensive security coverage,” he said, adding that like medical health checks, security health checks should be done yearly.

“This is to ensure there are no loopholes on websites. Again, these incidents could be prevented through such checks," he said.

ALSO READ: Ministry to introduce anti-hacking app, says Annuar

Universiti Sains Malaysia cybersecurity expert Assoc Prof Dr Selvakumar Manickam said anyone with basic knowledge of web services architecture and hacking could easily carry out defacements.

He said such instances could lead hackers to look for other system vulnerabilities, resulting in more serious implications such as data manipulation or leaks.

“Although defacement alone does not indicate a leak or breach, it does give the hacker the opportunity to probe further and scan for other loopholes,” he said.

He strongly urged the government to give more serious attention to such matters as national security was involved, echoing the call for annual security checks and preventive measures.

ALSO READ: Data of Malaysians born between 1940 and 2004 allegedly being sold for over RM40,000

In the short term, Prof Selvakumar said cybersecurity requirements should be made mandatory for any new government agency systems.

“Tests must be done annually, with new security practices and mechanisms... implemented the moment they are released.

“For example, when a patch is released for certain software, the government should apply it immediately,” he said.

He added that education and awareness on cybersecurity aspects were also needed for government officers.

In mid-May last year, a data leak was reported by local tech portal Amanz, where a 160GB database with personal details of 22 million Malaysians belonging to the National Registration Department was being sold for US$10,000 (RM43,950) on the dark web.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Nation

Travellers from 36 more countries eligible for auto-gate facility for immigration clearance, says Saifuddin
Comms Ministry to include veteran performers in events, programmes
Youths in hot water with police after cooking at Genting petrol station
A total of 155 conflict cases with elephants in Johor last year
Media cooperation vital to instil a culture of road safety, says Loke
Johor attracted RM43bil in investment last year, state assembly told
Local fishing vessel detained by MMEA during Ops in Johor waters
Tiger killed after being hit by car in Bentong
Two held for misappropriating over 13,000 litres of diesel in Penampang
Pak Lah's 'crystal' vision for T'gganu

Others Also Read