Protect your networks and devices from cyberattacks

Foong explaining some of the common misconceptions that leave companies vulnerable to cyberattacks. — SAM THAM/The Star

More cyberattacks are expected in 2018 and good cybersecurity practices are more relevant now than ever.

RANSOMWARE attacks will evolve and hit harder in the upcoming years, says Pikom Cybersecurity chair Alex Liew.

Speaking at the Star Empowerment: Cyber Defence & Network Security forum in Petaling Jaya recently, Liew said that most ­security experts agree that this type of malware will be prevalent throughout 2018.

Star Empowerment: Cyber Defence & Network Security.
Liew: "The reign of ransomware is far from over."

“The reign of ransomware is far from over. In 2017 alone, ­ransomware growth topped 2,500%, hitting hospitals, businesses and individual users. It will hit harder, covering a wide range of attack surfaces like varied mobile devices, operating systems, Internet-connected devices and more this year,” said Liew. 

In 2016, there were 14,627 reported cases of online scams totalling a loss of RM1.6bil in Malaysia. “Those are just the reported cases. We knew of some companies and individuals in Malaysia that fell victim to the WannaCry ransomware last year, but they weren’t officially ­reported,” he revealed.

Cybersecurity consultant Foong Chong Fook echoed this sentiment, saying that even with security ­solutions, businesses often left themselves vulnerable due to poor security habits and misconceptions about how hackers worked.

He said attackers do not pick their targets, and that every ­business was equally at risk, even if they were a small company or did not have an online presence.

Big business

According to mobile, online and digital market research specialists Juniper Research, cybercrime will rise dramatically in 2018, and will cost the world US$2.5tril (RM9.7tril) annually by 2022.

Foong, who is also the CEO of cybersecurity firm LGMS, said this was driven by the “new economy” of ransomware, where attackers would even purchase ransomware from other parties.

Liew concurred, adding: “The evolution of cyberattacks over the years show that the attackers don’t have to be as sophisticated as before, because there are tools ­easily available for cybercriminals to use.

“It started with something small like ­password guessing, and now has turned to phishing and social ­engineering.”

Social engineering aims to trick users into sharing confidential or personal information that can be used for fraudulent purposes.

Hackers are growing much more adept at getting people to open email infected with worms. (Dreamstime/TNS)
Despite many warnings, people still fall victim to phishing. — Dreamstime/TNS

One of the leading cases of data breach is human error, and despite many warnings, people still fall ­victim to phishing – the act of ­sending e-mails seeded with ­malware or designed to ­maliciously obtain valuable ­personal data.

“Social engineering will grow more complex, and more spams will deliver Trojan payloads that compromise computers when users unknowingly open a ­malicious file,” Liew warned.

Foong also expanded on this point during his live demonstration on how fake WiFi hotspots could be used to compromise a ­computer, with a case study of how social engineering using bogus e-mails could even compromise a bank.

He added other threats to expect in 2018 include social media ­spying, automated ­cyberattacks against SMEs, large enterprises and fintech systems, plus hacking using drones.

Securing your networks

For his part, Liew believed that 2017 was a year of learning when it comes to creating and ­implementing security practices.

Some key practices to follow are the increase of password strength and the need for two-factor authentication, and stringent access control to system and applications.

“To minimise risk, you have to adopt cybersecurity practices and maintain up-to-date systems,” added Liew. “We also need to ­educate users and implement best security practices.”

Star Empowerment: Cyber Defence & Network Security.
Law explained how security measures needed to become more complex to match evolving threats.

The good news is, Trend Micro Malaysia head of solution architect Law Chee Wan said there were now more security solutions like machine learning that could help keep users secure.

He said unlike older signature files system which could only detect known threats, machine learning used algorithms to predict potential and unrecognised threats. However, it is more resource ­intensive.

“Not everything new is the best, you need to blend the old and new to get better protection and avoid false positives,” said the Security Threat specialist, who has over 20 years of experience in the field.

False positives were when safe files were mistaken for threats.

Law explained that by ­combining machine learning with signature files, plus other security features like behavioural analysis and sandboxing, it creates a ­complex filter that would stop most threats from sneaking in.

Pikom’s Liew also advised users to secure their home and office networks and to use separate ­networks for IoTs. “Back up your data and avoid using free WiFi for important transactions, and use your 4G data instead. Evaluate the convenience versus the privacy trade off.”

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 18
Cxense type: free
User access status: 3

Did you find this article insightful?


Next In Tech News

Beijing dismisses alleged Chinese hacking of Indian vaccine makers
Amazon Prime Video apologises for offending Hindu beliefs in Indian political show
Facebook Oversight Board changes timeline rules for action on case appeals
Reliance Jio shops for $8 billion in India's airwaves auction
Google teams up with Allianz, Munich Re to insure its cloud users
Adevinta, eBay to sell UK units to secure $9.2 billion tie-up
'Pawri' power: 5-second social media clip pulls India, Pakistan closer
US asks Google for detailed search data in antitrust case
WhatsApp announces new feature for users to mute audio in videos before sharing
Kremlin says Elon Musk's Clubhouse invitation to Putin came to nothing

Stories You'll Enjoy