It was just another day in January 2021. Some Malaysians had gone onto the official website of the state of Perak to access public services, only to be greeted by a startling message. “Hello admin, we just found your website is vulnerable for hacktivist. Please check your website and make sure it is patched before your website gets stamped again,” the warning read.
16 other websites for local governments and universities were also defaced. This was part of a campaign by hackers from Anonymous Malaysia to highlight weaknesses in the Malaysian government’s cybersecurity, reported ZDNet.
No hacks have been discovered since February 2021, The Malay Mail wrote. But the incident points to the potential vulnerabilities of public servers and the importance of securing them. How can governments learn from breaches such as this to build cyber resilience and digital trust?
Cyber hacks through the years
Malaysia certainly isn’t alone in being targeted by hackers. Singapore suffered a much publicised breach in its health data systems in 2018. 1.5 million Singaporeans had their personal information leaked onto the dark web, including Prime Minister Lee Hsien Loong.
Besides leaking personal data, cyber attacks can seriously disrupt our lives especially when they target critical infrastructure. Estonia’s major attacks in 2007 crippled banks, the media and some government agencies. Public servants couldn’t use their email to communicate with one another, and media outlets couldn’t deliver the news.
The threat of cyber attacks can escalate to threaten human lives. Earlier this year, a hacker tried to poison a water treatment facility in Florida through its remote access software. A German patient died as the first hospital she was sent to had been hit by hackers, and she couldn’t reach another hospital in time.
On a global scale, the 2017 WannaCry ransomware attacks impacted more than 150 countries and caused US$4 billion in losses worldwide. Perhaps most frighteningly, the attacks affected a third of National Health Service (NHS) hospital trusts in the UK, with ambulances rerouted and 19,000 appointments cancelled, according to Kaspersky.
Cyber tools for governments
What new tools or strategies can help governments fortify their digital borders?
In Malaysia, TM ONE, the enterprise and public sector business solutions arm of Telekom Malaysia Berhad (TM), strongly believes that protecting critical infrastructure must become a key priority for enabling a digital Malaysia future. TM ONE’s cybersecurity solution helps Malaysian enterprises and public sector build digital trust and cybersecurity resilience, by managing five (5) key areas of risk – cybersecurity, compliance, privacy, ethics and social responsibility.
TM ONE has developed a Cyber Defense Centre (CYDEC), which is a fully Managed Security Services Provider (MSSP) that can detect, respond, predict and prevent cyber threats from a wide range of digital services in real time. These services include 5G, Cloud, Information Technology (IT), Operational Technology (OT), Internet of Things (IoT) and other Critical National and Information Infrastructure (CNII).
These solutions are crucial for organisations to safeguard their business, customer data and brand reputation from cyber threats and cybercriminals.
CYDEC was developed locally in Malaysia, and provides public and private sectors with digital trust and cyber resilience capability and capacity with its Global Cybersecurity Security Operation Centre (G-CSOC).
It is endorsed by both local cyber authorities, such as CyberSecurity Malaysia and the National Cyber Security Agency of Malaysia (NACSA), and has a Global Telco Security Alliance partner with telco giant Telefonica.
“With remote working here to stay and cloud becoming a critical component of an organisation’s digital transformation, decisions around what can be done in-house and what should be outsourced or purchased as a service can be game-changing for Malaysian enterprises seeking to turn “new normal” into an opportunity,” Maznan Bin Deraman, Head of Innovative Solutions & Cybersecurity Services, TM ONE told Business Today.
What we can learn
Never waste a crisis, as they say. Every breach presents an opportunity for governments to learn from mistakes and strengthen their cyber defenses.
The Florida water treatment facility incident, for instance, highlights the importance of security as people shift to remote working. “The problem is not the fact that remote software existed. I think the problem is that an adversary got hold of the credentials such that the adversary was able to access it,” Damon Small, Technical Director of Security Consulting at NCC Group North America, told CNN.
“Critical infrastructures will need to implement strong authentication methods when using remote access systems”, he emphasised. The world needs a passwordless-based with blockchain secure authentication to defend against credential theft.
“With more organisations and services moving to the cloud, we now see a greater evolution of threats and cybercrimes,” urged TM ONE’s Maznan. “There is an urgent need to protect digital infrastructure, data in the cloud and at every endpoint.”
As for WannaCry, its solution seems disproportionately simple for such a large scale attack. “Were it not for the continued use of outdated computer systems and poor education around the need to update software, the damage caused by this attack could have been avoided,” Kaspersky wrote.
Indeed, education and awareness are crucial in a nation’s cyber defense. Last year, Singapore launched a Safer Cyberspace Masterplan to raise general cybersecurity levels in the country. The plan will help businesses and individuals, Gwenda Fong, Assistant Chief Executive of the Cyber Security Agency of Singapore told GovInsider.
Nations will need watertight strategies and advanced Active Cyber Defense (ACD) to safeguard their digital borders. TM ONE CYDEC enables this for Malaysian organisations with real-time monitoring, simplified solutions and a comprehensive range of tools.
“Especially with the implementation of Malaysia’s Digital Economy Blueprint (MyDIGITAL), TM ONE CYDEC will ensure that government institutions can digitally transform while having the added assurance of knowing that public data is kept secure and in compliance with regulatory requirements,” Maznan concluded.