PETALING JAYA: Consumers who may be affected by data leaks should change the passwords they use for their emails and online banking websites, says a digital security expert, in the wake of reports that the data of some 46 million mobile users in Malaysia had been leaked online.
In an interview with FMT, Kane Lightowler, the Asia Pacific and Japan managing director of Carbon Black, an endpoint security company, said this was because the data could be manipulated by cyber criminals to harm individuals and organisations.
Lightowler said although it would be difficult for the layperson to find out if their data had been leaked to the dark web, they could still take steps to minimise their risks, on top of changing their email and online banking passwords.
This, he said, included calling credit companies and banks for extra monitoring of their accounts.
“Many banks offer alerts on purchases where the consumer can set a threshold on price or geographic location. If anything looks suspicious, the consumer will know right away,” he told FMT.
He added that at one point or another, everyone would be affected by data leaks in some way, given the amount of information available online.
This, he said, included organisations. The data of senior management – such as chief executive officers (CEO) and chief financial officers (CFO) – could be “used” by cybercriminals, who may include rogue individuals or groups, and even state-sponsored cybercriminals.
“The cybercriminals would use the leaked data of CEOs and CFOs to send their targets a message to transfer money.
“Also, any intelligence agency would be more than happy to have access to this much data on mobile users.”
In the case of organisations, Lightowler said they should invest in a multi-layered security infrastructure to prevent attacks from every angle, as well as a real-time surveillance system to identify and stop attacks before they could do real damage.
“According to the International Data Corporation (IDC), a United States-based market intelligence organisation, 84% of organisations across Asia Pacific and Japan are operating with less-than-ideal IT security strategies in place.”
He added it was also important for organisations to collect detailed information on security threats at a granular level to gain an insight into why and how a cybersecurity breach occurred, with the end goal of making it harder and more costly for cybercriminals to do their work.
More importantly, Lightowler said, when it came to cybersecurity, the human was often the weakest link, and this was why it was crucial for all employees to know their role in ensuring data security.
As for the role of the government, Lightowler said one immediate step it could take to better protect its citizens would be to push for cybersecurity legislation and also work closely with the private sector, especially on the latest threats.
“Attackers often work together to succeed. Governments and private institutions should be doing the same with their own good guys.”
He said this would be a more practical move than tracking down cybercriminals and trying to prosecute them, due to the complexities of different international and extradition laws on the matter.
“Thanks to recent headlines, cybersecurity is in the spotlight. As a result, we’ll hopefully see governments and business leaders make a concerted effort to prioritise defence against advanced cyber attacks.”
He said while it was good that more organisations were allocating funds to this end, sadly, too many organisations were still under-educated and simply ‘checking the box’ by implementing the bare minimum.
“This is a recipe for a major recovery bill down the road when the inevitable attack does occur.”
Earlier this month, it was reported that data from over 46 million mobile numbers from Malaysia had been leaked online.
The data, from Malaysian telcos and mobile virtual network operators, included postpaid and prepaid numbers, customer details, addresses as well as SIM card information.