Well structured cyber-criminals on the prowl, warns cyber-security agency boss

Hacking is no longer for fun but is increasingly profit-oriented.

KUALA LUMPUR: The head of the national cyber-security agency has warned that Malaysia is vulnerable to increasingly well structured cyber-criminals who are leveraging on new and emerging technologies for monetary gain.

Amirudin Abdul Wahab, the CEO of CyberSecurity Malaysia, an agency under the Ministry of Communications and Multimedia, told FMT that cyber-security threats were constantly evolving parallel to the emergence of new technologies, resulting in an even higher need for holistic cyber-security measures.

“Nowadays, the threat is getting more advanced, it’s not just hacking for fun. They use it for financial gain, and are profit-oriented,” he said.

Calling it a global threat, he said organised cyber-crime networks were structured just like companies in the corporate sector.

He said the malware and tech used could bypass normal anti-virus software, and they might launch attacks from anywhere in the world.

“All countries and entities that are exposed to a network are exposed to the risk of being attacked – even individuals,” he said, adding that the threats could be technical like malware and also non-technical, such as the dissemination of politically inflammatory content.

“It’s not as straightforward as it used to be,” he said.

Asked if Malaysia was equipped to face such threats, he said they tried to be ahead but there was no guarantee that cyber-criminals would not catch up with the cyber-security measures put in place.

“It’s not a Malaysian scenario, but a global phenomenon,” he said.

He added that public awareness of cyber threats was still insufficient.

Amirudin Abdul Wahab.

“Most people only talk about the good side of technology. Information Communication Technology (ICT) is all about communication, enhancement, efficiency, productivity.

“People don’t talk about threats, which are sometimes seen as an afterthought,” he said.

He said organisations must leverage on new technologies by not only having responsive or preventive measures, but also detection and predictive capabilities.

“We need to detect and predict possible threats before things happen by looking at anomalies and patterns using data analytics,” he said.

However, he noted the lack of competent human capital to face increasing cyber-security threats.

“Not everyone is trained and exposed to these technologies, so they may not be able to manage it well. When it comes to cyber-security, the approach has to be holistic – not just focusing on the best technology, but we also need competent talent.”

He said training, competency programmes and professional certification were therefore important to build the right talent.

However, he said cyber threats reported to CyberSecurity Malaysia’s hotline MyCERT (Malaysia Computer Emergency Response Team) in general, were “under control”.

Normal cyber attacks did happen, but so far none were uncontrollable or threatened national security, he assured.

Members of the public may report cyber attack incidences to [email protected] or by calling 1300 88 2999.