Beware, today’s hackers are after five personal data used for passwords – full name, identity card number, handphone number, home address and email address.
Malaysia Cyber Consumer Association (MCCA) president Siraj Jalil said most users create their security passwords based on that information as they are easy to remember.
But these passwords make it easier for hackers to crack, allowing them to conduct exploitation activities, especially those involving accounts with banking institutions.
“This is just human psychology... Simple passwords based on our own background are easy to remember and the choice of convenience plays a key role in password creation.
“For example, the last four digits of the IC are ‘0000’ with the same digits used for the email address... the chances are high for the user to use similar digits for other passwords.
“For some people, it is not uncommon to provide this data as general information but they must not let their guard down as the consequences of using personal information as your passwords, could be quite severe,” he told Bernama recently.
He said there were several cases of cyber attacks on user accounts especially involving financial institutions when hackers could easily break into users’ accounts based on the five personal data.
Hacking user accounts
Siraj said today’s users are more exposed to cybercrime threats, noting that every piece of information including online financial transactions is susceptible to risks.
According to media reports last March, staggering losses of RM2.23 billion were recorded within five years from 2017 to June 2021 due to cybercrime.
Studies revealed in the book ‘Jenayah Siber di Malaysia: Impak Leluasa Internet’ (Cyber Crimes in Malaysia: Pervasive Impact of the Internet), published by the Institute of Public Security of Malaysia (IPSOM), showed that almost 70 percent of commercial crime cases are now categorised as cybercrime.
On Aug 11, Bernama reported that Malaysia recorded over 20,000 cyber crime cases last year with losses amounting to RM560 million.
The cases recorded included cyberbullying, falsification, hacking, phishing and e-mail scams which are increasing each year.
“There are two ways of looking at data leakage namely data privacy and data sovereignty.
“Data privacy may be difficult to determine but users can empower data sovereignty, meaning that they know their data is used and for what purpose. That is what we are striving for to ensure the overall security of users’ data is safeguarded,” he said.
Blockchain technology
Touching on basic data storage technology, Siraj said it is kept in the server and controlled by the intermediary.
He said cybercrime takes place when the party responsible for safeguarding the data from intrusion fails to protect the system from hackers who are one step ahead and can break through cyber security defences, noting that integrity and ethical issues are also related to cyber security of an organisation.
If the protector fails to protect the cyber security data, hackers can easily break into the system server and steal the data, and worse still, they are able to make changes to the data.
“To address data leakage issues and protect data from alterations by hackers, blockchain technology can be applied by the cyber security industry.
“Blockchain technology, often linked to Bitcoin, refers to decentralised data technology, which differs from centralised data as every transaction process requires prior confirmation from the community (user’s account).
‘With blockchain technology, we can access and trace the transaction conducted from the beginning, besides data transactions such as the digital address of the sender and recipient, transaction date and total transactions that are accessible and traceable. Data stored in the block cannot be altered or updated,” he said.
Blockchain resides in the public network without control from any authority and hence embraces the data transparency principle, he added.
However, Siraj said there are hurdles to using the technology in a holistic manner, among others high costs, which party is responsible for governing the blockchain technology and the willingness to change from the conventional data storage method.
“Without a doubt, there are many obstacles to change although it has proven to protect users’ data from cybercrime, hence, almost all organisations still use data storage servers such as Cloud, Google Cloud, Web Services or Alibaba Cloud.
“Almost all big corporations will have a centralised data centre in the country and will store their data there. However, once the data is kept at the owner’s data storage centre, is there a guarantee that the party that stores and protects the data would not misuse the data?
“There exists the issue of integrity involving trust towards the party that is holding the data. There are too many issues related to stolen or leaked data which goes to show that it is too easy to get hold of them,” he added.
According to Siraj, the high demand for certain data has led the dark web market to flourish.
Commenting on recent news reports, quoting a statement from a group of hackers identifying themselves as the "Grey Hat Cybersecurity Organisation" who claimed that they could break into the civil servants' ePenyata Gaji (ePaySlip) system, Siraj said intelligent scam activities allowed hackers to gain various data of users including their financial status and subsequently access their accounts.
In an email to the media, the group claimed they could extract nearly two million payslips and tax forms of civil servants.
Beware of actions
Meanwhile, Digi Telecommunications Sdn Bhd head of data protection Kulani Geeta Kulasingam said users should be cautious when using the internet to protect their personal information.
She suggested that users create a password with unique identification and be cautious of suspicious phone calls and at the same time understand the basic requirements in cyberspace.
“Users should not indiscriminately download files as they are feared to contain malware (software that is intentionally designed to cause damage to a computer, server, client or computer network) that can track all their data.
“Be extra cautious when using social media, especially when uploading any information that exposes our own identity.
“For example, other individuals can use the information that we shared such as home address, workplace, school location, etc, for fraudulent gain, ” she said, adding that the best way to use social media is to keep personal information limited to a list of trusted friends.
Kulani urged users to immediately contact the financial institution involved or change similar passwords used for other accounts if they are suspected to have been leaked.
“This is one way of avoiding identity fraud in cyberspace and users can activate their password through the 2FA or Two Factor Authentication as a security measure,” she said.
Through 2FA, once users key in their password, a security code will be sent to their phone number or e-mail.
"Today, the public is more cyber-literate on issues related to personal data and we will continue with our efforts to educate the people on data safety.
“Users should be exposed to safe behaviours when they are in cyberspace, hence reducing the risks of falling prey to cyber intrusion,” she added.
Digital communication illiteracy
Sharing his thoughts on the issue, Universiti Utara Malaysia’s Mohd Khairie Ahmad said digital communication illiteracy can trigger the data leakage phenomenon.
The senior lecturer at the School of Multimedia Technology and Communication said the level of public cyber security awareness and understanding is lower compared to its usage, which is very high at 98.9 percent of the population aged 16 to 64 years old who use the smartphone while 89.6 percent of Malaysians have access to the internet.
“The imbalance between the level of usage and the level of cyber security practices is among the key sources of data leakage. We know how to use (technology) but are not smart in managing digital communication matters.
“Our people often take a quick and easy approach in using either devices or online applications but are lacking in risk assessment of their actions. Besides that, the inability to analyse risks or to factor in cyber communication aspects also contributed to the problem,” he added.
According to Khairie, the economy in today’s cyber communication era is information-driven, making various types of data a commodity or a base for the majority of products and services, and a swift medium to acquire data through applications developed by various organisations.
The use of applications, he said has become a culture not only related to business but also involves social activities as well as entertainment for the community.
Many people are still not aware that the phenomenon has exposed them to high risks of cyber threats and security through sharing of various information that is required to activate their applications.
“The extreme apps culture and the herd mentality attitude also pose risks for netizens. From other aspects, authorities in digital communication should seek a more effective control and monitoring mechanism.
“As an example, any organisation intending to develop an application must obtain approval or recognition from the Malaysian Communications and Multimedia Commission (MCMC) or the National Cyber Security Agency (Nacsa).
“In fact, the relevant authorities should introduce certification for applications produced in the country. This is to protect the public from the potential risks of an application. We need a ‘fast route’ to protect netizens who may take a longer time to be cyber security-literate,” he explained.
Mental health threats
The higher incidence of data leakage is translated to greater risks of potential losses for the nation.
A total of 12,092 online fraud cases with losses amounting to RM414.8 million were reported from January to July.
Between 2019 to July 2022, a total of 33,147 suspects in cyber fraud cases had been arrested with 22,196 cases charged in court.
“The Malaysia Cyber Security Strategy 2020-2024 publication has cited a 2018 study by Microsoft and Frost & Sullivan which had forecast losses to the national economy due to cyber threats would reach RM51 billion.
“The business ecosystem will be affected as cautious investors would move elsewhere to protect themselves against cybercrime.
“The higher losses due to cyber threats to data leakages could potentially increase mental health risks to the community. Those who suffer losses are more likely to suffer from emotional and psychological depression,” he said, adding that the risks of data leakages can have negative spill-over effects on the people’s well-being.
To address the data leakage issue, collaborative efforts are needed from all parties, he said adding that from the legal aspects, the government should review Act 709 or Personal Data Protection Act 2010 to ensure parties collecting and storing digital data, in particular, exercise greater accountability.
“From the governance aspect, organisations should embrace the ISO 27001, an international standard that describes best practices for an Information Security Management Systems.”
He added that the authorities should also take stern action toward any parties for failing to provide a secure and safe cyber ecosystem.
Khairie also stressed that cyber security-literacy awareness should be enhanced among the public at every age level including those related to cyber consumer practices and rights.
In addition, users should be brave enough to demand that sensitive data are not released through their mobile apps, he said.
- Bernama
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.