Proactive take on cybercrime
22 October 2007 (New Straits Times)
By Izwan Ismail

Local cybercrime activities are increasingly becoming more money-motivated acording to the latest statistics from CyberSecurity Malaysia.

Its chief executive officer Lt Col (R) Husin Jazri said the current threats are a compromise of systems through automated tools and ofline fraud, including identify theft.

Forty-five per cent of the reported incidents this year as at July are related to system intrusion while 34 per cent are online fraud. Last year, the two categories made up about 86 per cent of all reported incidents.

"These cyber threats, which previously were done for thrills, are now done for financial gains. Hackers, fraudsters and criminals are working in tandem, across borders," Husin said.

Companies and Internet users need to be aware of two types of cybercrime: soft attack and hard attack. Soft attack-type of cybercrime is content-related and aimed at the mind of Internet users. Such attacks include posting of seditious content aimed at encouraging social disruption such as racial hatred.

"As Malaysia is a plural society, seditious form of attacks could create a greater negative implication that could threaten national security, wealth creation and the well-being of the country," Husin pointed out.

Hard attack-type of cybercrime, on the other hand, refers to technical attacks such as hacking that involves third-party intrusion of a network infrastructure, phishing or identity theft as well as intentional release of viruses and worms into a network.

As a safety measure, organisations that rely heavily on information and communications technology (ICT) need to have highly qualified information security professionals to secure the organisation's environment, Husin advised, and that the country needs more certified information security professionals.

He suggested that companies set up a security management and best practices department to provide approaches in ensuring secure business operations by adopting good information security best practices.

"This can be achieved through the information security management system and information security standards from the ISO 27000 series and best practices," he said, adding that CyberSecurity Malaysia encourages organisations to implement business continuity management standards and guidelines to ensure organisational sustainability.

Commenting on CyberSecurity Malaysia's role to help organisations address cyber security issues, Husin said the body has taken a proactive approach to fill the gaps by providing a platform for information security professionals to go one step further through certification.

He added that CyberSecurity Malaysia now plays a developmental role in cyber security to all societies that use the Internet such as the public and business communities. This role includes the introduction of Cyber999, a service to serve the local Internet community, addressing cyber security and safety issues such as identify theft, system intrusions and virus attacks.

Cyber999 helps Internet users to detect, interpret and respond to computer security incidents; alerts them in the event of a security breach; and co-ordinates expert advice while rendering remedial help. The service can be reached at cyber999@cybersecurity.org.my.

According to Husin, digital forensics services are also provided to support enforcement agencies in their crime-fighting efforts.

Another role played by CyberSecurity Malaysia is in providing security assurance service, where local ICT security products can undergo an evaluation in terms of information security to meet international standards. "This way, CyberSecurity Malaysia can assist local ICT security product manufacturers gain international market accessibility," Husin said.