Countering ICT threats
By Rozana Sani
24th July 2003 (Computimes)

ORGANISATIONS in most major sectors are prone to information and communications technology (ICT) security threats due to a lack of appropriate security measures.

Based on statistics compiled by the National ICT Security and Emergency Response Centre (Niser), about 67 per cent of security incidents happen in the private sector which include financial institutions. Other sectors such as the education sector has about 18 per cent security incidents, government at 10 per cent, and non-profit organisations at five per cent, said Niser's director Husin Jazri.

"Thus far, a total of 393 ICT security cases have been reported to the Malaysian Computer Emergency Response Team (MyCERT) in the first six months of this year," he told Computimes last week. Last year, MyCERT had received a total of 739 ICT security cases.

According to Husin, the threats are contributed by three main factors - people, technology and adequacy of processes instituted in the organisation.

"Security threats constitute to the bulk of incidents as most of the cases that were reported to MyCERT are hack threats and viruses," he said.

"Whenever a new virus or new vulnerability is found, the statistics for virus and hack threats will rise more than double from the previous month."

On measures organisations should look into to guard against ICT security threats, Husin said top management commitment coupled with effective policies would go a long way in reducing risks related to the people factor.

"There are the international standards out there that can be referred to such as ISO17799, ISO13335, etc," he said.

"Education and training to users on the best practices should not be underestimated."

As for the technology issue, organisations should implement host and network based-perimeter defence, Husin said.

"Host perimeter defence such as host anti-virus software and personal firewalls will defend the borders of your computer. They will also act as an additional layer of protection," he said. "Meanwhile, the network perimeter defence such as gateway anti-viruses, firewalls and intrusion detection systems will defend your network from intruders."

As for processes, Husin said there is no fix rule on what is adequate. "Referring to best practices is always the best."

Some of these best practices can be referred to at the MyCERT Web site; Safe Email Practice at http://www.mycert.org.my/faq-safe_ email_practices.htm and Home User PC Security: Know the Threats and Countermeasures at http://www.mycert.org.my/homepcsecurity.html.
   

COPYRIGHT © - CYBERSECURITY MALAYSIA
CONTACT US PRIVACY NOTICE DISCLAIMER SITEMAP