When statistics count for less
13th February 2007 (The Star)
By CHRISTY LEE S.W

LANGKAWI: Cybersecurity should not just be about how many PCs got infected last year but more about the sophistication and complexity of cyberattacks.

Security expert Graham Ingram said statistics alone is not as important. "Attacks nowadays are very targeted anyway (instead of causing widespread damage)," he said.

The danger lies in attacks so complex that they can defeat existing security programs, and worse, go undetected.

To counter the increasing sophistication of cyberattacks, he said, security agencies need to educate all PC users on the dangers of the Internet.

He said banks, schools and software vendors must first be educated and they will pass on the knowledge to home users.

"We should also educate vendors so that they make products that are safer by design," said Ingram, who is general manager of the Australia Computer Emergency Response Team (AusCert).

He was speaking at a press conference during the Asia -Pacific Computer Emergency Response Team (APCert) annual general meeting, hosted by the Malaysian Government here last week.

Yurie Ito, Japan Cert Co-ordination Centre director of technical operation, said home users could also be educated on Internet security issues and precautions via the media.

"Home users do not get Cert reports, but they read newspapers and magazines," she said.

There were 1,372 cybersecurity incidences in Malaysia last year and 865 in 2005, according to the Malaysian Cyber Security Agency.

APCert is a non-profit organisation that represents a collaboration of Computer Emergency Response Teams (Certs) and Computer Security Incident Response Teams (CSIRTs) from various countries.

These organisations are set up to monitor the national cybersecurity landscape of their respective countries.

MyCert, which is under the Malaysian Cyber Security Agency, was elected to the chair of APCert during the annual general meeting. The post was formerly held by AusCert (Australia).

Husin Jazri, director of the Malaysian Cyber Security Agency, said APCert plans to encourage countries outside of Asia-Pacific to set up Certs, including the Middle-East.