Staying Ahead of Cyber Threats

By

Visitors to IMPACT reflecting on cybersecurity statistics (Photo credit: 19 MNA 69)

Visitors to IMPACT reflecting on cybersecurity statistics (Photo credit: 19 MNA 69)

By K.T. Thamby

In February this year, expert hackers managed to loot US$45 million from thousands of ATMs in a matter of hours. It was a carefully planned operation involving people in more than two dozen countries, acting in close coordination and with surgical precision, according to a  New York Times report, which added that, in New York City alone, the thieves struck 2,904 ATM machines over 10 hours starting on Feb. 19, withdrawing US$2.4 million.

What is said to be the biggest heist in history of New York City is merely the tip of the iceberg in the examples of the catastrophic consequences of cyber crimes. According to the Norton Cyber Crime Report 2012, cyber thieves have stolen about RM331.7bil worldwide at an average of RM593 per victim.

Cyber threats, the fastest growing crime today can be defined as malicious intrusions into cyber networks using vicious codes including viruses, worms, spyware, and malware with the intention to cause harm. Harm here can range from the stealing of pertinent or personal information and money using a phishing site, to disabling vital systems that can cause huge losses to governments and organisations. Motives range from mere mischief to espionage and terrorism. It is can either be an inside job or perpetrated from thousands of miles away.

According to Security Research Firm Symantec, the highest rates of cybercrimes are found in areas with uninterrupted internet connectivity.

The Malaysian cyber threat landscape is no less alarming with over 10,000 cases reported every month up till August last year, according to Cybersecurity Malaysia. It received over 8,000 reports about cybercrimes via its cyber999 hotline. In addition, its Cyber Early Warning System detected over 5,000,000 security threats up until August last year.

While Symantec has named the United States as the country with the most number of cybercrimes, Sophos Security Threat Report 2013 has identified Malaysia as the sixth most vulnerable country to malware attacks through mobile devices and personal computers.

IMPACT’s Philip Victor says that the most obvious risk of cyber threats today comes from mobile devices that are used as business tools.

IMPACT’s Philip Victor says that the most obvious risk of cyber threats today comes from mobile devices that are used as business tools.

“There are more than enough reasons worldwide and even in Malaysia to show why companies should start investing in cybersecurity”, said Philip Victor, Director of Policy & International Cooperation for the International Multilateral Partnership Against Cyber Threats (IMPACT).

“In today’s highly connected business environment, cyber threats is an everyday risk for a company, and the most obvious is the risk imposed by mobile devices that are used as business tools. These devices can be used as a conduit to transfer malware into a company’s internal network and resources,” he told Business Circle.

In its Threat Landscape report, The EU’s European Network and Information Security Agency described an “exponential increase in threats” in mobile computing, citing the use of private devices in business as one reason for the change.

Calling cybersecurity a crucial investment, Philip said that companies must approach cybersecurity in a holistic manner, which includes a proper framework with security policies, infrastructure and competent security professionals. “There must be a cyber incident response mechanism which is able to identify and prevent intrusion as well as mitigate the effect of the intrusion.”

The increase in the worldwide incident of cyber threats is the very reason behind the formation of International Multilateral Partnership Against Cyber Threats (IMPACT), the first global public-private initiative against cyber threats and a platform for public-private collaboration in creating a secure cyber network worldwide.

“At IMPACT, we not only advocate collaborative effort by sharing of expertise but also capacity building as a precautionary move. Capacity building includes putting in place the infrastructure and expertise needed to create a secure system with a capable respond mechanism to cyber attacks,” said Philip.

IMPACT was formalised in 2008, an initiative led by the then Prime Minister Tun Abdullah Ahmad Badawi at the World Cybersecurity  Summit which was the largest ministerial-level gathering ever organised on cyber threats  — an effort which projected Malaysia as a global champion in the fight against cyber crimes. IMPACT’s Global Headquarters and permanent secretariat is located in Cyberjaya, Malaysia.

In September 2011, IMPACT became the cybersecurity executing arm of International Telecommunication Union, a specialised United Nations Agency for ICT, tasked with the implementation of United Nation’s cybersecurity agenda. IMPACT has 145 member states as well as industry and academic partners who are part of the global collaborative effort in the fight against cyber threats.

IMPACT provides its member states access to expertise, facilities and resources to effectively protect their ICT infrastructure and respond to cyber threats. The cybersecurity services provided for member states include remote monitoring, vulnerability assessment, establishing a cyber incident respond team (CIRT), cyber drills and workshops and training programs.

“Training is a key area for IMPACT as it supports our mission to push for the development of more competent cybersecurity professionals worldwide. Last year we conducted training for 500 cybersecurity professionals worldwide.”

He added that all training courses, specialised seminars and workshops are conducted in collaboration with leading ICT companies and institutions including ITU, EC-Council, (ISC)² and Honeynet Project. “One of the courses IMPACT conducts is (ISC)²’s Certified Information Systems for Security Professionals (CISSP), which is globally recognised as the industry gold standard of achievement to signify absolute competency in the field of information security.”

 

Leave a Comment