We’re all going to have to change how we think about data protection. 

– Elizabeth Denham, UK information commissioner

We have left behind 2020, but the Covid-19 pandemic is still around, and our standard of living and business activities are severely affected.

We are all constrained by physical distancing and face masks, and the fear of being infected by this fatal virus has forced us to avoid crowds.

To compensate these constraints, fast adoption into digital environment is becoming very strategic and getting into hybrid business — both physical and digital — is an act of survival.

Moving into this direction provides new opportunities, where physical constraint is compensated through online businesses and marketplaces with potential of bigger market demands.

As the world is moving faster into Industrial Revolution 4.0, driven by a higher demand in smart digital services, cybersecurity and digital privacy remain a major concern in underlying deployment of digital technologies, platforms, and applications.

According to co-founder and Group CEO of Serba Dinamik Holding Berhad, Datuk Dr Mohd Abdul Karim, in a recent interview with Astro Awani, Serba Dinamik’s business focus on the ICT sector is driven by five focus areas, namely cloud computing and data centre, cybersecurity, artificial intelligence (AI), financial technology (Fintech), and futuristic technology.

Futuristic Technology encompasses virtual reality, robotics, smart IoTs and holograms, among others. These focus areas are key to the business growth and enabler to accelerate local and global digital economy.

On another news, our cyberspace was intruded last week on Dec 29, 2020. The Malaysian Armed Forces (MAF) confirmed that its network was the target of a cyberattack by hackers attempting to steal information and disrupt its services. “We confirm that there was a cyberattack on network data belonging to the MAF,” said Sarawak-born MAF chief Gen Tan Sri Datuk Seri Affendi Buang.

The incident was detected by the Cyber and Electromagnetic Defence Division (BSEP) and Cyber Defence Operations Centre (CDOC).

However, the attack only involved certain segments that had been placed out of the network from the very beginning and did not affect the actual operation of the portal.

“The cyber security aspect of ATM is always on standby to ensure any threat to disrupt the defence communication network can be detected early and handled properly,” said Affendi.

Some cybersecurity analysts attributed this cyberattack to the angry sentiments from a neighbouring country, which can be proven by examining the web server event logs relating to this attack and correlating it with other relevant parameter defence devices activity logs.

Correlation is an important technique of digital forensic investigation and this analysis can determine whether the web server was compromised at its root level, which can provide superuser access to the attacker to alter the activity logs and remove their attacking traces.

A Sample of the cyber graffiti picked from the Internet, related to the Dec 29, 2020, Black Monday cyberattacks. Source: Unknown/Dark Web

My personal analysis from correlating several press statements published is, this attack points towards web defacement. From my past experiences, web defacement attack techniques are possible when the web server environment is not updated or patched on time as recommended by cybersecurity best practices.  Let us allow the police to conduct their investigation.

In other related news on August 17 last year, around 70 documents from the Royal Malaysian Navy were uploaded to the Dark Web, as reported by the Singapore newspaper, The Straits Times. The report claimed that the uploaded information was to be from several sources that hacked into email accounts of military personnel.

The Royal Malaysian Navy Headquarters Strategic Communication Branch, in a statement responded that it had taken note of the issue and would investigate the cause and source of the information leak. The officials from RMN confirmed that their information and communication technology system is intact under the close monitoring of the Malaysian Armed Forces Cyber Defence Operations Centre. In recent US news, it was reported that an Advance Persistent Threat (APT) attack had infiltrated many organisations, including US government agencies.

They did this by distributing backdoor software, dubbed SunBurst, by compromising SolarWind’s Orion IT monitoring and management software update system. Based on SolarWind’s data, 33,000 organisations use Orion’s software, and 18,000 were directly impacted by this malicious update.

It is important to understand the comparison between cyber incidents in Malaysia and the US. We should take note that ours is a noisy attack, a reflection of anger sentiments projected openly on purpose and the later was quiet and surreptitiously done and nobody knew until it was too late, a different level of attack with a high degree precision executed by highly skilled attackers. The US APT-based attack is definitely scarier and poses major concern to national security.

Serba Dinamik’s cybersecurity response to the need for a sustainable cybersecurity and digital privacy protections is a collaborative digital platform called E-Security and Privacy Channel or ESPC in short, dedicated to increase local and global cybersecurity collaborations, increase online safety measures and provide a high standard of digital privacy services.

No nation state or industry player can handle these complex problems alone with so many layers to breach, 360 degrees around the clock.

Thus, the ESPC digital platform focuses on combined offerings of affordable solutions and services that can serve governments, companies, communities, and families better.

The use of new technologies such as AI, data analytics, and virtual reality are expected to improve ESPC cyber emergency response services to become more user friendly to the grassroots, with a larger pool of strategic partners to work with and good follow-through services. ESPC looks at solving human issues as its primary focus.

A unique feature of ESPC is a convergence of core strategic service components that can help to communicate and service customers better, namely its media journalism component, lifelong education component, digital marketplace business component, research and development component and community services component. 

All these components are integrated within one digital platform and they interact with each other in a seamless way. New component may be introduced as the need arises or new threats category emerge.

Everyone should start getting interested in understanding cybersecurity and online privacy issues. Just like our physical world, we must be vigilant of any potential crime around us and take necessary steps to protect ourselves and our families. By connecting to the ESPC digital platform and its services, citizens can obtain reliable early warning news and messages of potential risks to family, business, and personal safety online.

As cybercrime cases cannot be eliminated entirely, we need to acknowledge that cybercrime prevention can only be effective when communities and NGOs, companies, government authorities, law enforcement agencies and the judiciary system come together as a solid ecosystem with strong global cooperation and connections at all levels.

ESPC has many important international connections to offer in making safe and secure digital living and lifestyle. To date ESPC is operating with partners in Australia, Indonesia, Singapore, Tunisia, Turkey, Namibia and USA. We are connecting to more countries as we go along, including 24 countries where Serba Dinamik is operating and OIC member countries, where ESPC has been accepted as a member of the OIC Computer Emergency Response Team network.  

We welcome new collaborators and interested partners to join hands in making cyberspace a safe and secure place for everyone.

To cybersecurity students around the world, looking for a place of internship and final year project, do contact us at the first opportunity basis, as ESPC has many interesting projects to embark.

Those interested to know more about ESPC cybersecurity and privacy services, please go through the ESPC website at https://www.espc2go.com; search for keyword ESPC on Instagram, Facebook and LinkedIn or contact us directly at drjazz@espc2go.com for further inquiries.   

Till then, stay safe and think before you link! Prevention is cheaper than cure when facing cybercrimes.

Assoc Prof Col (r) Datuk Dr Husin Jazri CISSP is Senior Vice President Cybersecurity, Serba Dinamik Group Berhad and Chief Editor of ESPC. He is a member of UNIMY Board of Governance/member of Malaysia Crimes Prevention Foundation. Husin obtained his PhD in Computer Science (Cybersecurity) from National Defence University of Malaysia, Masters (Distinction) in Information Security from Royal Holloway University of London, UK and MBA from University Putra Malaysia. (Email: hjazri@e-serbadkgroup.com)

The views expressed are those of the author and do not necessarily reflect the official policy or position of the New Sarawak Tribune.