Newer forms of digital threats
Published on: Sunday, August 11, 2024
By: Sherell Jeffrey
From left to right: Alvian, Azizah, Farashazillah
Kota Kinabalu: A new breed of digital threats powered by artificial intelligence has started to emerge at breakneck speed, with the Sabah government systems facing between one to two million attempted intrusions each month, according to Sabah State Computer Services Department Security Operation Centre Manager, Mohd Alvian Zaidy Abd Sitia.
“This isn’t unique to us. Governments and organisations worldwide are under constant siege from cyber attackers,” he said in his talk “Cyber security and Online Fraud” at the 16th Sabah 2024 ICT Seminar titled Cybersecurity in the Age of Digital Transformation” hosted by the Malaysian Cocoa Board at Raia Hotel, recently.
ADVERTISEMENT "Cyber-attacks often precede or accompany physical conflicts. We have seen spikes in digital assaults during periods of political tension or significant events,” he said, recounting past incidents where diplomatic missteps led to retaliatory cyber-attacks, resulting in website defacements and service disruptions. The Covid-19 pandemic, while devastating in many ways, served as a catalyst for technological adoption,” he said.
“It accelerated our embrace of digital solutions by up to five years, forcing us to rapidly adapt to remote work and online collaboration tools.”
He said the accelerated digital transformation came at a cost and the expanded cyber space resulting from this shift has opened new avenues for cybercriminals to exploit.
“Our attack surface has grown exponentially and with it the sophistication and frequency of cyber-attacks,” he said.
ADVERTISEMENT
To stress the global nature of cyber threats, he cited the Norse Attack Map, a real-time visualisation of cyber-attacks occurring worldwide. This tool provides a stark representation of the constant barrage of digital assaults taking place every second across the globe,” he said.
Perhaps the most concerning development in cybersecurity, according to Alvian, is the rise of AI-powered threats.
ADVERTISEMENT
“AI is a double-edged sword. While it offers immense potential for improving our defences, it also provides new tools for malicious actors.
“In the past, creating a virus required extensive programming knowledge. Now, with AI tools, anyone can simply describe the desired outcome and the AI can generate the necessary code. This democratization of cyber weapons is a game-changer,” he said.
“We’re not just dealing with skilled hackers anymore. AI could potentially turn a novice into a significant threat.”
He said ransomware is among various types of cyber attacks that is persistent and evolving threat.
“Ransomware is like a digital hostage situation. It encrypts victims’ data and demands payment for its release.
“Imagine a ransomware attack that uses AI to analyse a company’s financial records and set a ransom amount they’re likely to pay. That is the kind of threat we need to prepare for,” he said. We can’t afford to be complacent. Our team frequently undergoes additional training and certification to combat new attack vectors, especially those powered by AI.
“Declaring that a system is unhackable often serves as an open invitation for attackers to prove otherwise. In cybersecurity, humility and vigilance are key,” he said.
He said effective cybersecurity requires collaboration between government agencies and the private sector.
“Cyber threats don’t respect borders or sectors. We need a unified approach to defence.
“We need to attract and retain top talent in this field. The defenders need to be as innovative and adaptable as the attackers.
“As AI becomes more prevalent in this space, we need clear guidelines to ensure it’s used responsibly. We are entering an era where AI will be central to both attack and defence strategies. Organizations that fail to adapt to this new reality risk being left vulnerable. With the right approach, we can harness the power of AI to create more robust, adaptive defence systems. The key is to stay informed, remain vigilant and never stop learning,” he said.
As we continue to reap the benefits of our increasingly interconnected digital world, we must also reckon with its risks.
“The rise of AI-powered cyber threats represents a new frontier in digital security, one that will require unprecedented levels of innovation, collaboration and adaptability to navigate successfully.
“The future of cybersecurity will be shaped not just by the threats we face, but by how we choose to meet them. In this high-stakes digital arms race, staying ahead of the curve is not just an advantage – it’s a necessity,” he said.
Meanwhile, Information Technology Learning and Technology Development Studies Centre (Imatec) Bukit Kiara Intan Chief Assistant Senior Director Azizah Mohamad Bee said human error is the weakest link in cybersecurity.
“A total of 95 per cent of cybersecurity breaches are attributed to human error, with 90 per cent of data breaches occurring through email, primarily via phishing attacks,” she said at her talk “Human Factors in Cybersecurity”.
Azizah said cybersecurity is not just an IT department’s responsibility. It involves every individual in an organization and society at large. She said three key aspects of human factors contributes to cyber vulnerabilities, namely behaviour, decision-making processes and lack of awareness.
“Routine behaviours and emotional states could be exploited by cybercriminals, making individuals more susceptible to attacks,” she said. Citing her point, she pointed out several high-profile data breaches, including those at Yahoo, Capital One and Mariott.
“These cases shows how human errors, oversight and delayed responses could lead to massive security failures affecting millions of users worldwide,” she said.
She said the Malaysian government has introduced the Digital Literacy Assessment Programme for civil servants which aims to evaluate and improve digital competency across all levels of public service.
“As government services move towards end-to-end digital solutions, it’s crucial that all civil servants, not just IT staff, have a solid understanding of digital security,” Azizah said. She said cybercriminals employ social engineering tactics to fool people.
“These attacks exploit human psychology and emotions, often creating a sense of urgency or playing on people’s trust.
“Questioning suspicious communications and verifying sources before taking action is one way to recognise and avoid such attacks.
“Another way is also to use complex passwords of at least 12 characters that are not easily guessable information. A simple password can be cracked in just three seconds; thus, it is important to have a robust password management,” she said.
“Modern scams have grown sophisticated and to avoid such traps, we should always check domain registration dates and be wary of too-good-to-true offers.
“We need to have ongoing education and awareness programmes to strengthen the human element in digital security,” she said.
Universiti Malaysia Sabah Chief Data and Artificial Intelligence Centre Data and AI Chief Officer Dr. Farashazillah Yahya, said there is staggering volume of data generated daily, noting that the world now deals with zettabytes of information.
“With the advent of digitalization, data has become the new oil, the most valuable asset, and the future commodity,” she said.
“The pervasiveness of data generation that an average WhatsApp user send is about 50 texts per day, generating approximately 50 kilobytes of data.
“Video content is responsible for over half of global data traffic,” she said.
Farashazillah stressed the importance of understanding personal data, defining it as any information that can identify an individual. This includes basic details like name and age, as well as more sensitive information such as ethnic origin, medical records and biometric data. A significant portion of the presentation focused on the controversial aspect of online behaviour being considered personal data,” she said.
She said e-commerce platforms like Shopee analyse user behaviour, including idle time on product pages, to generate personalized recommendations.There is also the concern of smartphones “eavesdropping” on conversations to serve targeted advertisements. This capability is often unknowingly enabled by users when setting up their devices,” she said.
She said that privacy is a fundamental human right, referencing the General Data Protection Regulation.
“Individuals should have control over their personal information and the ability to protect their thoughts and expressions from algorithmic influence.
“Malaysia’s Personal Data Protection Act 2010, covers personal data in commercial transactions, it does not however apply to Federal and State governments or data processed outside Malaysia.
She said recent data breaches, both globally and in Malaysia, with telecommunications companies being particularly vulnerable.
Stay up-to-date by following Daily Express’s Telegram channel.
Daily Express Malaysia
“Having a robust data security measures and employee training to mitigate these risks is therefore important.
“The emergence of technologies in data protection, including AI and blockchain can be used for data surveillance and prediction, while blockchain technology can enhance data security by distributing information across networks,” she said.