Cyber fraud has been a global concern over the years, especially with the expansion of the digitalisation of economy and development of technology. Whilst both the advancement of technology and digitalisation of economy has proven its benefits to society, it also creates a prosperous environment for cybercriminals to thrive in, reaping its benefits of the vulnerable digital world. Malaysia has been making huge progress in the digitalisation of economy, including the evolution of e-commerce market and as such, Malaysia is vulnerable to cyber fraud threats and concerns.
The Statistics
Malaysia has become vulnerable to many cyber fraud incidents over the years, with no signs of the same slowing down. In 2022 alone, Malaysia suffered multiple large scale cyber-attacks which includes:
Ø Approximately 2.6million Carousell users (a popular online platform for second hand goods) from Malaysia and Singapore were victims of a data breach which involves the users’ usernames, full names, email addresses and phone numbers. Stolen data were reportedly sold online for US$1,000.00 (RM4,4000).
Ø Malaysian’s budget airline Malindo Air (now known as Batik Air) was vulnerable to a massive data breach involving 45 million customers’ personal data which includes email addresses, dates of birth, addresses, passport numbers and phone numbers. These personal data were revealed online by hackers who claimed to have gained access to the airline’s database in 2019.
Ø Leading payment gateway, iPay88 was a victim of a data breach attack where its customers’ card details were compromised.
Ø Malaysia’s popular budget airline, AirAsia, was hit by a ransomware in late 2022, jeopardising personal information of approximately 5 million passengers and staff. Early investigations show that the cyberattack on the airline’s server was caused by an unpermitted access into the system, which could have potentially caused a data leak.
Kaspersky, a cybersecurity company reported that Malaysia suffered a total of 195,032 payment system-related phishing activities in the first two quarters of 2022, with 108,755 in the first quarter and 86,277 in the second quarter.
In addition, it was also reported that the Ministry of Domestic Trade and Cost of Living (previously known as the Ministry of Domestic Trade and Consumer Affairs) received approximately 4,114 complaints regarding online scams as of 30 June 2022 and 24,018 complaints in respect to online fraud and electronic media scams from 2020 to middle February 2022, which resulted in losses amounting to RM21.7 million.
Causes & Challenges of Cyber Fraud
Despite the various past breaches and statistics that show Malaysia is in a dire situation in respect to cyber threats, it appears that these cyber threats are not being effectively controlled or prevented. It has become frequent to read about cyber fraud in the news, such as people falling into traps of online scams involving hefty money theft or companies attacked with a data breach, compromising large amount of consumers data. It is no doubt that addressing and combatting cyber fraud is a difficult task, especially when there are great challenges in the way. Here are some of the many causes and challenges faced in minimising cyber fraud cases:
1. Internet Usage – almost everywhere and anytime
Various justifications have been provided as to why cyber frauds are prevalent more than ever, one of the strongest and most obvious being the surge of internet usage in the daily lives of many with the digitalisation of economy, whether it is working, attending online classes, online banking, e-commerce shopping etc. This is more so during and after the global pandemic hit the lives of many, whereby internet was and currently is the primary focus for most of us to carry on with our daily routine.
2. Cyber attackers – getting smarter
Whilst the usage of internet surged and Malaysians continue to advance in the digital transformation journey, it has become apparent that cyber attackers are becoming proficient, skilled and resourceful in finding loopholes in the systems to continue their malicious activities. Users of the systems might never be as sophisticated as these attackers. Cyber attackers are also mastering the art of social engineering to impersonate authorities, whereby they manipulate their victims into revealing personal and confidential information. These often happens and victims do not realise the actuality of the situation until its too late.
3. Awareness – do we have it?
The surgency of internet usage and digitalisation of the economy cannot be the only blaming factors for the rise of cyber fraud in Malaysia. Cyber fraud can occur due to user’s lack of comprehension and awareness on cybersecurity issues and cybercrimes. For instance, despite cyber attackers becoming great social engineers, the victims usually disregard warning signs and logic, readily and unknowingly falling into the trap of these attackers. It has become clear that humans are hardwired to fall for scams. People can be easily duped by bogus sited and services due to their negligence. Unsuspecting victims would transfer huge amount of money to recipients whom they have never met or identify which cannot be verified for various reasons.
Even though public initiatives have been introduced to educate consumers on cyber fraud, evidently, Malaysia is still lacking when it comes to creating awareness on cyber threats among the general public. Therefore, it is prudent that users’ education and awareness needs to be focussed and amplified in Malaysia.
4. Poor Cyber Hygiene?
Poor cyber hygiene seems to be a rising issue, with individuals, companies and organisations pleading ignorance on potential cybersecurity risks that they might be vulnerable to. Cyber hygiene means a set of practices individuals, organisations and companies perform regularly to maintain the health and security of devices, networks, systems and data. Failing to upkeep cyber hygiene causes individuals, companies and organisations to be susceptible to various cyber attacks and security incidents, as evidently shown in various past cases. Failing to ensure the safety and security of the systems and networks as well as complying with best practices for ensuring the safety of confidential data are forms of poor cyber hygiene.
5. Cyber Fraud Investigations – are we equipped?
Even though the presence of criminal elements in cybercrimes, the investigations carried out for cybercrime investigations and physical-world criminal investigations can actually be different. Comparing both, the primary difference is the nature of evidence. The evidence in cybercrime investigations is mostly digital in nature. A cybercrime investigation is the process of investigating, analysing and recovering forensic data for digital evidence of a crime. As cybercrime investigations often require skills and knowledge on the cyber landscape, Malaysia currently lacks equipped manpower and updated technology to aid with the same, which often results in significant delays in these investigations. Further, the introduction of new technologies and innovations in the cyber landscape often leads to challenges in ensuring that adequate analytical and technical capabilities of law enforcement is kept-up to date.
6. Cyber attackers – who are they?
Further and a very common challenge, most of the cyber attackers are phantoms. As they usually work behind screens or phones, it is hard to identify them. Coupled with the lack of equipped law enforcement, identifying these cyber attackers are close to impossible, which can often lead cases to an unfortunate dead end.
Tackling Cyber Fraud Issues
As no man is an island, combatting the alarming rise of cyber fraud is a joint effort. Cyber fraud has reached a magnitude that is impossible for law-enforcement agencies to handle on their own. As everyone is vulnerable to threats of cyber fraud, individuals / system users, system owners, policy makers, and law-enforcement agencies play vital roles in ensuring that security measures are kept within the best efforts:
1. Increase the awareness and education on cybersecurity issues
Without saying, education and awareness are the key steps to solving problems. Being aware of cyber frauds in the country and even the world is prudent to minimise cyber-attacks.
Sometimes, it is as simple as not opening an attachment from an unknown sender, not clicking or downloading any links in spam emails or other messages from unidentified sources, being cautious of suspicious calls claiming to be from reputable institutions or not providing personal and confidential details to suspicious callers etc.
System owners, employers, law-enforcement agencies and policy makers should emphasise and provide prominent cyber security training / courses / seminars to the public / employees to equip them with skills to identify, manage and to even prevent cyber frauds. The government, through its various agencies, should take up the crucial role of empowering all levels of society to understand cyber security-related risks and challenges, as well as the necessary defensive measures needed for safer internet use.
2. Practice good cyber hygiene
Preventive is better than cure and there are proactive steps that can be taken to prevent cyber fraud or security issues which is practicing good cyber hygiene. This essentially means, but not limited to:
use strong passwords and ensure the passwords are changed regularly;
enable two-factor authentication to passwords to increase the layer of protection;
checking the authenticity of organisations in an unfamiliar e-mail;
perform data backups regularly, especially on important and confidential files;
setting up policies and ensuring that all software, devices and systems are up-to-date with security enhancements;
setting up policies and ensuring that all devices and systems are equipped with antivirus and malware protection software;
3. Updating and amending cyberlaws
Legislative efforts are pivotal in closing the gap between the law and evolution of new digital technologies. In order to adapt to the constant changing cyber landscape, existing legislations need to be enhanced or amended to effectively cater the legal challenges that we unfortunately face. With the enhancement or amendments of cyberlaws, adequate legal action can be taken against cyber criminals, hopefully deterring them from continuing their malicious activities as well as giving assurance to the public that there are sufficient updated laws to protect them from the same. Absence of such enhancement and amendments to the current cyberlaws can be detrimental to the safety of the public as well to the national security of the country. It will be as if no laws were ever in placed to combat these issues.
Conclusion
It is pivotal that high emphasis and focus on cyber fraud and other cybersecurity issues are made by various parties, mainly the enforcement authorities, governmental authorities, companies, organisations and the users themselves in the coming years to avoid Malaysia going downward spiral with a lowered chance of recovering. There might be a perception that the impact of cyber fraud may not be as heavy as other criminal activities, which can possibly lead to the lack of seriousness in addressing the same. However, cyber fraud is essentially digital theft, which can cause hefty financial losses to many if not confined. Every individual and collective effort is required and feigning ignorance at this stage is unaffordable.
Comments