Bots

#TECH: Human - the weakest link in cybersecurity

AS the Asia Pacific region collectively moves towards boosting economic recovery in the wake of the pandemic, and in line with the goals for digital transformation in a 5G era, it is increasingly crucial for all parties to come together to establish and promote common security standards, as well as build frameworks for risk management while advancing technology and economic development.

"Standards are important. Certainly, when it comes to 5G, mechanisms like NESAS come into play. But more than that, we need to look into joint collaborations to share information and threat intelligence… bottom line is, it is a joint effort," said CyberSecurity Malaysia's Head of Industry Engagement and Collaboration, Mohamed Anwer Mohamed Yusoff during Huawei's virtual first of four Asia-Pacific Cyber Security Salon sessions in the 2021 Cyber Security Salons.

At the Salon, the panellists also shared their views on cyber policies and best practices developed at both the industry and national level, in the spirit of regional collaboration.

Among others, the Network Equipment Security Assurance Scheme (NESAS) was highlighted as a key mechanism to facilitate collaboration and form a unified cyber security standard.

 

NESAS, which is a security assurance framework for the mobile industry, is now used and recognised across the globe, by industry leaders such as Huawei, as a security baseline, and includes common requirements for security evaluations of network equipment and assessment of equipment vendors.

But, according to Anwer, as standards are met, the threat of cyber security which is a global one. Yet, mitigation and defence mechanisms remain national, and at best, regional.

"How do we share our information? Like the pandemic, every nation comes together and shares information regarding their situations and findings all in the name of health, which helps other nations better understand the virus, the standard, the risks associated with the healthcare system, but why can't we do the same with cybersecurity?" questioned Anwer, calling everyone to join hands in the fight against cybersecurity.

As advances and evolution in technology demand more sophistication in how we tackle cyber threats, there is also a pressing need for a more closely aligned regional – and eventually, international – approach.

Despite all the advancements made in terms of technology and software in our battle against cybersecurity, Anwer who has decades of experience in cybersecurity said security breaches are most commonly caused by human error.

"Human, we are the weakest link in cyberspace and despite having awareness campaign, as the the cyberspace evolve, human error is still the biggest contributor to security breaches, still," he said, adding that the problem is global and not exclusive to Malaysia and that the current work-learn environment do contribute to the increase in cybersecurity threats in the country.

 HUMAN PROBLEM

In a separate virtual session with Huawei Technologies' Vice president for Cyber Security & Privacy, Mika Lauhde who was in the second session of the security salon panel chimed in with the same problem when it comes to global cybersecurity threats - the humans.

"Telecommunications industry in Malaysia indeed is very good but as the digitisation process is a really long journey, and although the advancement of technology in the telecommunication industry is good, everything needs to come together--businesses, governments and most importantly education.

 

"We at Huawei have been very transparent with our technology, but no matter how great a technology is, inclusivity remains as key. Having excellent technology is one but the weakness is in the people, humans. Education and knowledge sharing should include everyone from children in kindergarten to the highest government position, everyone is responsible for cybersecurity," said Lauhde.

In his answer during an interview session held after the panel discussion, Anwer shared one of the most common breaches are made from mobile devices.

"Mobile devices make it convenient for us to get our things done. Take the smartphone for instance,  we practically complete daily errands from banking to shopping to filling up forms, even our e-wallet is on our mobile phones but it is heartbreaking to see many still don't know the basics of cybersecurity. We still see people completing their banking transaction on public wifi, which is a big NO in cybersecurity.

"Despite numerous awareness campaigns conducted to all levels of the society, seeing this sort of situation happening is frustrating. These people are opening themselves to cyber threats," said Anwer.

On the same note, Lauhde also reminded members of the public to constantly keep tabs on what is in our phones to minimise cyber threats.

"Always, always keep your phone updated - with the maker's update as well as operators too to keep it safe. It is common for operators to vet potential threats.

"Next, mobile applications. Please keep only what you need. Remove unnecessary apps. Yes, we need quite a number of apps nowadays but we don't need every single one of the apps available, do we?" said Lauhde adding that "...having too many apps could increase the chance of getting your devices compromised because we never know exactly what each app collects and what sort of system they are running".

"Also, please don't activate location for all apps too because that too could pose threats to your cyber health."

 

Sharing his set of advice, Anwer suggested that everyone should be vigilant and follow the same 'healthcare' regime in fighting the Covid-19 pandemic as recommended.

"Wearing masks -- having security softwares is like wearing masks, it gives that extra layer of security for your devices. And now, double masking. It doesn't hurt to have multiple protections for your devices too.

"Wash hands - keep a very good cyber hygiene routine to make sure your device is protected from attacks.

"Social distancing -- Try to avoid 'busy' places like the public wifi because it is one of the many ways cybercriminals find connections to infect your devices," said Anwer.

Most Popular
Related Article
Says Stories