Malaysia’s cybersecurity landscape has been marred by a series of alarming incidents in recent times. Last year, the nation faced multiple cyber attacks, including the theft of 22.5 million personal records from a national registry and a payment gateway data breach. Additionally, hackers infiltrated a payslip system, pilfering nearly two million payslips and tax forms, amounting to a staggering 188.75 gigabytes of data. More recently, an insurance group confirmed that two of its local subsidiaries fell victim to the MOVEit zero-day vulnerability exploit.
In November 2020, reports surfaced of a data breach allegedly affecting the EC’s database, exposing the personal details of 800,000 voters. While the allegations remain unproven, such incidents, along with other data breach concerns, emphasize the pressing need to address cyber risks before the upcoming state election commences.
The impending state election presents a golden opportunity for cybercriminals to tailor their attack methods based on political campaigns, platforms, candidates, and voters’ behaviors. Three primary types of attacks may affect this period:
- Cyber Hacktivism: Attackers aim to influence or deter political groups or messages. Advances in AI have enabled the creation of deepfake videos, which are used to smear candidates, disseminate unethical propaganda, and spread fake news.
- Traditional Cyberattacks: Perpetrators seek financial gain through stolen data, typically employing URL phishing and SMS phishing techniques, emphasizing the need for robust endpoint protection and heightened security awareness.
- Identity Theft: With national identities available on the dark web, malicious actors can easily purchase and misuse personal information, posing a significant threat to state election campaigns.
To ensure a cyber-safe election period, several solutions and recommendations can be implemented:
- Improve Response Times with Analytics and Automation: The system must possess agility and advanced capabilities to detect and prevent the latest malware and exploits within minutes across networks, clouds, and endpoints.
- Enforce Zero Trust Network Access (ZTNA) 2.0: A framework where all users are denied network access by default. This approach secures every part of the access route with powerful next-generation tools, limiting the attack surface and verifying continuous trust and security inspection.
- Protect Critical Endpoints: Critical devices storing voters’ data must receive additional protection, implementing a multi-method approach to block various types of attacks, such as exploits, ransomware, and malware.
Additionally, prospective voters should take proactive steps to safeguard themselves against cyberattacks:
- Think Before Clicking: Refrain from clicking on embedded links within suspicious emails.
- Watch Out for Scare Tactics: Be cautious of phishers employing scare tactics to obtain personal information.
- Ignore Unprofessional Emails: Be wary of personalized fraudulent emails lacking specific transaction or account references.
- Go Directly to the Source: Avoid sharing confidential information in response to unsolicited emails or SMS.
- Beef Up Security: Adopt an automated, prevention-first, platform approach to cybersecurity to thwart attempted attacks.
As the State Election approaches, cybersecurity must become a top priority for political parties, candidates, the government, and prospective voters alike. Cybercriminals are opportunistic and willing to exploit vulnerabilities from all angles. It is imperative that everyone takes decisive actions to secure their data and embrace cyber-safe practices. By implementing robust cybersecurity measures, we can confidently prepare for this historic period in the country’s history.