Goh Chee Hoh, MD, Trend Micro Malaysia & Nascent Countries – Trend Micro

Trend Micro commentary on Anonymous Malaysia Threat

By Goh Chee Hoh, Managing Director, Trend Micro Malaysia and Nascent Countries

The recent alert from The National Cyber Security Agency (Nacsa) for government agencies to brace for a cyberattack from malicious players underscores the need to secure the nation’s data, IT infrastructure, and systems.

A potential attack on the systems that provide a gateway to sensitive and personally identifiable information (PII), as well as the nation’s infrastructure, will have far sweeping consequences, especially as we are grappling with the ongoing effects of COVID-19.

It is crucial for government agencies to stay vigilant, secure all vulnerable endpoints, and keep systems and applications patched and up to date, especially as employees may be working remotely. A few security best practices to keep in mind in an increasingly volatile threat environment include:

  • Ensure all hardware and software is patched. Any known vulnerabilities could be used to breach and attack the website. Tighten configurations and ensure regular updates and virtual patching for the host and network layer.
  • Use strong passwords. When there is a threat of attack, reset all critical users’ passwords. Default passwords should be replaced with robust credentials that include a mix of numbers, letters and special characters that cannot be easily guessed.
  • Zero Trust Policies. Apply zero trust protocols for users, especially those working remotely that have access to server farms. Deploy layered protection on server farms to tighten application controls.
  • Mind the human element. Ensure employees are up to date with the latest cybersecurity practices and comply with existing corporate security policies. Continuous training and education go a long way towards enhancing skills and knowledge to build a proficient workforce for the digital age.
  • Activate contingency plans and backups to minimize the potential losses of data and other information following an attack.