By: Sonny Zulhuda
One week at the end of the month of October, information security practitioners, auditors, managers and academia gathered in Kuala Lumpur Convention Center (KLCC) for a series of seminars, conferences and showcase on cyber-security. This annual event, held between 25-29 OCtober 2010 was named “The Cyber Security Malaysia Awards, Conference and Exhibition (CSM-ACE 2010)”, was mainly organised by Cyber Security Malaysia, a agency under the Ministry of Science, Technology and Innovation, Malaysia.
I was privileged to have been invited as co-speaker together with my colleague Prof. Dr. Ida Madieha from AIKOL in one of their Satellite Forum entitled “The Digital Forensics Forum (for Academicians and Researchers)” on Thursday, 28 October 2010.
The forum which was attended by around 50 people was dominated by discussion on digital and computer forensic from info-security and technical perspective. Eventually we were the only speakers who spoke on non-technical issue, i.e. the ideal legal system to curb cybercrime.
We highlighted the Forum that the current sophistication of cyber-crime incidents is mainly exaggerated (instead of triggered) by three factors, namely the abundance of electronic and digital data, the popularity of social networking media, and the increasing public reliance on critical information infrastructure.
This has been well supported by the latest data we got from Sophos Security Threat Report (Mid year 2010) that lists cyber-war, cyber-terror, social network attacks, and data leak among the most prevalent computer security threats.
Having showed the current trends of the security threats, the discussion on the legal system, especially that in Malaysia, followed. Along this line, it is arguably critical to re-map our legal system more comprehensively to re-identify laws that would be able to help address cyber-crime issues — and this includes reviving even old-laws (or “Dinosaur laws”) that have been arguably under-utilized when it comes to addressing cyber-crime and cyber-security attacks.
We also argued that addressing (i.e. enforcing and preventing) cyber-crime requires a more serious concerted effort that involves various layers in the community: regulators, law enforcers, industries, service providers, banks, schools, cyber-centers and family institution. Only with this agenda being seriously and systematically upheld, cyber-criminals would at least feel that Malaysia is no longer a heaven for them — where wrongs are not duly rectified, offences punished, and losses compensated.