BANDAR SERI BEGAWAN – A total of 2,143 cybersecurity attacks were recorded in Brunei last year, signaling a lack of security awareness, said the head of the Brunei Computer Emergency Response Team (BruCERT).

Most of the data breaches in Brunei occurred due to poor ICT security infrastructure; failure to maintain up-to-date systems; and misuse of privileges.

Most breaches were also personal in nature, such hacking into users’ email or Facebook accounts, said BruCERT head Hj Mas Zuraime Hj Abdul Hamid.

Private companies and government agencies experienced similar problems, with user emails hacked because passwords are easy to guess, or third parties have access to the passwords.

The types of cyberattacks in Brunei in 2017. Source: BruCERT

“Most  government agencies as well as companies use the latest technology in terms of ICT security. However the main problem is the ‘process’ and ‘people’ aspects of it,” Hj Mas Zuraime told The Scoop.

“They have the firewall but the configuration to check or update is either absent or lacking. [On an individual basis], we install anti-virus programmes [on our devices] but when it’s time to update, we just ignore it.”

Be wary of what you share online

Privacy, specifically data privacy, is so important in the social media age where everything can be shared almost instantaneously.

“Netizens must be aware of the limits on what is shareable,” Hj Mas Zuraime stressed.

This will reduce chances of any malicious parties being able to obtain user data for identity theft or profiling, which can lead to more sinister activities.

“There are various ways of stealing people’s data, via dumpster diving or sending phishing emails that include malware or a link pointing to a malicious site.”

Data breaches can also happen when physical media or electronic devices go missing or are stolen, such as portable hard drives, credit cards, laptops and smartphones.

“Digital data breaches can take the form of unauthorised access to a network or ICT infrastructure by ways of hacking, phishing, malware or scam,” said the BruCERT head.

“Data exfiltration can also occur with the help of disgruntled insiders. More sophisticated data breaches would involve criminal gangs and state actors.”

He added that said a person with malicious intent could easily profit from stolen data.

“For example, credit card details could be used to perform online transactions; login credentials can be used to access confidential information.

“[Hacking into] your email or social media account can also be used to impersonate you, or used for blackmail. Hijacking a social media account with millions of followers can be used to sway public opinion on a subject of interest,” he added. 

Any cybersecurity incidents can be reported to BruCERT through their  hotline 2458001 or via e-mail.