BANDAR SERI BEGAWAN – Local companies must be better aware of their vulnerability to cyberattacks, said the head of the Brunei Computer Emergency Response Team (BruCERT). 

Some companies are specifically targeted due to the nature of the data they store. Some are targeted because their systems are vulnerable,” said Hj Mas Zuraime Abdul Hamid, head of the government’s lead agency for cybersecurity.

Since the formation of BruCERT in May 2004, Hj Mas Zuraime said it has received a number of reports from organisations affected by online security breaches, although he declined to disclose the figures.  

In recent years, several government ministries and a local news organisation have had their website hacked by cyber intruders.

“Hackers sometimes deface websites to let an organisation know that their websites are vulnerable,” said the BruCERT head. “Targeted attacks might also be supported by inside information from former or disgruntled employees.”

Even if the companies don’t incur financial loss from cyber intrusion, the incidents can affect ICT infrastructure such as bandwidth, and negatively impact their brand.

 “If the organisation is customer-centric, a cybersecurity attack [can compromise] customers’ trust and confidence, affecting its overall reputation, image and brand,” Hj Mas Zuraime said.

While there are no dedicated laws governing data privacy and cybersecurity, he explained that there is legislation to help protect users’ information, such as the Computer Misuse Act, Electronic Transaction Order, Broadcasting Act, and the Penal Code.

In 2017, a total of 2,143 cybersecurity breaches were reported in Brunei, mostly of a personal nature, such as hacking into users’ email or Facebook accounts. The majority of intrusions were due to malicious software and “user-level intrusion”.

Types of cybersecurity attacks in Brunei in 2017. Source: BruCERT

BruCERT said most security breaches occur due to poor ICT security infrastructure; failure to maintain up-to-date systems; and misuse of privileges.

“BruCERT does not have the complete overview or situational awareness of the cyber landscape of Brunei quite yet,” Hj Mas Zuraime added.

He said that there is a need to strengthen security culture among local organisations and to train the workers to think proactively when it comes to cybersecurity.