BANDAR SERI BEGAWAN – Brunei has recorded a 39 percent surge in cyber attacks in 2018, prompting the head of Brunei Computer Emergency Response Team (BruCERT) to call for the strengthening of the country’s cybersecurity to achieve its ‘Smart Nation’ plans.

Hj Mas Zuraime Hj Abdul Hamid said BruCERT, which deals with cybersecurity threats, reported 2,976 cyber attacks in 2018 compared to 2,143 cases in the previous year.

The BruCERT chief was speaking to reporters on the sidelines of the Centre For Islamic Banking, Finance And Management’s (CIBFM) Cybersecurity 2020 Seminar at The Rizqun International Hotel on Thursday.

Hj Mas said malicious logic or malware; non-compliance activity and user level intrusion continue to be the three most common types of cyber attacks.

“Cyber attacks have increased in the last 20 to 30 years but it doesn’t mean that Brunei is specifically targeted,” he said, adding that 2019 figures will be disclosed soon.

The head of BruCERT said virus and malware can easily spread with the advent of Internet-of-Things (IoT) and increased connectivity.

“In Brunei, there are high (number of) scams where cyber criminals target citizens in sharing their confidential information,” he added.

A breakdown of the types of cyber attacks in Brunei in 2018. Source: Asia Pacific Computer Emergency Response Team

Hj Mas said Brunei needs to be cyber safe and have good “cyber hygiene” especially as the government wants to improve its rankings among ASEAN member states in the Global Cybersecurity Index. 

Cyber hygiene relates to the practices and precautions users take with the aim of keeping sensitive data organised, safe, and secure from theft and outside attacks. 

A draft of the Digital Economy Master Plan framework — which aims to transform Brunei into a smart nation — is expected to be launched by the first quarter of this year. 

Hj Mas said the ongoing establishment of a national cyber security agency and drafting of new cyber security laws would allow for better inter-collaboration among Brunei major cyber security services, rather than working in silo.

The Ministry of Transport and Infocommunications (MTIC) had announced the upcoming establishment of the Cyber Security Brunei (CSB) agency in January.

CSB will comprise the country’s major cyber security services – Cyberwatch, National Digital Forensic Laboratory and BruCERT.

The three services are operated and run by IT Protective Security Sdn Bhd, in collaboration with the Internal Security Department as an interim cyber security centre.

Hj Mas added that the new agency and cyber security laws would allow security services to investigate cases and protect Brunei’s critical information infrastructure.

Critical information infrastructure is defined as systems that are so vital to a nation that their incapacity or destruction would have a debilitating effect on national security, the economy, or public health and safety.

Hjh Sufinah Hj Sahat, acting assistant managing director of Autoriti Monetari Brunei Darussalam (AMBD), said the central bank reported three cybersecurity incidents during a sharing session, ‘The Tech Supervisor’, in June 2019.

The incidents involved credit card fraud using bank identification attack; web browser tampering and isolated malware infection along with a near miss incident involving phishing emails that used spoofing and impersonation techniques to trick employees.

Hjh Sufinah, who is also acting CEO of CIBFM, said technology and artificial intelligence have become the next platform for success with the advent of Industrial 4.0, but cybersecurity must come hand-in-hand with its development.

“As technology continues to advance, so too does the creativity of cyber attacks and threats, hence we must be able to consistently implement the latest solutions to avoid any compromising and detrimental situation that are not only costly but potentially dangerous to both the individual and nation,” she added.