UUM ONLINE: Recently Malaysians were shocked by the suspension of the SAPS website (online school exam analysis system) as the site was hacked by irresponsible parties.
An attack known as "SQL Injection" was believed to have comprised the data of 4.9 million primary and secondary school students in Malaysia to hackers. This, of course, has become something of a concern especially with regard to the personal details of parents of the students which also run the risk of being exposed.
The fact remains that this is not the first occurrence of hacking attacks on computer systems. In fact, hacking is an attack that threatens various organisations and individuals around the world.
In the United States, massive hacking attacks had been launched in 2015 and 2017 by militant movements that advocate pro-Islamic messages, resulting in the disclosure of personal data of over 20 million people.
The same situation occurred in the United Kingdom in May 2017 when a virus called "WannaCry” attacked the National Health Service (NHS).
The attack was considered the largest cyber-attack in the history of the United Kingdom, as hundreds of healthcare providers had been impacted by the disclosure of their patient and family members' personal information.
In Malaysia alone, the website of the Malaysian Judiciary Body was hacked in 2010 due to the use of the sacred word "Allah" and the official website of the Royal Malaysian Police was also hacked in 2013.
The provision of Malaysian law which is applicable to hacking offenses is section 3 of the Computer Crime Act 1997. If found guilty, the offender can be imprisoned not exceeding 5 years, or fined not more than MYR50,000 or both.
In this context, Judge R.K. Nathan who presided over the Creative Purpose Sdn. Bhd. & Anor v. Integrated Trans Corporation Sdn Bhd , in which a decision was reached in 1997, defined "hacking" as "gaining access into a computer system (not of their own) in silence and in secrecy".
In other words, hacking itself means unauthorized access to another individual computer system. This provision has been applied to some hacking cases in Malaysia, as in 2015, an employee of cable television broadcasting company was once charged with accessing his employer's computer system for personal purpose.
Similarly, in the same year, a bank employee was charged with gaining access into a bank's computer system to obtain personal information of the bank's customers for the purpose of withdrawing a sum of money from the customer's account.
In facing the era of the Industrial Revolution 4.0 or better known as IR4.0 which promises a variety of advantages and opportunities, the government and the community must be aware of the challenges that come with this opportunity. Data is now within easy reach with just a few clicks of the computer. Even today, Internet data is easier to access through smartphones and tablets owned by people from all walks of life.
However, the convenience of retrieving data also means compromising oneself to the risk of hacking itself. Irresponsible party only has to wait in order to take advantage when we fail to take precautionary measures to protect our computer systems, or our existing control systems become weakened due to the rapid development of the Internet today.
Therefore, the government and society need to review cyber risk management strategies at their respective levels. We need to renew our risk control systems such as antivirus, cyber security software and firewall applications that are used, in line with the development of the cyber world.
The last thing we want is to pursue IR4.0 opportunities, but we forget to take into account the risks and challenges brought about by the revolution itself.
Translated by Mahaliza Mahadhir