This ex-FBI agent shares the no. 1 mistake Malaysians make online

Cyber-attacks and data leaks are nothing new in Malaysia and the world. In today’s day and age, personal data has become a valuable commodity; large corporations pay through the nose in order to get hold of consumer data, so imagine what cyberterrorists could stand to gain from it.

Even the government isn’t immune; in September 2022, a group of hackers, self-dubbed the ‘grey hats’, allegedly hacked into the government’s ePenyata Gaji system, and blackmailed top Malaysian government officials by threatening to sell their data.

But with the sophisticated tactics of hackers nowadays, do we even have a fighting chance? Well, we managed to sit down with ex-FBI agent and co-founder of Southeast Asian cybersecurity company Polaris Infosec, Tin T. Nguyen, who told us that, yes, we do. And protecting your online data is actually simpler than you think.

 

Tin T. Nguyen is a former US Marine and FBI agent who served in Afghanistan and Iraq

While most young boys only dream of being the action hero who takes down the bad guys, Tin actually went and lived it; he served in the US Marine Corps, taking part in two tours in Iraq and one in Afghanistan. And that’s not all; following his discharge from the Marines, he joined the FBI’s Counterterrorism Threat Response and Violent Gang Unit, becoming the primary case agent tasked with taking down one of America’s deadliest gangs, MS-13.

Being someone who hates seeing others taken advantage of, Tin wanted to continue serving the people after his 7-year FBI stint by joining Polaris in 2021. Fast forward to 2022, with Polaris having signed over 15 partners in Malaysia, Singapore, and Vietnam under Tin’s leadership, there’s probably no one better to ask about online security in this region. And he had some pretty interesting things to say on the subject, including the number one mistake that Malaysians make online, which is…

Using ‘lazy’ passwords, or using the same password for every online account

Ok, let’s be honest: we’ve all done this. But while it may seem like a really minor thing, Tin says it most definitely isn’t:

“People still use passwords like ‘password123’. Seriously. They don’t realize that that simple password can be hacked within seconds to minutes. And they use this password across all their accounts.” – Tin T. Nguyen

And according to Tin, if you think no one would bother hacking you because you’re just a regular small-time user, you’re dead wrong; Tin says that it’s actually small-time users and businesses who most often end up getting targeted:

“Cybersecurity applies to everybody. So even if you don’t have a website or have a business that uses websites, or social media, it still applies to you, because we still use email, we still use messaging devices, everyone has passwords. Also, hackers target small business and startups. Why? Because they know you have no security. So you’re easy targets.” – Tin T. Nguyen

But yeah, moral of the story? Mix up your passwords and make them as complex as possible (no less than 12 uppercase and lowercase characters, as well as special characters and numbers). Tin also suggests using a password manager app, and to NEVER write it down, whether it’s physically or on your computer.

With that being said, Tin tells us that Malaysia’s cybersecurity is actually pretty dahsyat compared to the rest of the region. As it turns out…

 

Malaysia ranks in the top 5 globally on the Global Cyber Security Index

Yes, believe it or not, cybertrooper-ing is not the only online thing we’re good at; Malaysia was recently tied with Russia and UAE for 5th place for highest commitment to cybersecurity. In fact, we actually scored no. 3 in 2014’s rankings.

“One of the best things about being in Malaysia is that as a whole, Malaysia is much more cyber aware.” – Tin T. Nguyen

(Oh btw, if you’re curious about who got no. 1, big surprise: it’s Singapore, of course.)

However, our high ranking on the index doesn’t mean that Malaysia is totally safe from cyber threats; it just means we’re more committed to cybersecurity as compared to, say, Cambodia or Laos, whom Tin says are on the lower end of the list and need a lot of work:

“Generally-speaking, the threats faced by Malaysians are not much different than other nations. They continue to do things like phishing, ransomware, DDOS or application attacks, some of the things you hear or read about in the news. Give or take, 30% of these attacks come from China, followed by, not surprisingly, the US.” – Tin T. Nguyen

Sounds technical, but to dumb it down in regular people language:

• phishing: attempting to steal your money by getting you to input sensitive information. Example: fake ‘bank’ emails asking for bank info.
• ransomware: locks your files and demands a ‘ransom’ fee to get them back. Example: WannaCry cyberattacks demanding Bitcoin in exchange for unlocking victims’ files.
• DDOS: ‘distributed denial-of-service’. Think of it as an online traffic jam; DDOS attacks disrupt a server by flooding it with traffic. Example: Launch day of the popular online game Overwatch 2 when many users couldn’t login due to jammed servers.
• application attacks: when cyber criminals gain access to unauthorized areas via vulnerabilities in an application’s code. Example: cross-site scripting (injecting malicious code onto a trusted app, which tricks the browser into allowing them to steal data, or worse).

But how do we defend ourselves against such attacks? Doesn’t it cost a lot of money to equip yourself with anti-hacking mechanisms? Well, if finances are your concern, Tin has some good news for you.

 

No, you don’t have to break the bank to secure your online data

Tin admits that yes, while there are cheap/free options out there, you do get what you pay for, and more sophisticated forms of cybersecurity will cost more. But for the average online user, Tin says it’s more important to do things that cost nothing. For starters, simply doing things like following basic fundamental practices (like the password thing from earlier) and training your team would be a solid base to build off of:

“You really don’t have to spend a whole lot of money on these things. That’s another misconception: people think it’s expensive, right? It’s really not. Because it takes no money to train people, it takes no money to build your policies and enforce those policies within your organization.” – Tin T. Nguyen

Basically what he’s saying is ‘something is better than nothing’. And while there’s no guarantee, in most, if not all cases, that ‘something’ could mean the difference between saving or losing your data. Because although Tin says there are ways to recover your data once it’s been stolen, it still depends on your preparation:

“I think the common sense saying is that the best offense is a good defense. The best way to prevent this is through proper preparation. And so, we try to focus on that, as opposed to the response.” – Tin T. Nguyen

Because cybersecurity is never a 100% guarantee, Tin says it’s extremely important to get educated, rather than rely on any one magic formula or software:

“Cybersecurity is a people problem, not a technological problem. You can have the best technology in the world, but if you don’t use it properly, or you’re lazy, you turn it off, or maybe you configure it improperly, you’re still gonna get hacked. Technology is just a resource, right? So, people, we lack training, we lack policies, enforcement, and so, people are the main focus for cybersecurity.” – Tin T. Nguyen

 

Everything is online now, and keeping your data safe is more important than ever

It probably goes without saying, but hey, we’re carrying computers in our pockets nowadays; just as thieves can steal our physical wallets, now it’s our e-wallets that are being targeted. And it’s not just at the individual level either; to give us a picture of how powerful a cyber attack could potentially be, Tin told us what a worst-case scenario for a whole country would look like:

“A worst-case scenario would be something that cripples and destroys critical infrastructure, such as energy, telecommunications… So if a hacker hacks into an energy company, and shuts down the power for an entire city, hospitals have no energy, emergency services can’t function.” – Tin T. Nguyen

And you know what that means: no wifi, and no House of the Dragon for you.

Jokes aside, it cannot be understated that cybersecurity is no longer a thing of the future, but a thing of the present. Sure, we might still be decades away from a Cyberpunk: 2077 level of technology, but we sure as heck are getting there:

“The rise of smart cities, smart homes, so everything is connected. Even your refrigerator connects to the internet. So, any system that connects to another system like that through, like, Bluetooth technology or whatever, is a risk.” – Tin T. Nguyen