It is undeniable that the Internet has a firm grip on almost every aspect of our daily activities. The Internet plays a critical role in the functioning of our nation. The importance of the Internet became more apparent with the onset of the Covid-19 pandemic.
The Internet plays a role in delivering financial services, transportation, education, entertainment, and many more. MyDIGITAL blueprint, launched by the Prime Minister earlier this year, represents the government’s aspirations to transform the nation into a digitally-driven, high-income country and be at the forefront of digital economy drive regionally.
One of the goals of MyDIGITAL is to drive e-government initiatives to deliver government services using digital and Internet technologies. These digitalization initiatives will profoundly affect all the stakeholders in the country as the government’s functions are intertwined with the businesses’ and rakyat’s activities, improving efficiency and productivity.
Currently, many government services have already been transformed into online services. The borderless nature of cyberspace allows cyberattacks to be carried with ease from anywhere in the world. Some of the risks of embracing e-government include data breaches, social engineering attacks, cloud vulnerabilities, ransomware, cyberattacks, break-ins, etc.
Using a list of government websites found on the Department of Statistics Malaysia (DoSM), a staggering number of almost 13,000 subdomains were found simply by using scraping techniques on Google searches. The number could be much higher if an active probing method is used.
Some of these domains might be abandoned, while others could be hosting services, such as web, email, file transfer, server access (ssh), database, or other custom services. When it comes to web services, there is a misconception that using “https” is sufficient, even though these sites might still be vulnerable to attacks and breaches.
Other more severe threats that need attention include authentication exploits, SQL injection, cross-site scripting, open redirection, outdated/unpatched technologies, and many more. Some of these vulnerabilities will allow hackers to break into the server and get into the organization’s network, allowing them to steal more data or disrupt the service delivery. This is only for web services, not to mention other services that need specific security assessment approaches.
A comprehensive assessment program that includes information gathering, penetration testing, service testing covering all government domains should be carried out at the soonest possible. The assessment outcome can then be used to “patch the hole” found in the online government services.
Many e-governments around the world have been hacked, and data breached. Solarwinds, cybersecurity for the US government has been hacked, and the personal data of many Americans were stolen. The government should take preemptive action to address potential cybersecurity issues by roping in cybersecurity experts to carry out a full assessment and audit of the government’s online services.
It is better to be secure than sorry!