Skip to main content

Advertisement

Advertisement

Governments should be more transparent in use of malware for investigations

SINGAPORE — Governments should be more transparent in their use of hacking software for criminal investigations, and countries should also have laws that make it compulsory for companies to inform customers when their data has been stolen, said a Finnish cybersecurity expert today.

SINGAPORE — Governments should be more transparent in their use of hacking software for criminal investigations, and countries should also have laws that make it compulsory for companies to inform customers when their data has been stolen, said a Finnish cybersecurity expert today.

Speaking at the inaugural Data Privacy Asia conference, Mr Mikko Hypponen felt the main issue of governments using malware is the lack of transparency. Citizens deserve to know, said the chief research officer of F-Secure, an anti-virus, cloud content and computer security company based in Helsinki.

“We should know how successful investigations like this are,” he told reporters after giving a keynote address this morning (Aug 25). “If most of the people they infect (with malware) turn out to be innocent bystanders, then that’s a bad thing. But if most of them turn out to be criminals, then that’s a good thing. Right now, we don’t know which one it is.”

Governments could make public the success rate of investigations that involved infecting the computers of subjects, for instance.

Data privacy and protection as well as cyber security have grown in prominence, becoming a key issue faced by businesses and Asia is now responding to the growing need for regulation, said the conference’s lead organiser, Dr John Vong.

High-profile breaches recently include the hacking of Ashley Madison, a website for married people to have affairs. The IT system of an Italian company called Hacking Team was breached last month and the hackers posted documents showing over 30 countries that had supposedly bought hacking software from Hacking Team. Singapore’s Infocomm Development Authority was in the list; it did not respond to media queries sent today.

Mr Hypponen felt countries should follow the practices in the United States and Canada, which have laws to mandate companies to tell customers when their data has been stolen.

Also speaking today were Personal Data Protection Commission chairman Leong Keng Thai and Mr Wong Yu Han, director of strategy at the Cyber Security Agency of Singapore (CSA). Mr Leong said organisations need to recognise that only with good data governance can trust be gained. Data breaches should also be reported immediately so that the authorities can address them “appropriately”, he said.

Mr Wong said CSA works with sector regulators, and when attacks happen, with law enforcement agencies.

Read more of the latest in

Advertisement

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.