Despite the government’s announcement to conduct a cybersecurity audit on their websites 5 months ago, it was reported that at least 90 government websites are still considered as “not secure”.
According to Malaysiakini, at least 175 of nearly 700 government websites were “not secure” in late July this year and experts had warned of possible personal data breaches and other cybersecurity risks.
The report also pointed out that websites are identified as “not secure” when the URL begins with “HTTP” instead of “HTTPS”.
It had been 5 months since the Malaysian Communications and Multimedia Commission (MCMC) said that they will conduct a cybersecurity audit, but when Malaysiakini reviewed the websites again on 28 December, it is found that the security status of 90 websites had not changed.
The website includes the Enforcement Agency Integrity Commission (EAIC), the Public Complaints Bureau of the Prime Minister’s Office, Istana Budaya, Kuala Lumpur Hospital and various state local council websites.
Of the 90 websites, 8 of them, such as the Kedah state government portal and Shah Alam City Council (MBSA), still contain malicious elements, phishing and spam attacks, based on analysis results on Virustotal, an online tool for malware detection.
Nonetheless, 6 websites, which included the Sultan Ismail Hospital website, the National Hydraulic Research Institute (NAHRIM) and the Sabah Federal Secretary’s Office (PSUP Sabah), are no longer accessible.
Meanwhile, there is progress taken by the government to upgrade the security status of their websites too. It was reported that 76 websites were being upgraded from HTTP to HTTPS and at the same time, had spam and malicious elements removed from these websites.
The website includes Istana Negara, the Ministry of Defense, and the Covid-19 Malaysia monitoring site.
The URLs of some websites have been changed to reflect the enhanced security status. These include the MySMS portal, the Institute of Rural Development (INFRA), the Department of Biosafety (JBK), and several district councils in Terengganu and Sabah.
On the other hand, some websites have been upgraded to HTTPS, but visitors to HTTP websites are not redirected to HTTPS sites.
The websites include the Anti-Doping Agency (Adamas), the National Youth and Sports Department (JBSN), the Kuala Terengganu City Council (MBKT) and the Federal Territory Sports Council (MSWP).