Question

Volta is an international manufacturer of electric cars, and plans for a worldwide launch of its cars in 2020. Before doing so, Volta has asked you to advise it as to the general law on intellectual property. Secondly, Volta wishes to patent its (first in the world and novel) clean energy engine in Malaysia. Can it do so?

a) Advise how Volta specifically can patent its (first in the world and novel) clean energy engine. [10 marks]

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

You are the Head of IT Security at a financial institution in Malaysia. Due to the rise in cyber crime in recent years, you have been asked to prepare a plan of action to combat phishing (for online transaction services provided by the financial institution).

a) How can phishing affect the financial institution? [10 marks]

b) How can the financial institution clients avoid being affected by phishing? [10 marks]

Answer 1

Question a): How can phishing affect the financial Institution:

Various types of fraud and data breaches have taken the lead role in the headlines for several years now. Even so, the phenomenon of phishing scams is not as well known as are some of its other criminal counterparts.

phishing so insidious is that these attacks are so often impeccably disguised as originating from legitimate sources that people reflexively trust. Most of the time, phishing attacks come in the form of an email message from what appears to be a trusted business or financial institution. When an unwitting employee, manager or CEO clicks on a link within the message, they are either taken to a bogus website or, like it or not, begin downloading a harmful file or program.

In many cases, the crafters of these messages manipulate the emotions of their recipients, playing on fear, anxiety, greed and even happiness for the sole purpose of obtaining information or letting loose a cyber attack via the downloading of an attached file.

The standard phishing attack is sent in bulk; in fact, many of the people who receive the emails may not even be customers of the business or financial institution the perpetrators are impersonating. However, criminals have increased the efficiency of their attacks by initiating campaigns called spear phishing. This is a far more targeted offensive that is directed toward a specific group of people.

For example, your employees might be sent a spear phishing email that appears to come from you and others in leadership roles in your business. Worse still, today’s HTML emails enable bad actors to make the messages appear to be on your letterhead and in the standard company format to which your staff is accustomed.

Although stealing PII may be a juicy byproduct, spear fishers are usually after more high-value prizes such as access to your network credentials in preparation for an ongoing persistent attack. Recent news stories about ransomware fall into this category. In this kind of attack, a company’s data is essentially held hostage by the criminals, who refuse to release it unless the business pays a hefty ransom.

Question b): How can Financial Institution clients avoid being affected by phishing:

Your merchant payment processing company can provide a full array of tips and solutions that will help you avoid being the victim of a phishing scam, but there are steps you can take immediately as well. Educate your employees about what phishing is and how it works. Red flags include:

• Generic salutations such as “Dear sirs” or “to whom it may concern”
• Incorrect domain names
• Unfamiliar senders
• Unexpected email attachments
• Messages that seem designed to cause emotions in the receiver: pity, urgency, anger, etc.
• Emails that have executable file attachments with extensions such as exe, jar, com, scr, bat and msi

In addition, take the time to install security solutions into your network if you have not already done so. These precautions will help to protect your employees from their very human tendency to act without thinking in spite of being warned about the consequences.

Another way to limit your business’ risk is to ensure that your lines of communication are secure. One of the best ways is to encrypt all of the data flowing to or from your website via Secure Sockets Layer (SSL) protocols. Once this is installed, all of your data is made inaccessible to anyone who does not have the encryption key. In addition, you can be notified if it appears that someone was attempting to breach your security. With SSL in place, your customers will be alerted if they have clicked on an imposter site before they divulge any sensitive information.

Finally, it is vital that you constantly keep your ear to the ground when it comes to security. Make it a priority to update all of your security software whenever upgrades are released. Doing so will go a long way toward protecting you from the constantly evolving cyber threats being cooked up in the devious minds of criminals. When combined with training and educational tools, these security defenses just might save your business from a nasty attack, financial losses and even a blow to the reputation you have worked so hard to build.