Moving towards a proactive cybersecurity approach in Malaysia
As cybersecurity issues continue to be a major problem for businesses in Malaysia, more organizations are beginning to shift their focus towards a proactive approach to securing their business data and employees.
In fact, the biggest problem for most data breaches in the country is that companies often take a reactive approach toward cybersecurity. Simply put, unless a breach occurs for that organization, cybersecurity would not be a priority when it comes to investing in technologies and such.
These were the key points highlighted during the 2nd Cybersecurity and Threat Intelligence Summit 2022 held in Kuala Lumpur recently. Organized by 3Novex, the cybersecurity event was attended by nearly 200 C-level executives from both the public and private sectors, including the financial services and critical services industries in Malaysia.
Among the topics discussed included the importance of zero trust, addressing the need for cyber readiness with extended detection and response, the importance of keeping safe national data and data sovereignty as well as how identity security plays an important role in securing employees.
In his keynote address, Dato TS. Dr Haji Amirudin Abdul Wahab, CEO of CyberSecurity Malaysia highlighted the importance for businesses to consider threat intelligence as a means of improving their cybersecurity protection. This is in light of the increasing data breaches both private organizations and government agencies have been facing in recent months.
There were also two panel discussions which focused on the building blocks for a data breach as well as the future of threat intelligence. In the first panel discussion, the panellist all agreed that while data breaches are becoming rampant, there are still many areas organizations can look to secure. This includes ensuring there are sufficient threat detection and prevention methods in place and also being aware of where their data is stored and who is accessing them.
According to Philip Victor, Managing Director at Welchman Keen, who was part of the panelist, one way of avoiding breaches is by having a framework in place on how data is used and stored. He cited examples of how other countries in the Asia Pacific for example are now taking their citizens' data more seriously and ensuring they are well protected.
Echoing him was Dr Chalee Vorakulpipat, Head of Information Security Research Team National Electronics and Computer Technology Center (NECTEC) Thailand. He explained that in Thailand, the government has just introduced a data privacy act with security being the focus of it to ensure the data of Thai citizens are not compromised or used for wrong reasons.
Meisam Eslahi, Senior Director of Cybersecurity EC-Council Global Services Malaysia highlighted the concerns of undetected cyber attacks or Scope X. Scope X refers to any unknowns in an organization that we may not be fully aware of their risks or even their existence. And this is where a proactive approach to cybersecurity would be most suited for.
Meanwhile, the second-panel discussion which focused on the future of threat intelligence saw panelist Azril Rahim, Senior Cyberthreat Intelligence Management Tenaga Nasional Berhad Malaysia, suggest companies have a look at cybersecurity investment from an ESG perspective. With more organizations looking to improve their ESG approach, he feels that they should consider the benefits cybersecurity can provide to ESG, despite it only being a small percentage. That way, businesses can ensure securing their data as well as being committed to ESG.
With that said, all the panelists and attendees of the event came to the conclusion that cybersecurity is only going to continue to be a big problem in the country. While a proactive cybersecurity approach may change the way organizations handle breaches and protect their employees, the reality is, that many feel that more also needs to be done by the government in ensuring businesses are accountable for their breaches.
As there may not be a one size fits all approach for all businesses when it comes to cybersecurity, the reactive approach has to begin somewhere and threat intelligence is a key component in making it possible.