In just October itself I was involved in two major cybersecurity related events.First I was in Singapore for the ASEAN Ministerial Conference on Cybersecurity during its Singapore International Cyber Week. Last week, CyberSecurity Malaysia, our very own national cybersecurity specialist agency, held its annual highly anticipated Cyber Security Malaysia Awards, Conference and Exhibition event.
I gave a keynote during the Singapore International Cyber Week on 12th October.
This public-private partnership driven event attracted over a thousand participants.
Importantly, we want to recognise individuals and organisations that have made significant contributions in this industry.
Malaysia’s transformation towards a Digital Economy is happening at such a rapid pace that our Prime Minister Datuk Seri Najib Tun Razak recently announced that 2017 would be “the year of the Internet economy.”
Ironically, our increasing reliance on digital technologies also makes us more vulnerable to cybercriminals who seek to exploit them for malicious purposes.
This literally is virtual theft.
Digital technologies can help criminals steal intellectual property, commit online fraud or destroy critical information infrastructure.
The consequences of a cyber-attack vary from minor inconveniences to major disruptions.
We are inundated almost daily by news about large-scale cyber-attacks on government facilities, global banking systems and businesses, causing losses running into billions.
Just over a week ago for example, Internet performance management company Dyn was the target of a massive cyberattack, where possibly 100,000 connected devices like laptops, phones and printers were hijacked and caused Internet disruption to millions.
Financial services, which are the backbone of trade and e-commerce, continue to remain high on cyber criminals’ hit list.
An attack was launched in 2015 by cyber criminals against Ecuadorian Banco del Austro and caused financial losses of US$12 million; while Vietnam’s Tien Phong Bank thwarted a cyber-attack via fraudulent SWIFT messages, which could have incurred losses up to 1 million euros.
Criminals are also targeting the information-rich healthcare sector where the individual’s personal information, credit information, medical and insurance records are all conveniently accessible at one location.
Last year alone, over 100 million healthcare records were compromised, according to IBM’s “2016 Cyber Security Intelligence Index.” Hackers would eventually find their way either into our systems or into our networks.
Hence the theme “Cyber Resilience” was chosen for the recent cybersecurity conference.
An organisation’s ability to identify and respond to security breaches would become a critical survival trait in the Internet economy, especially for online businesses, which is already ubiquitous at the moment.
Cyber resilience encompasses cyber security and business resilience.
An organisation has to adapt to changing conditions, resist and recover quickly from interference, while doing “business as usual”. Essentially this concept combines information security, business continuity and organisational resilience.
While many cyber security threats are caused by malicious cybercriminal activities or human errors and weaknesses, some are linked to natural disasters such as earthquake, fire or massive flooding. Such events often cripple the physical critical infrastructure such as data centers and telecommunication networks upon which the cyber ecosystem depends.
Hence cyber resilience considers not only the confidentiality and integrity of information, but also its availability especially during natural disasters.
Organisations in Malaysia need to constantly assess its cyber security posture.
Cyber-resilient organisations need to cultivate exceptional resilience leadership, culture, networks and change readiness to create a sustainable advantage over cyber criminals.
CyberSecurity Malaysia urges Malaysian organisations to procure international standard MS ISO/IEC 27001, which details implementation of an information security management system (ISMS).
Recognising that effective cyber security is not merely a technological issue, MS ISO/IEC 27001 involves addressing the culture and people, advocating a cohesive approach towards information security.
ISMS certification ensures that security efforts across an organisation are coordinated and its information systems remain safe in the face of security breach.
Like I have always promoted compliance with standards, achieving ISO 27001 would also reassure customers, suppliers, shareholders and stakeholders that the organisation is following international best-practice guidelines.
Governments and major organisations are taking a leading role in establishing the policy and practice frameworks to develop resilient cyber ecosystems.
CyberSecurity Malaysia has been pressing for more stringent certification in ICT products via Common Criteria certification.
Internationally, CyberSecurity Malaysia has been working closely with Asia Pacific Computer Emergency Response Team (APCERT) and Organisation of Islamic Cooperation – Computer Emergency Response Team (OIC-CERT) to foster greater collaboration and enhance mutual cyber security capabilities.
By increasing our cyber resilience, I hope that Malaysians would be more aware of how to safeguard themselves from online crime, to protect their personal data and thus, less likely to suffer financial losses caused by cyberattack.
To be at the forefront of cyber resilience, our universities must produce more outstanding graduates in the field of ethical hacking and forensic.
I laud the government’s initiative through the Public Service Department in allocating public scholarships for digital technology-related courses.
We need to grow, nurture and retain these skills in Malaysia so that we achieve our goal of generating 10,000 cyber professionals in four years’ time to effectively prevent or deal with cyber crime.
To recapitulate, our digital infrastructure is constantly under attack. To visualise cyberattack, imagine our smartphones, computers, government facilities, systems in banks and hospitals struck by virtual weapons unceasingly.
We need to be on our guard and take steps to minimise these risks so that Malaysia becomes a cyber resilient place to live, work and do business.
We can no longer take for granted that one can defend against any potential cyber-attack.
Cyber resilience is about being able to prepare for, endure, swiftly recover and learn from deliberate attacks in the Internet world.
Effective cyber resilience is vital if we are to maximise the opportunities for all Malaysians to safely reap the rich benefits offered by the Internet economy.