Photo (GraphicStock) - cybersecurity business
High on the discussion agenda in this year's Kuala Lumpur leg of the Computerworld Security summit (April 2017) may be to probe the case for security adoption as a business driver as well as an enabler.
With this in mind and to continue Computerworld Malaysia's inaugural security roundup, I asked for some insights from Wan Murdani Wan Mohamad, who is Director, Digital Enablement, of national ICT agency MDEC (Malaysia Digital Economy Corporation). This is also in conjunction with the recent industry prediction feature (What's really In store for Malaysia's IT industry in 2017) and the in depth interviews with MDEC's chief executive officer Dato' Yasmin Mahmood.
As he had recently participated in Computerworld an in-depth view of Malaysia's data centre and managed services industry, I adopted the same wide ranging set of questions in the following 'rapidfire' format.
Photo - Ir. Wan Murdani Wan Mohamad, Director, Digital Enablement, Malaysia Digital Economy Corporation (MDEC)
Let's begin with an overview of your security 'fears' for the industry in Malaysia
[His responses to this questions have been condensed into the following points]
- In 2015, Malaysia witnessed more than 100,000 reports on cybersecurity. Moving forward, with security threats becoming more advanced and increasingly sophisticated, and based on 2016 trends, we expect that commercial fraud, ransomware and online scams will continue to be an issue in 2017.
- Furthermore, the 2016 Ponemon Cost of Data Breach Study revealed that the average consolidated total cost of a data breach has increased from U$3.8 million (RM16.7 million) to US$4 million (RM17.6 million). In addition, the average cost incurred for each lost or stolen record containing sensitive and confidential information has also increased from US$154 (RM677) to US$158 (RM695).
As Malaysia continues to adopt the Internet of Things (IoT), this also means that we need to be prepared to handle IoT enabled attacks, in addition to ransomware, online scams and frauds.
What's MDEC's role vis a vis security?
With the security sector having been identified as one of the key enablers to help realise Malaysia's 'Year of the Digital Economy' aspirations for 2017, there is an urgent need for us to safeguard the competitive advantages of Malaysia's digital economy. After all, the digital economy accounted for up to 17.8 percent of Malaysia's GDP in 2016.
As the lead agency mandated to drive the country's digital economy, MDEC is of course committed to ensuring that the cybersecurity industry is developed with innovative solutions and services to respond to the increasingly sophisticated cybersecurity threats that we face today.
To achieve this, we will be looking at ways to facilitate the adoption of best cybersecurity practices and to propose policy changes that will protect businesses that undergo digital transformation.
Furthermore, we will also be focusing on developing a highly-skilled cybersecurity workforce. We have introduced talent development programmes with short and long-term objectives [including bilateral agreements such as with the UK]. For the short term, we have put in place conversion programmes to produce top tier cybersecurity response teams. Whereas in the long term, MDEC will be working closely with the industry to support the national goal of achieving a strong workforce of 10,000 professionals to meet the ever-increasing demands of the cybersecurity industry.
Such initiatives are important as it will ensure that Malaysia continues to move forward to become the ICT hub for digital investments in the region and one that fulfils the increasing demands for security support and services in the fast-growing Asia Pacific (APAC) market.
What sort of security challenges do you feel business leaders face and what steps are you taking to overcome these?
According to CyberSecurity Malaysia [an agency under the Ministry of Science, Technology and Innovation (MOSTI)], Malaysian SMEs were 33 percent likely to be victims of cyberattacks, nearly 5 percent higher than businesses in other ASEAN countries - and this could mostly be due to their lack of awareness on information security.
In fact, the ESET Asia Cyber Savviness Report 2015 reaffirms the lack of awareness in Malaysia. It noted that while Malaysia is ranked as one of the most cyber-savvy nations in Asia, we are lacking when it comes to knowledge of cybersecurity.
Hence, it is important to raise awareness about cybersecurity. We must stress that everybody has a role to play when it comes to cybersecurity. Cybersecurity should not just be worried about by the CIOs or the IT division of an organisation, but rather, cybersecurity and staying protected should be a collective effort by everyone in the organisation. This is because, while an organisation may have the best form of cybersecurity to protect them, a single click by an unsuspecting employee could lead to dangerous repercussions.
Furthermore, as the world continues to become even more borderless and hyper-connected, cybersecurity should be viewed as a business enablement tool that accelerates the digital transformation of businesses in a highly-secured manner.
How do you see the current state of play in the cybersecurity war: are the 'good guys' becoming better organised?
With 150 new families of crypto ransomware out there, the 'good guys' need more than just being organised. There needs to be clear implementation strategies from all parties, both public and private to respond to this threats.
MDEC's focus for cybersecurity in 2017 very much boils down to strengthening the very ecosystem that enhances partnerships between the public and private sectors.
On that note, we are working towards establishing cooperation to enhance information sharing and cross-border collaboration of best practices with regional cybersecurity agencies.
A key example of the benefits of regional cooperation can be seen through MDEC's recent collaboration with the United Kingdom's Protection Group International (PGI). The partnership between MDEC and PGI will see the enactment of the UK-APAC Centre of Security Excellence, which is the first cybersecurity academy in APAC. Other areas of the partnership would be to generate awareness and strategies to regularly promote bilateral cybersecurity research and investment opportunities.
Additionally, CyberSecurity Malaysia has also partnered with CERT-India to promote information exchange on cybersecurity incident management, policies, and best practices. Such bilateral partnerships are key examples of how there is strength in strategic collaborations.
MDEC is also looking at ways to scale-up our capabilities and improve our knowledge base in providing cybersecurity solutions. We will be facilitating public and private partnerships by connecting foreign universities with cyber security companies based in Malaysia. In fact, in December 2016, MDEC facilitated the signing of the Memorandum of Understanding between three local cybersecurity companies and the University of Salford.
Moving forward, connecting local and global cybersecurity experts will be a key focus for us at MDEC. It is important that we continue to work together with our counterparts from the rest of the world to develop next generation cybersecurity solutions that protects both businesses and end-users.
Now, security adoption has been increasingly touted as a strategic business driver as well as enabler: what is your take on this?
Businesses do thrive in environments that are certain and assured, of course. While Malaysia benefits from a stable Government with strong socio-economic fundamentals, it is equally important to ensure that the country's I.T industry, including its infrastructure and policies, are devised to serve the best interests of businesses and the Rakyat.
Cybersecurity must be an inherent component in Malaysia's I.T industry and should be part and parcel of the country's value proposition as an ICT hub. A strong, well-developed infrastructure will attract investors, but it is the cybersecurity policies and initiatives that will seal the deal. Furthermore, having strong cybersecurity compliance and mature practices will add great value in positioning Malaysia as the future digital hub for the region.
Having strong cybersecurity will also certainly add a competitive edge to Malaysia's current offerings (geologically secure location that is free from natural disasters, high energy security due to the country's oil and gas reserves, competitive energy cost, the abundance of land and water supply and ready-to-use physical infrastructure).
It must be mentioned that we have and are making good progress in securing our I.T industry. In fact, the latest Global Cybersecurity Index Report, a study which measures a country's commitment to cybersecurity by analysing developments in five categories (Legal Measures, Technical Measures, Organizational Measures, Capacity Building and Cooperation) saw Malaysia ranked third globally and first in the Asia-Pacific region. Malaysia's high ranking in the Report is a testament of our commitment in ensuring our 'digital shorelines' are well-protected and safe.
What's your parting advice to business leaders and the industry in general?
We must reiterate again that cybersecurity is a concern that everyone must be aware of. While firewalls and complex security systems may be in place, a simple individual action can compromise the entire ecosystem which could lead to serious repercussions for a company and for an individual.
On our end, MDEC will be working closely with our partners, both local and foreign, to facilitate greater sharing of best practices and to spur cross-border exchange of knowledge to ensure that our digital industry is highly-protected and secure for both business and personal use. In fact, we are delighted that leading global cybersecurity organisations from the US, EU and the UK have chosen Malaysia as their operating base to serve the APAC region. This is indeed a testament of the potential that the country has in becoming a digital hub.
Moving forward, we, at MDEC, are committed towards giving people the peace of mind that Malaysia is a secure place to for e-commerce, data transmission and most importantly, a secure place for digital solutions. We will be working toward facilitating and promoting more cybersecurity programs that supports the development of the digital ecosystem. Ultimately, we seek to create a sustainable platform to attract more investments from local and global cybersecurity to Malaysia.
Our country's digital industry has achieved great success for the past 20 years with up to RM283 (US$63.57) billion worth of digital investments being poured into the country, and we, at MDEC, will be working towards ensuring this journey of success continues for many years to come.
The first version of this feature appeared on Computerworld Malaysia 6 March 2017.