Industry is playing catchup with newer threats: iProperty security interview


Cyber threats 

Credit: GraphicStock


  End user CIOs often share their cybersecurity 'war stories' at gatherings such as Computerworld's Security Summits. In conjunction with year's upcoming Summit in Kuala Lumpur (April 20 2017), I invited some of the guest speakers to participate in a 'rapidfire' interview and offer some overviews on the digital security challenges they are facing this year.

Nigel S. Rodrigues (photo below), IT Security, iProperty Group - Malaysia, introduces himself as follows:

Nigel Rodrigues - iProperty Malaysia

[NSR]  I have been involved with different IT domains over the past 12 years.
Prior to moving to Malaysia, I worked at a leading bank within the Middle East and managed their Network Security and later certain areas of Information Security primarily focusing on GRC related areas.

At the moment I work with a leading digital organisation that has a vast online presence and manage their IT Security. Some of the things that excites me about my current role is the working culture at the organisation, the amazing people here and something new to learn every day.
 What's your take on digital security this year?

My take on this isn't specifically for 2017; however I believe that given the pace at which technology is progressing; security is only trying to catch-up with newer threats. We are yet to focus on threats in areas such as IoT, Blockchains, AI, etc., which in my opinion, are areas that would grow. We should start working on understanding and securing them from the beginning.
In your own role, what security challenges are foremost in your mind?

 Given that technology is moving fast, I believe there would be two areas of challenge. One is filling the skills gap that the overall security industry is facing especially in newer tech areas and second being filling the knowledge gap between newer technology and security.

At the moment, I am working on a special interest group that focuses around security and technology; hopefully this will address some of those gaps.
How do you see the cybersecurity war today - are the 'good guys' becoming more organised?

Our next major war could very well be a cyber war or at least cyberwarfare may play a significant part in it.

As for the "bad guys" they are usually well funded and backed up. The "good guys" on the other hand, have limitations within which they need to work. Even though they are organised, these limitations hinders them.

What impact will the current operating environment - global and local economic conditions - have on your role?
As of today it would be difficult to say what could/would change given the global political scenario. (See - What's really in store for Malaysia's IT industry in 2017)

However, with the new addition of Digital Free Trade Zone (DFTZ) it would be great to see what tech changes would emerge locally. (Also see Jack Ma on DFTZ and Malaysia's Digital Economy plans here.)
What's your view on security as a business driver - not just an enabler?

This would really depend on the business we are operating or a particular industry vertical.

In general, security would be considered as an enabler rather than a driver though many a time vendors/manufacturers would try to sell security as a driver instead. In some businesses, security is more of a necessity to meet regulatory/compliance requirements. In terms of general strategy, we would have to assess the need/s first, identify if it is the right fit and alter strategy if required.
What's your security takeaway for business leaders and IT professionals at this time?

Though there always is a significant threat from external factors, we should be just as careful (if not more) with internal threats too. Internal threats (intentional and unintentional) are real, massively underestimated and could be devastating.

I believe information security awareness is the key here. If you educate people and make them aware of the security risks then you could possibly further reduce the risk via different tech tools and controls. The motivation between a state-driven attack and a commercial/criminal attack could be very different, hence a different approach should be sought for both scenarios; besides security shouldn't be a one size fits all.
The latest edition of this article is at Computerworld Malaysia.