CYBERSECURITY Next Generation of Cybersecurity in the Digital Transformation Age
Digital transformation, or Dx, is a powerful business enabler that is impacting all industries, in all shapes and sizes, and is constantly pushing business leaders to fundamentally change their technology ecosystems and create innovative business models that adapt to changing business needs.
One of the key aspect that plays an important role in Dx is the integration of security, as it is a crucial factor in inspiring the consumer confidence that will result in commercial success for the new emerging technologies.
So, how can businesses enable Dx journey in a secure and compliant manner, knowing that the world of cybersecurity is always changing, with new threats and countermeasures emerging on a daily basis?
Cybersecurity setting the Cyber-scene
The cybersecurity global market is growing rapidly and is considered a crucial investment in today’s market.
The worldwide spend on information security products and services in 2017 was $101.544 billion, set to increase to $114 billion by the end of this year, followed by $124 billion by 2019, representing an almost 20% increase in the space of 2 years.
The major forces driving the cybersecurity market growth are strict data protection directives and rising cyber terrorism, in which professional cybercriminals will cost businesses over $2 trillion by 2019.
“BFSI will continue to drive the highest growth and market share for the overall security products and services market with 16.6% CAGR between the years 2016 to 2021.”
In Malaysia, The Financial Services segment (BFSI) is also one of the most mature markets in terms of cybersecurity regulations and fast adoption of advanced technology. BFSI will continue to drive the highest growth and market share for the overall security products and services market with 16.6% CAGR between the years 2016 to 2021.
And while BFSI is the largest vertical in the managed security services market, robust growth in Manufacturing and Public Sector will become next largest industries by 2021 with 16.8% and 14.9% CAGR respectively due to an increased adoption of cybersecurity solutions in those verticals.
Hyper-connectivity in a data-driven world
For the past decade, ensuring the security of data and infrastructure has become one of the most pressing concerns among businesses. In today’s hyper-connected world the need to be equipped with the right security solutions is even more crucial, mainly due the difficulties and complexity in managing the IT environment and protecting it against threats.
Organisations with the aim to drive their business through data is considered vulnerable and has a higher risk in exposing themselves to cyberattacks, data breaches and/or leakages - with the potential of risking themselves to any issues related to information security management.
Organisations across the globe that recognise the need in getting the right security policy and practise as part of their critical success factor for large IT transformation projects, believes that it is essential in enhancing customer experience.
Cyber threats are growing in volume and the nature of the threats is continuously evolving. With organisations actively adopting cloud- based delivery models and committing to digital transformation, the traditional cybersecurity models become unsustainable and obsolete.
To ensure seamless protection over time, it is vital for organisations to adopt the next generation of cybersecurity model to protect their data, infrastructure and reputation. With a comprehensive set of security solutions, not only are they able to enhance their customer experience, organisations can also unlock new business potential through security innovation by creating new business opportunities, as well as deliver new products and services that are well matched for the current market.
Starting with the end in mind, in embracing, supporting and educating businesses on the importance and implementation of security as a crucial part of digital transformation, TM ONE has recently organised its inaugural LEAP Summit 2018 conference with the theme “Transformation Through Intelligence. Are You Ready?”. The summit was aimed at providing a platform for the Enterprises and Public Sector to share their dynamic thoughts and experiences during their transformation journey. During this full day summit, Vito Di Bari, the ‘New European Guru of Innovation’ and Ajay Sunder, Frost and Sullivan ICT Vice President gave a sneak peek on the possibilities on how we can gear up further for the digital evolution leap in the next 3 to 5 years, and possibilities of what may happen in next 7 years to come.
The delegates also gained insights on how innovation in digitisation, analytics, artificial intelligence (AI) and automation can create vast opportunities for businesses and industry makers, and perk up the digital economy as the country takes the leap into becoming a digital nation, in which security plays a vital role in ensuring the realisation of our digital journey.
Issues, challenges and risks
Gartner predicted that 60% of digital businesses will suffer major service failures by 2020 due to the inability of security teams to manage digital risk.
The top three globally-identified key challenges with regards to security operations are the ability to timely detect and effectively respond to security incidents, the impact of new technologies such as cloud, data centre, mobile and Software-Defined Networking (SDN), and internal awareness and training to upskill employees.
And it is a known fact that for organisations who put security as an a erthought, will more likely face higher risk in having their systems, especially their data base, being hacked by unknown individuals with the intention of either to steal or to just make a statement.
How each organisation is being impacted by a security breach is dependent on the timing, duration and which industry it belongs to – with the most common business impacts crossing all industries and ranging from loss of revenue and productivity, reputational damage, corrupted business data, loss of intellectual property, level of trust declines, psychological stress to employees, as well as external fines and litigation.
The attacks are closer than you think
Back in 2017, the New Straits Times paper quoted CyberSecurity Malaysia’s CEO that ‘Almost 10,000 online incidents reported to CyberSecurity Malaysia each year,” where “one of the reported incidents were data breaches, classified under the intrusion category”5, with 22 incidents on data breaches reported between January to September 2017 alone.
A few of these high profile security breaches and incidents happened in Malaysia, with the most recent incident being an attack by ransomware in early November 2018.
It was reported in the local news media that the computer system of Malaysia’s largest media company, Media Prima Berhad, “was locked out by cyber attackers”, and was demanded to “pay millions of ringgit in ransom” in cryptocurrency amounting to 1000 bitcoins, that is equivalent to RM16 million. It was reported that their “office email system was affected”, and “the company has migrated to another system.”
In another cyberattack that happened in Singapore back in June 2018, hackers infiltrated SingHealth’s database, the largest healthcare group institution. The personal particulars of 1.5 million patients, including the outpatient prescriptions of Prime Minister and a few ministers, were illegally accessed and copied”.
Data Breach & Encryption Attacks
In another instance, a Canadian online news media reported that Cathay Pacific Airways suffered a data breach where passport details, addresses and emails of its 9.4 million passengers were illegally accessed. Due to the extensive repercussion and reputable damage it has incurred, “Hong Kong’s privacy commissioner launched a compliance investigation into Cathay Pacific Airways, saying the carrier may have violated privacy rules and the data was misused.”
To-date, Symantec reported in its online blog that the SamSam Ransomware continues its incurable cyberattack against many organisations, with recent ones seen against “67 different targets”, heavily targeting the US, with the rest “logged in Portugal, France, Australia, Ireland and Israel”. SamSam targets it attacks where it simultaneously encroaches “into networks and encrypting multiple computers” before demanding ransom from its target.
Another version of ransomware that is also considered well-known back in 2017 is the WannaCry Ransomware, where it targets only the Microsoft Windows operating System. WannaCry works by encrypting all computer files, and demand ransom to be paid in bitcoin cryptocurrency, before the set deadline.
The saying ‘better safe than sorry’ resonate well when it comes to taking preventative measures in dealing with cybersecurity attack. As the common norm of mobile devices, social media and open-source online collaborative tools have grown to be an essential part of our lives, especially at work, the need to be equipped with adaptive technology that grows and scale with the market has now become part of the requirement.
Organisations are constantly open to potential consequences and security risk, and IT leaders would need to possess infrastructure capabilities, application integration as well as skills and competencies in managing data residing on- or off-premises.
With the increasing volume and frequency of cyber-attacks, there is also a need to have an automated security mechanism that would efficiently handle incidents, and enable resources to focus on other core areas that would need customised troubleshooting.
A cohesive and integrated security solution that aids in the preparation, response and mitigation, monitor and view what to do before, during and after an attack, would be the best preventative measure applied in an organisation.
And to better fortify their security solutions, they should invest in real-time data analytics capabilities and artificial intelligence (AI) to better improve cyber defence posture as part of security automation initiatives.
Organisations with an Automated Detection and Response (a tool that enhances and works at the similar speeds of attackers) - coupled with an Endpoint Security Automation, Incident Response Automation, Machine Learning (ML) and Artificial Intelligence (AI) principles, and Cloud Security and Software-Defined Security (SDSec) - can eliminate false positives, and enable more intelligent threat detection, response, prevention, security operations and maintenance, and faster support of changing business and regulatory requirements.
Future of Cybersecurity in the Era of Digital Transformation
Next Generation Cybersecurity Threats - Is your business ready for it?
The next generation of cybersecurity threats would arrive in – and target - the cloud, primarily due to misconfiguration of cloud services, exploitation of cloud workloads, unauthorised access to cloud accounts and data breaches in the cloud.
Another new wave of attacks include IoT-compromised and along with traditional threats such as phishing emails, ransomware, DDoS attacks and web-based application attacks.
Another battlefield could be the cybersecurity for Operation Technology (OT) environment where the "airgap" between IT & OT no longer exists with the adoption of IoT and cloud services. Compliances and security measures will revolve around data privacy and data protection in different environments, with more focus on cloud and OT.
Traditionally, businesses tend to ignore security threats or risks when migrating to the cloud due to the misconception of cloud and IoT security.
Nowadays, businesses will need to prioritise their cybersecurity risks and threats in order to protect their data, optimise migration workloads to the cloud as well as to comply with regulations and avoid unnecessary potential loss of capital and operational spend, at the same time protecting the business’s brand equity.
Although there is a shift in the security responsibility model, businesses are still responsible to ensure security is wrapped together in the process when implementing cloud services, no matter what service models they are applying the business to.
From the supply point of view, companies that offer IoT and cloud services need to invest in security measures by design, which will require cost for security testing and embedding security feature into their services or products before releasing into the market.
The most common challenge that organisations face is its legacy IT infrastructure. However, despite reservations from CIOs, organisations have started adopting cloud-based models, moving away from legacy IT.
This has opened up opportunities for more security incidents to happen where application attacks and perimeter-less network, encouraged by the massive use of connected smart gadgets, would risk businesses from all angles.
So for organisations to fully embed cloud-based models into their process, all security aspects must be included at the heart of the process.
Data centres have also become the key target of cyber criminals, hacktivists as well as sponsored attackers. Whether seeking financial gain, competitive intelligence or notoriety, attackers carry out their assaults using a range of weapons. The top most dangerous threats to a data centre security include DDoS attacks, Web application attacks, DNS infrastructure attacks, SSL-induced security and weak authentication.
The next wave of data security will include IoT deployment – the integration of multiple sensors, tiny computer chips and communications devices with physical objects - enabling seamless communication between them and other computing devices such as cloud servers, computers, laptops and smartphones. These devices will exchange large volumes of data between them, and will require aspects of data integrity, confidentiality and availability to be fully ingrained in the process.
Any approach to IoT security should be based on data-driven empirical evidences that warn of a specific harms, and be adaptable over time and works flexibly cross-borders. Without placing cybersecurity as a priority, organisations will be left vulnerable to threats that are becoming more rampant with the growth of IoT deployment and digitisation.
Blockchain technology is arguably one of the most important applicable inventions in this data-driven era, and it extends beyond the remains of today’s famous cryptocurrency trend. It has massive potential to solve problems, particularly inefficiencies in a number of information processing systems, such as securing the authenticity of legal contracts and tightening supply chain traceability.
In terms of security, blockchain, or in its simplest terms, a public ledger, is seen as a potential solution as an application that streamlines and processing big data, as an endpoint protection software, a financing tool, as well as a supply chain management software.
It’s clear that the blockchain technology is still in its infancy, especially when it comes to its role in the cybersecurity space - but that didn’t stop a handful of innovators from taking blockchain out for a spin.
Regulatory compliance is a critical component of any successful security program.
Regulations are designed guidelines with the purpose of protecting organisations, clients and consumers against any potentially devastating consequences of cyberattacks.
Regulatory requirements have undeniably evolved and tightened its reigns over time, especially in the BFSI industry. Organisations in the BFSI sector are continuously burdened by the need to interpret what the global regulatory landscape means for their business operations. Hence, the focus is to bridge information gaps and ensuring higher minimum standards for compliance with the aim to create a culture of info-security among businesses and the public.
Rather than taking a "check-the-box" approach, organisations should implement an integrated and cross-discipline effort – in order to adopt an enterprise-wide program of cyber risk management - tailored to business objectives, while also maintaining a tolerable level of risk.
By taking an integrated approach to the broad objectives of cybersecurity management, organisations can achieve its business and security-focused goals, as well as regulatory compliance in an effective and efficient manner.
The impact on the General Data Protection Regulation (GDPR) - that came into effect in May 2018 in Europe - will affect organisations that are currently doing business with Europe. The new law has placed data protection and security firmly on the agenda of all corporate boards. This year will see a continued increase in scrutiny of data protection, especially with third parties.
As Malaysia is on the midst of transforming itself into a digital nation, it is imperative to address recurring cyber anomalies. Thus, organisations must support the government’s effort in improving the effectiveness of cybersecurity because ultimately, it warrants trusted systems and strategies that necessitate staunch cybersecurity practices. We must acknowledge the recent ITU’s Global cybersecurity Index, which ranked Malaysia as one of the most committed countries in the world in strengthening cyber capabilities to better protect and nurture our local businesses and consumers.
Managed Security Solution Offerings by TM ONE
As a Service Provider and the nation’s Digital Enabler, TM ONE offers a full suite of Managed Security Services to support the transformation journey of organisations in realising their full potential of digital capabilities. Organisations are able to enjoy peace of mind and focus on their core business operations knowing that TM ONE is managing their security systems.
At TM ONE, we understand that customers would prefer to work together with a single service provider that takes care of the business for them, especially in the area of data security management.
TM ONE offers end-to-end Managed Security Solution as the one-stop solution centre to strengthen the security portfolio of the organisation, which comprises of:
By capitalising on TM’s network coverage and ownership in Malaysia, TM ONE gives customers the edge in early detection and mitigation of threats passing through networks.
This allows for faster mitigations and remedies through proactive early detection. In addition to that, customers can minimise impact of technology obsolescence and the inability to scale as they leverage on TM ONE’s Managed Security Services offerings.
TM ONE’s Managed Security Services offerings is an expanded platform where TM ONE has established the state-of-the-art Integrated Operation Centre (IOC), which incorporates its Network Operations Centre (NOC), Security Operations Centre (SOC) and Smart Services Operations Centre at Jalan Damansara, Menara TM ONE.
The IOC works as a centralised command centre and provides a holistic monitoring, analysing and management of customer’s network infrastructure, security posture as well as smart services, using home-grown security experts with expertise in different vendor technologies that provides 24/7 support throughout the year.
TM ONE has been operating its local SOC since 2005 and it has since maintained its high availability through a primary and Disaster Recovery (DR) SOC that is located in Cyberjaya. The SOC is ISO/IEC27001:2005 certified; delivering 24x7x365 proactive monitoring, analysing and management of over 1,000 security devices proactively. TM ONE Certified expertise includes but not limited to CISSP, CISM, CISA, CCIE Security, SANS GCIH and CCIE R&S.
Our customers can also leverage on TM ONE’s Managed Security Information and Event Management (SIEM) offering for ease of centralised monitoring and management meant for security-related activities across multiple sites using TM ONE SOC advanced and high performance SIEM tools. And be assured that events of security threats, breaches etc are proactively monitored and addressed. This inherently reduces the risks of business expenses as a result of security exploits.
The SOC of the future will be built with security assimilated early on during the development stage. The fundamental end goal is for security to become much more automated and less manual to cater upcoming industry trends such as the push for moving business data to the cloud, where it is centralised and easier to access and analyse.
TM ONE’s wide portfolio is a fit for customers looking to engage a leading ICT Service Provider as opposed to having to manage multiple vendors in term of roadmaps, billings, support, functionality etc. As an end-to-end provider of ICT services, TM ONE is able to support customer’s broader ICT aspirations and goals while at the same time providing the necessary expertise to address specific security objectives. Being one of the largest ICT service provider in the country affords TM ONE access to partnering with best of breed security providers.
Summary & Final Note
The evolution of security as a form of defence to a solution-based differentiator is driving the urgency for businesses to accelerate its digital transformation – this is evidenced by the maturity level of cyber criminals that has drastically advanced over the years. As almost anyone is capable of launching a cyberattack at virtually zero cost, we will see more and more automated and widespread non-targeted attacks.
The world of the attackers has developed into sophisticated models that adapts to business plan, captures revenue streams, and assigns individuals with specialised professions based upon their expertise and skill set.
For organisations to be able to counteract, and sustain itself against these attacks, they must collectively rethink their approach towards security so that it will not dampen their effort as they go through their digital transformation journey. One possible approach is to implement smart security applications, fully equipped with capabilities that flexibly adapt to the country’s changing regulatory requirements.
And as we move to the future, the use of Big Data Analytics, Artificial Intelligence (AI) and IoT will slowly shape the cybersecurity trend – thus enabling businesses to run deeper analysis from the collected data. A smart security application, coupled with a data automation solution, will ultimately help to reduce security risk, time and cost of deploying changes and flexibly updating data within an organisation’s integrated system.
An apt solution will not be complete without expert hands. Businesses seeking to upskill their teams can look to TM ONE as their partner in enabling them to fully digitalise their operations and thus empowering businesses to realise their digital transformation journey.
Get in touch with us today to learn why organisations trust TM ONE’s Managed Security Solution, and how we can help to move beyond perimeter-based security services and offer more advanced ICT services for businesses.
Step into the future of your business
TM ONE aspires to be the ENABLER for businesses to realise the full potential of their digital opportunities.
To accelerate this aspiration, TM ONE established a Customer Digital Experience Centre known as TM ONE Experience Center (TM ONE EC). TM ONE EC will help to entice business customers’ digital experience through seamless vertical and horizontal solutions where it is brought together by our people, processes and state-of-the-art technology.
TM ONE’s effective digital experience hosts a customised and dynamic use of solutions and services that are well-suited for enterprise and public sector customers’ journey towards digital transformation.
To support this vision, we built TM ONE EC as a flagship of TM ONE digital experience at the 21st floor of Menara TM ONE. It is an immersive environment where customers, employees, partners and other relevant stakeholders experience how TM ONE intend to make Life Easier for a Better Malaysia through Smarter Living, Smarter Businesses, Smarter Cities, Smarter Communities and Smarter Nation.
All engagements will be carefully planned and matched with the right journey and will be fully guided - to ensure your satisfactory and exceptional first-hand experience of TM ONE solutions. After the engagement, the team will conduct validation activities to ensure that the expectations of customers are met, and potential businesses, partnerships, ideas and collaborations are seeded from the experience.
TM ONE Experience Centre is a space for opportunities that inspires customers and partners to nurture their collaboration & innovation spirit. It is a strategic tool to engage with C-levels, decision makers, and influencers to showcase how TM ONE will drive Digital Transformation in Malaysia and in the region.
For more information on TM ONE Experience Centre, visit