SUBSCRIBE NOW

Subscribe to Get the
Latest News And Updates. No Spam. We Promise.

Never waste a crisis: Lessons from Asian cyber attacks

June 30, 2021
172

Of your peers have already read this article.

4:23

Minutes you'll spend on this story!

TM ONE’s cybersecurity solution helps Malaysian enterprises and public sector build digital trust and cybersecurity resilience, by managing five (5) key areas of risk – cybersecurity, compliance, privacy, ethics and social responsibility.

A closer look at what we can learn from past attacks in Southeast Asia and beyond.

It was just another day in January 2021. Some Malaysians had gone onto the official website of the state of Perak to access public services, only to be greeted by a startling message. “Hello admin, we just found your website is vulnerable for hacktivist. Please check your website and make sure it is patched before your website gets stamped again,” the warning read.

16 other websites for local governments and universities were also defaced. This was part of a campaign by hackers from Anonymous Malaysia to highlight weaknesses in the Malaysian government’s cybersecurity, reported ZDNet.

No hacks have been discovered since February 2021, The Malay Mail wrote. But the incident points to the potential vulnerabilities of public servers and the importance of securing them. How can governments learn from breaches such as this to build cyber resilience and digital trust?

Cyber hacks through the years

Malaysia certainly isn’t alone in being targeted by hackers. Singapore suffered a much publicised breach in its health data systems in 2018. 1.5 million Singaporeans had their personal information leaked onto the dark web, including Prime Minister Lee Hsien Loong.

Besides leaking personal data, cyber attacks can seriously disrupt our lives especially when they target critical infrastructure. Estonia’s major attacks in 2007 crippled banks, the media and some government agencies. Public servants couldn’t use their email to communicate with one another, and media outlets couldn’t deliver the news.

The threat of cyber attacks can escalate to threaten human lives. Earlier this year, a hacker tried to poison a water treatment facility in Florida through its remote access software. A German patient died as the first hospital she was sent to had been hit by hackers, and she couldn’t reach another hospital in time.

On a global scale, the 2017 WannaCry ransomware attacks impacted more than 150 countries and caused US$4 billion in losses worldwide. Perhaps most frighteningly, the attacks affected a third of National Health Service (NHS) hospital trusts in the UK, with ambulances rerouted and 19,000 appointments cancelled, according to Kaspersky.

Cyber tools for governments

What new tools or strategies can help governments fortify their digital borders?

In Malaysia, TM ONE, the enterprise and public sector business solutions arm of  Telekom Malaysia Berhad (TM), strongly believes that protecting critical infrastructure must become a key priority for enabling a digital Malaysia future. TM ONE’s cybersecurity solution helps Malaysian enterprises and public sector build digital trust and cybersecurity resilience, by managing five (5) key areas of risk – cybersecurity, compliance, privacy, ethics and social responsibility.

TM ONE has developed a Cyber Defense Centre (CYDEC), which is a fully Managed Security Services Provider (MSSP) that can detect, respond, predict and prevent cyber threats from a wide range of digital services in real time. These services include 5G, Cloud, Information Technology (IT), Operational Technology (OT), Internet of Things (IoT) and other Critical National and Information Infrastructure (CNII).

These solutions are crucial for organisations to safeguard their business, customer data and brand reputation from cyber threats and cybercriminals.

CYDEC was developed locally in Malaysia, and provides public and private sectors with digital trust and cyber resilience capability and capacity with its Global Cybersecurity Security Operation Centre (G-CSOC).

It is endorsed by both local cyber authorities, such as CyberSecurity Malaysia and the National Cyber Security Agency of Malaysia (NACSA), and has a Global Telco Security Alliance partner with telco giant Telefonica.

“With remote working here to stay and cloud becoming a critical component of an organisation’s digital transformation, decisions around what can be done in-house and what should be outsourced or purchased as a service can be game-changing for Malaysian enterprises seeking to turn “new normal” into an opportunity,” Maznan Bin Deraman, Head of Innovative Solutions & Cybersecurity Services, TM ONE told Business Today.

What we can learn

Never waste a crisis, as they say. Every breach presents an opportunity for governments to learn from mistakes and strengthen their cyber defenses.

The Florida water treatment facility incident, for instance, highlights the importance of security as people shift to remote working. “The problem is not the fact that remote software existed. I think the problem is that an adversary got hold of the credentials such that the adversary was able to access it,” Damon Small, Technical Director of Security Consulting at NCC Group North America, told CNN .

“Critical infrastructures will need to implement strong authentication methods when using remote access systems”, he emphasised. The world needs a passwordless-based with blockchain secure authentication to defend against credential theft.

“With more organisations and services moving to the cloud, we now see a greater evolution of threats and cybercrimes,” urged TM ONE’s Maznan. “There is an urgent need to protect digital infrastructure, data in the cloud and at every endpoint.”

As for WannaCry, its solution seems disproportionately simple for such a large scale attack. “Were it not for the continued use of outdated computer systems and poor education around the need to update software, the damage caused by this attack could have been avoided,” Kaspersky wrote.

Indeed, education and awareness are crucial in a nation’s cyber defense. Last year, Singapore launched a Safer Cyberspace Masterplan to raise general cybersecurity levels in the country. The plan will help businesses and individuals, Gwenda Fong, Assistant Chief Executive of the Cyber Security Agency of Singapore told GovInsider.

Nations will need watertight strategies and advanced Active Cyber Defense (ACD) to safeguard their digital borders. TM ONE CYDEC enables this for Malaysian organisations with real-time monitoring, simplified solutions and a comprehensive range of tools.

“Especially with the implementation of Malaysia’s Digital Economy Blueprint (MyDIGITAL), TM ONE CYDEC will ensure that government institutions can digitally transform while having the added assurance of knowing that public data is kept secure and in compliance with regulatory requirements,” Maznan concluded.

This article was written in collaboration with GovInsider.Asia

CELEBRATING SUCCESS
How Maybank is Leading Digital Transformation in Banking Sector

July 29, 2021
150

Of your peers have already read this article.

6:05

Minutes time you’ll spend for this story!

Maybank, changing the face of traditional banking

Malayan Banking Berhad (“Maybank Group” or “the Group”) is the largest financial services and banking group in Malaysia. The Group serves its 22 million customers through a robust portfolio of financial products and services, including consumer and corporate banking, treasury activities, insurance, and asset management. These contributed to the Group’s annual revenue of MYR 51 billion in 2020. For the same year, Maybank Group had an operating income of MYR 6.48 billion and was the winner of the world’s best consumer digital bank in Malaysia and Indonesia. 

Despite topping local and international market charts with notable digital milestones like QRPay and Maybank Trade, the Group’s M25 plan persists on digitalisation as a key-value driver. The strategy is similar to its Digital Bank of Choice strategy set in 2020. With customers spoilt for choice in today’s market, it is a challenge to reach that pinnacle of customer experience and preserve customer relationships at the same time, especially if a brand doesn’t fully invest in digital roadmaps and collaborations.

“We must always have the user behaviour in mind when we are creating new digital services and/or products. Digital banking providers who provide the best user experience and can solve customers’ problems will continue to be relevant,” said Datuk John Chong, Group CEO of Maybank Community Financial Services.

In this article, you will see Maybank in its journey to improve service delivery capabilities in the era of hyper-digitisation and competition.

Improving the digital banking experience

Maybank takes inspiration from the rapid rise of digital banking and fintech startups in its pursuit to continue enhancing customer experience. The bank’s mission is to provide customers with simple and convenient access to its financial services using ubiquitous digital solutions.

In 2018, the Group revamped the Maybank2U mobile application and website to offer a seamless transacting experience. The mobile application, which now features enhanced payment capabilities and customer personalisation, boasts over 12 million mobile downloads with an impressive 7 million active users (excluding website users) in 2020. New upgrades have allowed customers to generate dynamic PayNow QR codes for on-demand transfers. The mobile app also features a display of remittance options for more transparent overseas fund transfers.  Apart from that, other Maybank2U experience-enhancing functions include Scan & Pay, a personal debit and credit spending tracker, and a customisable savings planner. 

As the Group recognised the growing importance of digital products and services, it launched MAE (Maybank Anytime, Everyone) by Maybank2U in 2020. This complimentary mobile banking and e-wallet application seamlessly integrate online banking with one’s lifestyle needs. MAE not only allows customers to have full access to their savings accounts, pay bills and transfer funds. It also offers newer fintech solutions such as expenses monitoring, in-app virtual debit cards and ‘Tabung’, an individual and group-goal based saving feature. 

Maybank Group received numerous feedbacks from customers with negative experiences from self-service options, such as chatbots and FAQs. Looking to offer a better solution, the Group implemented E-CLEVA, an integrated live video chat solution. With this new capability, insurance claims teams could provide real-time assisted claims support for motor and fire insurances, allowing the bank to process claims digitally and within 15 minutes. 

Building operational efficiency with digitalisation

As customers stay at home during the movement control order, Maybank Group saw a significant surge in the number of digital transactions and users on its platforms — zakat payments before the festive period, for example, has increased by 227% year-on-year (Y-o-Y). At the same time, QRPay saw a transaction volume growth of over 650% Y-o-Y. With active mobile users expanding by 34%, Maybank Group had to deploy cutting-edge technologies to maintain its business outcomes at a rapid speed. 

The Group placed a heavy focus on automating its back offices, namely to streamline back-end processes by implementing machine learning for processing credit applications, branch operations, remittances and trade services. It reinvented the technology stack to support every layer of banking operation by adopting technologies like robotic process automation (RPA), ICR/OCR (Intelligent or Optical Character Recognition) and application integration for certain ‘open’ operations. 

Other digitalising efforts include migrating transactions from branches onto the online payments platform and implementing Artificial Intelligence (AI) in Anomalous Parts Detection for vehicle claims submission. The Group also launched a fully digital Know Your Customer (KYC) capability, enabling a customer to onboard through app-integrated video calls. 

Maybank Group measures the success of all digital initiatives through two (2) measures — straight-through processing (STP) rates and customer turnaround times. These measures allow the bank to track and analyse the efficiency of its services, enabling more productive service delivery capabilities across various operations.

Enabling convenient, safe and secure transactions

The rise of digital banking is analogous to a double edge sword — on one end, you have greater convenience at your fingertips. But on the other side, digital vulnerabilities and frauds can now affect us more than ever. Maybank Group mitigates these risks by internalising a robust cybersecurity infrastructure that covers internal governance, human knowledge and network capabilities. 

The Group employs a best-of-breed Security Information and Event Management (SIEM) technology that enables continuous real-time monitoring of any internal or external cyberattacks. Coupled with its Regional Security Operations Centre, which centrally manages the operational level of system security, the bank’s security specialists can quickly and continuously detect and respond to malicious activities using the Splunk Enterprise Security platform. 

Driven by the surge of digital transactions, Maybank announced in April 2021 that it is discontinuing the SMS TAC (transaction authorisation code) for approving online transactions on both its apps. The bank intends to protect its customers with improved online banking security. Customers will switch to Secure2U as the preferred authorisation method for most transactions, excluding Financial Process Exchange (FPX) and Direct Personnel Expense (DPE). This alternative feature adds an extra layer of protection. Transactions can only be approved within 50 seconds on a registered device using Secure Verification (one-tap authentication) or Secure TAC (a six-digit TAC number generated on the mobile app).  

This new ability creates a safer and more conducive way for customers to transact. At the same time, Maybank Group can build a digital ecosystem that enables safe and secure transactions continuously, fostering digital trust with its users.

Accelerating growth through key partnerships

As non-banking institutions with digital banking licenses flood the market, Maybank Group ensures business competitiveness by engaging in strategic partnerships to introduce new products while enhancing existing offerings. The bank focuses on creating close C-level collaborations with technology disruptors to foster customer stickiness by integrating lifestyle propositions with financial services.  

At a time where customers are increasingly adopting digital products in their lifestyle, Maybank Group joined hands with the ride-hailing company, Grab, to drive the acceptance and ubiquity of cashless payments further. By integrating the two payment systems, customers of Maybank and Grab can choose between using their GrabPay or Maybank QRPay mobile wallets at the merchants they support. Direct cash top-ups on the GrabPay mobile wallet via Maybank2U enrich the online experience between these two digital apps.

The partnership with Grab doesn’t stop there. Maybank Group unveiled a new dual-faced credit card that enables customers to seamlessly collect GrabRewards points that they can then use to redeem vouchers and other rewards. Aiming to serve younger consumers further, the Group also teamed up with an e-commerce powerhouse, Shopee, to offer a lifestyle and e-commerce credit card. Similarly, users obtain rewards – Shopee Coins which they can spend on future online or offline purchases.

The Group also partnered with various property leaders including, UDA Holdings, Tropicana Corp. and i-City to offer “HouzeKEY”, an alternative home financing solution for first-time home buyers. Another partnership with Permodalan Nasional Berhad (PNB) saw the launch of ASNB e-channels on the bank’s platform.  The collaboration enables cross-system transactions and the viewing of account balances via Maybank ATMs or the Maybank2U app. 

Maybank is poised to conquer the fast-growing digital banking space with its wide range of digital products and services, seamlessly integrated into a customer’s everyday life. The Group continues to defend and grow key customer markets in the era of digitalisation without losing sight of its core principle; humanising banking.

TRENDS AND DIGITAL STRATEGY
The Bank of Tomorrow – Hizam Ghazali

July 28, 2021
180

Of your peers have already read this article.

3:52

Minutes time you’ll spend for this story!

Banks have been at the forefront of digital transformation. They have always been the leading adopters of technology and have led the way to show how customer journeys can be digitalised.

As consumers, we seldom have to go to banks now and the banks have come to the consumer’s smartphone. Add to this the plethora of new innovative financial services made available by start-ups and tech giants alike. Consumers are besieged with choices.

Despite all the progress, this is still Day One for the banking industry. The per-capita consumption of financial services in our country and globally is still at low single (3 to 4 services) digits. Financial services are the backbone of every personal life, and every business and industry.

“There are huge opportunities to improve this consumption by taking away points of friction and improving accessibility. TM as a digital enabler to the banking industry, we see there are four (4) distinct innovation opportunities as we look into the next decade”, says Hizam Ghazali, Head of Digital Services, Telekom Malaysia Berhad (TM). 

Some of the potential innovative services opportunities are:

#1 Invisible banking
Most of us are not excited about making a trip down to the bank. It is often considered a waste of precious time. Bill Gates famously quoted way back in 1994, “Banking is essential, but banks are not.” The vision is to help us consume banking and financial services without visiting the bank or even transacting over the banking app. Akin to the famous “Intel Inside” campaign, can banks enable us to live better lives but still be invisible, make it so easy to consume that we are not even aware of its existence? The key is to embed the services seamlessly into the existing customer journeys, be it shopping or furthering your education. The more the invisibility, the greater the ease of consumption. It has taken us over two and a half decades to understand the vision that Bill Gates espoused.

#2 Ecosystems
Ecosystems are a way of organising the business to enable a high degree of collaboration between various stakeholders (customers, partners, employees, investors, government). It is a new business model which harnesses the idea of co-creation by the various industry stakeholders. Almost all digital-native businesses that we know such as Google, Amazon and GRAB are examples of the ecosystem in action. Banks have this incredible opportunity to build their own ecosystems as well as become part of others to drive growth. Through the use of Open Banking Application Programmable Interface’s (API’s), banks can now enable third-party fintech companies to access their core banking capabilities and develop innovative products to serve customers. The biggest benefit is the ability to innovate and take new services faster to market. The ecosystem owner focuses on the user experience and relies on the stakeholders to help drive innovation, market outreach and other capabilities. While GRAB started with the Mobility Ecosystem, they saw incredible growth during the pandemic in their Delivery Ecosystem and their future growth agenda is with the Financial Services Ecosystem.

#3 Hyper-personalisation
A critical pillar of differentiation for banks moving forward will be their ability to personalise services for the customers. Open Banking is an enabler for hyper-personalisation. This allows customers to opt-in and allows the bank have oversight of their financial investments across all providers. Then, through the use of big data and Artificial Intelligence (AI), they can be in a good position to generate customer-specific insights and offer very personalised solutions. These personalised solutions can be an aggregation of the bank’s products as well as third-party providers. Enabling this frictionless, personalised user experience has been the strategy adopted by several of today’s banking leaders in response to the competition from big-tech. Offering this at a large scale requires tight integration of technologies and partnerships.

#4 Security
While we saw a massive uptake of digital banking in the last 18 months, it has brought about a huge spike in cybercrime. Banking related phishing attacks have seen a twenty-fold increase in the same period of time. The situation is aggravated as the less digital-savvy population, which is the most vulnerable, starts adopting digital banking services. Banks are responding to this challenge with increased measures to authenticate users and add additional layers of security. These additional security measures are impediments to the greater use of digital banking. We believe there is an opportunity for banks to use some of the latest technologies including biometrics and AI to enable a secure yet frictionless experience.

Research firm, twimbit has estimated that the per capita consumption of financial services is set to explode and reach about 15 to 20 services by the end of the decade. While the competition is intense, there is enough opportunity for all market participants, simply because of the growth in innovation.

“I am excited about how the financial services industry is going to evolve in the coming decade. The convergence between these four (4) innovation opportunities will open a plethora of new possibilities. We are seeing more banks, e-commerce businesses and other financial institutions adopting digital components such as Robotic Process Automation (RPA) to enhance its daily operations, processes and of course, customer experience. We look forward to partnering with the industry to enable this new vision of possibilities,” Hizam added.

Enterprises Taking Transformation Forward

July 27, 2021
171

Of your peers have already read this article.

2:13

Minutes time you’ll spend for this story!

Q The Government’s initiatives under JENDELA, Digital Nasional Berhad (DNB) and MyDIGITAL, are imperative building blocks to drive digital transformation in the country. However, 70% of digital transformations fall short of their objectives. What makes digital transformation challenging for enterprises?

According to IDC, 55% of Malaysian organisations do not have an integrated enterprise-wide digital transformation strategy, and 91% of Malaysian enterprises are either on stage one or two, of a five-stage IDC maturity curve. Many of the challenges faced broadly falls under access and complexity.

The lack of access to the required skills is a large challenge, especially talent steeped in what IDC terms as third and fourth platform technologies and technology delivery models. These include cloud computing, Internet of Things (IoT) and mobility (underpinned by 5G), and big data analytics and machine learning, all of which need to operate in a secure environment. Implementing digital transformation requires multi-domain expertise spanning business and technology, which is hard for enterprises to acquire. Emphasis is often placed on processes and not outcomes. Employees often need to be retrained. Business continuity takes precedence over targeted investments.

Q How are enterprises creating    more    value   by leveraging on technologies to ensure successful transformation?

In the journey towards establishing a Digital Nation, the private-public and people are embracing technologies hence accelerating digital transformation efforts.

BFSI: Techwire Asia found that more than 70% of Malaysians are looking forward to a digital banking revolution. Malaysian banks are transforming digitally to align to customer needs, improve operations, meet compliance, enable open ecosystems by leveraging emerging technologies to address new opportunities.

Healthcare: The healthcare sector is turning to digital solutions to realise the promise of connected digital healthcare. Enhancing patient experience, increasing diagnostic accuracy, and improving patient care are some of the goals that the healthcare sector is hoping to achieve as a result of digital change.

Q Why  TM  ONE   is  the  right partner in supporting your transformation journey?

Emerging technologies are shaping the industries from continuous remote diagnostics, conversational Artificial Intelligence (AI), distributed cybersecurity, industrial robotics and automation and more.

To facilitate and accelerate digital adoption, TM ONE has built its offerings along four (4) technology pillars of digital transformation – Cloud, cybersecurity, smart services and professional services. Cloud carries the weight of digital change squarely on its shoulders. TM ONE Cloud α empowers enterprises with a comprehensive, customised, end-to-end, cloud solutions that deliver agility, innovation and growth. It is complemented by TM ONE cybersecurity solution, known as CYDEC (Cyber Defence Centre), which offers the best continuous, real-time and predictive protection spanning private and public networks, data, identity, and devices and infrastructure–to mitigate attacks on brand and reputation, online fraud, and mobile channels. Smart services are the most visible ambassadors of digital transformation, taking Malaysia a step closer to the Digital Malaysia aspiration. Whereas TM ONE Professional services help leaders create vision and roadmaps, enabling predictable, business-aligned digital transformation.

This article was written in collaboration with The Edge.

How TM ONE’s CYDEC Cybersecurity Solution Turns Cybersecurity Challenges Into Cyber Resiliency and Digital Trust

168

Of your peers have already read this article.

2:57

Minutes time you’ll spend for this story!

Raja Azrina Raja Othman
Raja Azrina is the Information Security Advisor at TM ONE and a renowned expert with over 25 years of experience in information security and computer crime, as well as advising the Malaysian government and various large corporations in devising their cybersecurity strategies. She has led in design, development and implementation of innovative solutions, which includes cyber crisis command system and endpoint solution for critical infrastructure

Q Why is cybersecurity imperative in realising Malaysia’s Digital Nation vision?

The Malaysia Cyber Security Strategy 2020-2024 (MCSS) outlines the key objectives and five strategic pillars that will govern all aspects of cybersecurity planning and implementation in the country. One of the focus areas is to improve national cyber resilience against cyber threats.

In line with the 10-year Malaysia blueprint road map of MyDIGITAL as announced by the Government, we will see a transformation of Malaysia into a digitally-driven, and regional leader in the digital economy and cybersecurity will be at the forefront. Organisations will need to build stronger digital trust and cyber resiliency resulting in a better-protected digital infrastructure and cleaner data in the cloud, through every endpoint.

“In the distant past, Incident Response and Forensics were an option. However, today the ability to detect, respond and mitigate in a prompt manner are essential services. Detection capability depends on level of threat visibility. Response capability is dependent on the level of rotection measures in place. We cannot perform effective response, without proper control measures in place. Reality is off-the-shelf systems, be it IT, IoT, IIoT and OT systems are vulnerable, in their default state. Thus, at TM ONE, designing security into the solution is inevitable,” says Raja Azrina.

Q To sustain during the lockdown, organisations migrated their services and operations online. As more are moving to the cloud, it is important to remain aware of the lingering security risks. Where should you start?

Managing security incidents that affect your business in real-time can be confusing particularly to any organisation that is in the early period of its digital transformation.

Many businesses need real-time protection from cyber threats, as delays in determining attacks can have significant financial implications. Having limited and detached equipment, tools, and system hinder organisations to own effective and efficient end-to-end cybersecurity services. Finding out trusted well experience digital solutions providers are daunting while sorting it internally with a lack of trained and qualified in-house professionals and immature recovery planning is also a challenge.

For holistic cyber defense protection, your cybersecurity solutions need to be able to detect, respond, predict and protect your systems and data from the breach in real-time, 24/7.

Q Your company’s data represents your most critical assets and protecting them should be high on your list of priorities. How does a trusted partner ensures your digital assets are protected in real-time?

Your partner is your first line of defense in ensuring the safety of your cyber ecosystem. Having the right experts who can manage your cybersecurity portfolio, with the ability to reach your data house digitally and also physically closer to your location is crucial. It offers a worry-free convenience, so you can focus on your core business operations without compromising on security.

TM ONE Cyber Defense Centre (CYDEC) offers fully-managed security services that detect, respond, predict and prevent cyberattacks. It protects a wide range of digital assets and services including those powered by the cloud and 5G, such as IoT applications, information technology and operational technology systems, primarily within Critical National & Information Infrastructure (CNII).

TM ONE’s recent partnership with Telefonica Global Solutions, combined with our own cybersecurity experts with extensive experience, CYDEC’s capability and capacity offers you a business value approach, enabling you to achieve faster identification of potential risks, addressing the gaps in security implementation, and providing you with the right recommendations based on information security strategy. These will ensure that organisations can quickly, accurately and strategically build their cybersecurity resilience in this new wave of digitalisation.

The EDGE Vertical Column: CYDEC

Together, Let’s Create Success Stories

Help us know you better.

Which industry are you from?

One more quick question.

What solution are you looking for?

Our Experts Will Connect With You Soon.

Don't worry, we hate spam too.

If you agree to continue browsing, you accept the use of cookies on this site and have the option to disable them if you wish.

Accept & Continue