The pandemic accelerated digitalisation to levels never before seen, forcing the financial sector to evolve quickly or risk being left behind. In addition to pivoting to a remote workforce, financial sector also embraced digital banking and open application programming interfaces (API) in a race to compete with upstart fintechs.

TM One, the enterprise and government sector arm of Telekom Malaysia Berhad (TM), was on hand to help its clients in the financial sector using their Zero Trust Network Access (ZTNA) concept – which TM One calls Secure Access Service Edge, (SASE) or pronounced “sassy”, to quickly secure their clients’ business environments while still achieving optimal speed-to-market for their digital banking products.

When the pandemic hit, many major financial institutions had to quickly pivot to enable their people to work remotely, securely. TM One responded with its SASE offerings for two main components: Internet Access and Organisation Assets.

Ts. (Technologist) Dr. Saiyid Syahir Al-Edrus, General Manager of Cybersecurity Services at TM One and his team are overseeing TM One’s efforts in real-time.

Saiyid explains, “Firstly, employees need secure internet access. Typically, when users browse the internet they are exposed to threat vectors. A cybersecurity solution protects employees by connecting all user traffic via a micro tunnel that goes into the SASE enforcement node or cloud proxy. Secondly, we secured employee access while using organisation assets such as SAP, Salesforce, and emails via secure remote access.

“Our cybersecurity solutions deployment is often quicker than other providers, because TM One does not need to deploy devices. All we need to do is push an agent into the customers’ laptops. The agent forwards traffic to the closest edge services, connecting users to the internet, a SaaS application, or an internal application through the appropriate zero trust service.

“This agent is also intelligent enough to determine when a user wants to access any cloud application for instance. So it will route users automatically based on that HTTP request. All IT activities are secured via a secure tunnel, which is encrypted and encapsulated,” he said.

Balancing digital banking growth and security concerns

Financial institutions are now launching a myriad of mobile apps dedicated to stock broking, wealth management, insurance services and other financial services to capture new markets and revenue. Their security practices, need to evolve quickly enough with these new digital offerings. Observed gap is mainly due to the lack of security planning at the development stage, said Saiyid. Too often, security comes as an afterthought, or is the last piece to the product puzzle pre-launch.

TM One is on a mission to educate more clients on the need to involve security right from the beginning of the product development process with DevSecOps.

“DevSecOps oversees security measures and how clients should secure all their applications or any new digital development. From the start of the app development process, DevSecOps will look at multiple security perspectives: What sort of app are we launching? Will it be hosted in the cloud or on premise? And, once released to market, how should the app be secured from being tampered?”

“Typically, you download an app from a marketplace, not the developer’s website. However, when an app or a patch is still pending launch from the official source, a malicious attacker can hijack the app by releasing a fraudulent version first. Anyone visiting the app marketplace will mistake the fake app for the real thing.”

“Even after the app has already been released by the official source, it can still be tampered with using malicious code. This code or virus capable of stealing user data or hijack the data that users key in.”

“Typically, a financial services app cannot be published if you do not remediate any non-compliance findings or gaps. This will further delay the release of the app or product. This creates a bit of friction between a business’s market growth aspirations and compliance with certain regulations. If clients only try to secure the environment at the end of the production process, it will just delay their launch further,” Saiyid remarked.

TM One provides Professional Services who consult and advise financial institutions about DevSecOps throughout the product development process. This includes conducting Vulnerability Assessment and Penetration Testing (VAPT) and security code assessments through which the cybersecurity team roots out bugs and corrects the app syntax that can unwittingly enable errors or bugs which are then taken advantage of by hackers.

“We’ve seen instances where the app works fine, but certain non-best practices in the code stream open it up to abuse or breach and increase product susceptibility to hacking and SQL injections,” Saiyid warned.

Besides that, TM One also secures the app infrastructure through cloud-hosted apps, with one of TM One’s solutions including the setting up Web Application Firewalls (WAF) either as a dedicated solution or WAF as a Service.

Cybersecurity needs to be both proactive and reactive

Due to massive monetary and brand value, financial institutions are among the most-targeted groups by Advanced Persistent Threats (APTs), which are groups of hackers that have been backed up by certain organisations that keep on attacking certain entities or certain individuals.

TM One is committed to protecting its clients both before and after APT attacks.

“TM One’s Digital Risk Protection services (DRP) include threat intelligence. We scour the public web, the deep web, and the dark web for certain keywords such as the company or brand name or even the name of key personnel linked to a financial institution. If there is chatter about organising an attack, we can quickly inform the customer to backup and monitor certain assets. If a client already outsources monitoring to TM One, we will do it ourselves. That’s the prevention part.

“However, despite an enterprise’s best efforts, APTs can still breach their environment. That’s why our DRP services also include mitigation or takedown services. If client data has been breached or shared in the internet, we initiate a takedown service by collaborating with our international pool of partners to reach out to the malicious attacker or whoever has shared the sensitive data.  We force them to take down the sensitive data from being published, on threat of legal action. That’s the mitigation part,” Saiyid explained.

For financial institutions, brand value lies chiefly in customer trust in their services. Securing those services requires both proactive and reactive cybersecurity measures. At TM One, cybersecurity is a continuous, evolving effort that is both proactive against possible threats and reactive with quick-acting and widespread mitigation efforts.

This article was first published in Fintech News

The agriculture industry faces a variety of challenges such as climate change, low agriculture productivity and yield, high operating cost, and health hazards to farmers. Leveraging digital technologies, TM One Smart Agriculture solutions are opening a promising ability to address the industry’s long challenges through the Smart Farming revolution.

TM One Smart Agriculture offers a diverse set of solutions to help farmers adapt to technological advancement. One of the features is a centralised monitoring dashboard that is integrated into the IoT-powered machines, which enables farmers a holistic view of their entire machinery performances and crop conditions.

Watch this video and know more about how TM One Smart Agriculture solutions can provide more efficient and sustainable farming practices.

To learn more about TM One Smart Agriculture, Contact us here.

According to Technologist Dr. Saiyid Abdallah Syahir Al-Edrus, General Manager for Cybersecurity Services and Product & Innovation at TM One, every organisation has the responsibility to ensure that their cybersecurity strategies run in tandem with their business growth.

“Organisations are responsible to protect and safeguard their business and customer data from cybercriminals. They need to have the right tools, processes and above all the right people, a team of cyber-intelligence experts or security analysts, in place at all times.”

BusinessToday spoke to the industry expert who has over 15 years of experience in consulting, network security, endpoint security, cloud security, application & data security, and cybersecurity risk management, and who has leveraged his expertise to help organisations protect their businesses from the increasing challenge of cyber-attacks and threats.

He pointed out that many Malaysian organisations of all sizes and across all industries faced gaps between their perceived capabilities and their actual performance when it came to ensuring their cybersecurity strategies addressed the needs of their business.

“Organisations may believe that they have taken all the necessary steps to protect their data and systems, when they have not. This false sense of security has resulted in major global corporations and regional government agencies falling victim to massive security breaches.”

Dr. Saiyid also noted that organisations tended to become complacent. “Organisations often take for granted that they will not be the target for cyber-attacks, because they feel that they are not managing critical infrastructure and sensitive data. However, attackers will target any organisation that can provide them with a lucrative payoff.”

Lack of resources was a third factor, he added.

“Most organisations may not have the budget to invest in robust cybersecurity measures or the necessary expertise/personnel. Instead they often rely on general IT support. Unfortunately, cybersecurity itself encompasses a very huge spectrum and domain, for which you need specific skills, experience and knowledge.”

“Having an external partner that can provide professional and advisory services will help enterprises navigate and manage their cybersecurity strategy.”

Dr. Saiyid noted that while TM One, the enterprise and government sector arm of Telekom Malaysia Berhad is fully capable of providing a complete outsourced cybersecurity service to its customers, his preferred approach involved a hybrid solution between organisations and their cybersecurity partner.

“Cybersecurity strategies must be based on the organisation’s needs and priorities. My recommendation would be that policies are governed in-house, where the client dictates and determines which security services are needed and cybersecurity framework the organisation should adopt.”

Shifting Resources Purposefully

Responding to an IDC Enterprise Services Sourcing Survey, which stated that over 70% of Malaysian organisations recognised that security is not their core expertise, Dr. Saiyid pointed out that this view stems from understandable reasons – cybersecurity is generally underfunded and under-resourced.

“Businesses are often challenged to find and retain the right talents to manage digitalisation, cybersecurity, and innovation within their organisations. IT departments are now expected to support new revenue streams, on top of managing operational efficiency and reducing cost. Business leaders find it difficult to understand the ROI of IT security, and are more focused on growing their digital revenue – especially in the wake of COVID-19.”

As a result, meeting the need to secure these digital platforms can weigh on businesses’ priorities, requiring them to divert limited budgets and resources from opportunities to risk avoidance, Dr. Saiyid highlighted.

“In large organisations, managing cybersecurity efficiently requires a significant amount of resources and effort. Aside from the need to secure a well-equipped and complex IT environment, setting up a dedicated team means organisations need to invest in the technology and put together the security controls for the entirety of their IT environment. This can prove difficult as there is a marked scarcity of cybersecurity professionals, not only in Malaysia but internationally.”

With these realities, individual organisations should decide whether they want to outsource a certain portion of their cybersecurity responsibility or outsource the whole function.

“For instance, they can choose to retain identity management, which is the heart of IT operations and sits with Active Directory and domain controllers, while the rest, such as perimeter security, firewalls, intrusion prevention systems, or the 24/7 monitoring of the overall environment can be outsourced to the experts, like TM One.”

Service providers such as TM One can also provide organisations with round-the-clock protection, ensuring that their systems are always safe and secure. Furthermore, outsourcing cybersecurity can help organisations free up their internal resources so that they can focus on other areas of business.

TM One’s Professional Services supports organisations to assess their cybersecurity capabilities, and provides consulting and advisory services to help them strengthen their capabilities to respond to potential threats.

Specifically, TM One’s Cyber Defence Centre (CYDEC) is an end-to-end cybersecurity service which includes cybersecurity consulting or professional services to guide organisations carve out the best cybersecurity solutions that fit their needs and budget.

Through continuous support from TM One’s Security Operations Centre (SOC) and CyberAssurance services, organisations can benefit from managed security services to discover and address potential cybersecurity vulnerabilities, leverage solutions that help strengthen the readiness of in-house security teams, test systems to identify exploitable gaps, and monitor their broader business ecosystem to detect attacks or indicators of compromised systems and data more efficiently.

This includes Security Posture Assessment (SPA), Vulnerability Assessment and Penetration Testing (VAPT) services and Digital Attack Simulation either as a one-time engagement or a retainer programme.

Organisations who are interested to learn more about how TM One can help enhance their cybersecurity profile can visit its website at https://www.tmone.com.my/solutions/cybersecurity-services/.

This article was first published in Business Today

Cyberattacks have now become a constant threat for businesses everywhere incurring cost and causing reputational issues, on top of other economic conditions that organisations have to contend with.

Despite the inevitability and increasing frequency of these attacks, most businesses have yet to adequately safeguard their infrastructure and systems, with today’s more sophisticated hackers finding new ways to attack businesses of all sizes.  

International Data Corporation (IDC) has reported that in 2021, Southeast Asian organisations spent a whopping US$3.2 billion on cybersecurity services, software and appliances.

Closer to home, the Malaysia Cyber Security Strategy 2020-2024 report states that the country may face economic losses of up to RM51 billion due to cyber threats. A study in VMware’s “The State of Incident Response 2021” report also found that 49% of organisations lack the expertise and tools for adequate incident response.

According toTs. Dr. Saiyid Abdallah Syahir Al-Edrus, General Manager, Cybersecurity Services, TM One, “A proactive strategy is when businesses wholly employ a good cybersecurity framework including leveraging new technologies and trends to keep their systems secure. Utilising artificial intelligence (AI) in cybersecurity and automation to bring benefits to their overall operations.”

---

AI has revolutionised the world by leaps and bounds, with AI in cybersecurity making it much faster to trace potential attacks, reduce the delay in response time and ultimately save man hours. Technology enables cybersecurity solution providers and analysts to analyse similar attack patterns and provide the necessary responses if there is a behaviour change. 

Emerging cybersecurity technology will now help to facilitate organisations become more proactive. This includes the utilisation of security information and event management through technologies such as Extended Detection and Response (XDR), Security Orchestration, Automation and Response (SOAR) and Next Gen Security Operations Centre (SOC).

This ensures that enterprises and the government sector are able to implement and maintain a proactive cybersecurity strategy, leveraging the skills and capabilities of dedicated specialised talents and reducing the impact to their own over-stretched IT teams.

TM One works closely with its customers by thoroughly assessing their security posture, technology maturity and business needs through its consulting and other value-added services. The firm has positioned itself apart from its competitors through Managed Security Services (MSS) as its core solution offering. 

TM One also recently received the prestigious Frost & Sullivan Best Practices 2022 Cybersecurity Company of the Year award. 

Their credibility is seen in the development of its products and solutions offered for the cybersecurity scene. According to TM One, most Malaysian organisations lack in-house security expertise, professionals and tools. This leads to them importing or outsourcing their security operations to ensure the security posture of business infrastructure and manage their cyber risks.

To address this issue, TM One provides a wide spectrum of cybersecurity solutions, helping organisations improve their security posture and business infrastructure as well as better manage their cyber risks via TM One’s Cyber Defense Centre (CYDEC).  

CYDEC’s extensive and comprehensive cybersecurity portfolio includes MSS, encompassing managed unified threat management, managed SOC, managed detection and response, cyber threat intelligence, managed anti-DDoS, managed web application firewall, vulnerability management, capture-the-flag service, cyber deception service, digital risk protection and many more. 

TM One’s cybersecurity consulting services also include, and are not limited to, security assessment and posture, vulnerability assessment and penetration testing, cybersecurity design and implementation, compromised assessment and digital attack simulation.

Fuelled by TM’s SOC and centralised cybersecurity platform, TM One’s CYDEC incorporates advanced technologies like predictive analytics and machine learning to help customers address evolving cyberattacks on-premises and on the cloud. As an added advantage, this extensive cybersecurity portfolio allows TM One to curate and customise solutions based on customers’ needs across various business sizes. 

TM One has continuously proven that the right solution alongside robust technology will augment organisations in safeguarding systems, especially within the current complexities of today’s digital landscape. Prioritising cybersecurity skills as one of the most important areas to be addressed, TM One is committed to addressing the industry’s current challenges and support businesses navigate the digital space with greater confidence. 

To find out how TM One can help you achieve world class cybersecurity, visit Cybersecurity Services and Solutions — TM One CYDEC

This article was first published in CEO Morning Brief – The Edge Markets

Innovation is a key driver for organisations to generate new opportunities and to create greater value. It enables organisations to find fresh solutions to problems and generate value that they otherwise couldn’t access. It takes leadership’s commitment to drive innovation across an organisation. With the right mix of people, tools and leadership, organisations can unlock their next advantage, today.

How organisations can move towards their NEXT phase of economic growth and create new business growth

What are the five top of mind factors that organisations should consider their NEXT phase of innovation?

• Rebalancing organisational focus across three areas – business and operational performance; compliance; and being future-focused. Being future-focused must be an organisation’s main agenda in order to embed a new transformative culture, and to pivot towards making businesses more efficient to achieve a new measure of success.
• Building for scale and resilience – adopting technology, cloudification, smart solutions, business analytics with AI and machine learning, and stronger cybersecurity is key for business growth and sustainability.
• Partnerships – offer a unique opportunity for collaboration across ecosystems and cultures. By combining competencies and different perspectives, companies can quickly create innovative solutions that would otherwise be challenging to develop. Embracing partnerships allows companies to tap into new ideas for growth, and create value in a way that wouldn’t have been possible without collaboration.
• ESG – embracing sustainability includes forward-looking value creation that enriches mid- to long- term value for communities, businesses and the Government. Tapping into resource-efficient solutions will also bring about differentiated user and consumer experiences.
• Talent management –  in becoming future-focused, managing talent is key with greater emphasis on talent reskilling, upskilling, retention and effective recruitment. Improving talent management also includes adopting agile practices and digital workspaces, embracing a digital-first mindset that sets organisations apart.

“It is clear that taking advantage of technologies, coupled with strong partnerships will help build a more resilient and responsive ecosystem.” Shazurawati Abd Karim – Executive Vice President at TM One

---

TM ONE is your trusted partner in enabling your next advantage today and tomorrow by harnessing the power of human centered technology and innovation. We provide secure and robust fit-for-purpose business solutions to enterprises and the Government from across diverse industries, from banking to retail, oil & gas and energy, logistics, education, healthcare and many more.

We understand that every organisation has different needs and goals, with different business models, systems and operational landscapes.

Our end-to-end managed services and vertical solutions built across our pillars of connectivity solutions, data centres, cloud, cybersecurity and smart services which leverage the latest technologies empowers organisations to harness the power of big data and IR 4.0.

Together with our professional services teams across Malaysia and Indonesia, TM One offers value-based innovative solutions to businesses in line with TM’s role as the enabler of progressive innovative transformation.

TM One’s 5G Sphere, our circle of local and global smart solutions and technology partners, will also enable the next phase of enterprise innovation and transformation, harnessing 5G capabilities.

TM One’s 5G Sphere offers the opportunity for enterprises to springboard and accelerate their transformation, offering bespoke solution ideation and implementation to drive and generate positive business outcomes that address the unique needs of diverse businesses.

Register for your next advantage now at: 5g.tmone.com.my Your Next is Now.

This article was first published in Reuters Breakingview 2023