SUBSCRIBE NOW

Subscribe to Get the
Latest News And Updates. No Spam. We Promise.

DEMYSTIFY TECHNOLOGY: Securing Your Business in the Digital Era

March 25, 2021
201

Of your peers have already read this article.

6:49

Minutes you'll spend on this story!

Basic reactive measures are no longer adequate to manage the complexity of cyber threats today. It is time to adopt a more adaptive approach to cybersecurity that would enable Active Cyber Defence (ACD) and cyber resiliency. This means having real-time cyber defence services implemented to drive business growth securely.

The COVID-19 crisis and the unprecedented acceleration towards digitalisation have caused companies worldwide to race onto digital platforms. As companies stepped onto digital means, they found loopholes and vulnerabilities in their digital systems. These issues are evident with the high number of cyber incidents reported, with more than 7,000 cases in Malaysia as of September 20201. Cyber fraud topped the list in Malaysia as the most common type of cyber-attack.

Figure 1: Average total cost of data breach by country or region (IBM Data Breach Report, 2020)
Figure 2: Reported Incidents in Malaysia, 2020 (Malaysia Computer Emergency Response Team, MyCERT Statistics)

Current challenges on cybersecurity in Asia Pacific

In its latest 2020 report, INTERPOL provided a sobering reality on the cyberthreat landscape confronting the Association of Southeast Asian Nations (ASEAN) countries. The first half of 2019 saw a rise in botnet infections, phishing scams, and ransomware, among others. Malaysia ranked among the top 3 countries in terms of mobile banking malware detections.

Alarmingly, it was revealed that Malaysian organisations cannot cope on their own to address the myriad cybersecurity threats. More than 70% of Malaysian organisations surveyed agreed that security is not their core expertise. Companies would rather engage a trusted partner for their security needs, according to IDC’s 2020 Asia/Pacific (excluding Japan) Enterprise Services Sourcing Survey

Current overview of Cybersecurity in Malaysia

Against this backdrop, Malaysian enterprises that may not have the critical cybersecurity skills, technologies and cyber defence need to make urgent strategic choices. Hence, cybersecurity must be placed at the forefront of digital business initiatives and not as an afterthought. Cyber-attacks show a yearly upward trajectory. Leaders, however, tend to deny the possibility as it can affect their firm’s stature. This denial results in a spiral of incidents where businesses fail to defend themselves from cybersecurity strikes. As such, companies end up paying hefty fees to recover from the damages done. What firms could have protected earlier at a fraction of a cyber incident cost, now serves as a strong reminder of the importance of cybersecurity.

The detachment of cybersecurity from the business functions leads to a weak understanding of cyberattacks’ imminent threats on their business decisions. Organisations that do not comprehend cyber threats and their disastrous outcomes fail to quantify the risks across business decisions. Cyber strategies are often underfunded and low in resources as there is no intent to measure cyber threats and their influence. To counter this, leaders need to understand the key cybersecurity trends and align their priorities to strengthen their cybersecurity strategies.

Few considerations for the business leaders today:

  1. Do we have visibility on any potential threats to the organisation’s technology, process and people?
  2. Are the organisations adopting adaptive threat and access protections?
  3. How do we build a secure agile development of security by design, work with security services partners and create a digital ecosystem with cyber resiliency?
  4. Do we have a business-driven adaptive security governance and risk management to grow and protect the business?

Key-cybersecurity-trends for 2021

  1. Cloud adoption – ensuring security at scale
    1. The migration towards cloud platforms outpaced the capacity for security teams to manage the threats posed by cybercriminals.2
    2. Almost three-quarters of organisations hosting data or workloads in the public cloud experienced a security incident in the last year.3
    3. The Asia-Pacific (APAC) region accounted for the highest regional rates of exposed data (35%), ransomware attacks (37%), and account compromise (33%).
  1. Securing the remote workforce – building on the lessons in the new normal
    1. Organisations are battling one another in digital adoption to ensure business resiliency, with a focus on learning from the cyber events that took place in 2020.
    2. During the Movement Control Order (MCO), Cyber999 Help Centre, the cybersecurity incident response centre operated by MyCERT received a total of 3,906 complaints between March 18th and June 30th 2020, an increase of over 90 per cent in comparison to 2019.
    3. This increased case count indicates that digital adoption strategies did not balance with equally important cybersecurity measures. Weighing the options of choosing in-house services or outsourced services can be a game-changer for those seeking to turn the ‘new normal’ into an opportunity.
  1. Internet of Things (IoT) Devices and 5G Network Deployment – borderless security protocols
    1. IDC forecasts that there will be 55.7 billion connected IoT devices by 2025.4
    2. In 2020, 57% of IoT devices were vulnerable to medium or high severity attacks.5
    3. The deployment of the 5G network would give continuity to this trend. Whilst it does provide significant value, it brings along cybersecurity concerns with it.
    4. The critical challenge facing cybersecurity teams is that traditional methods would not be sufficient to tackle IoT threats. This issue is not concerning devices but instead networks that require a whole new approach.

3-point cybersecurity checklist for business leaders

1. Realigning cybersecurity measures towards proactivity

Busines leaders needs to be more proactive in fighting cyber threats. The evidence regarding the commonplace of cyber-attacks on even large institutions suggests that big companies are not spared from such attacks. Cybersecurity incidents are traditionally dealt with in a reactive state of mind, leaving the organisation a step behind the attackers. A proactive stance allows the business leaders to securely guard their highly valued assets and build a robust digital infrastructure on all fronts.

2. Shifting the view on cybersecurity from a cost-based to ROI- and risk-based

Cybersecurity is often regarded as a compliance-driven, cost-based investment and a crisis manager – limiting its vast potential and value. These misconceptions can lead to a costly outcome. Having that traditional mindset ultimately disables important cross-functional insights from cybersecurity players, leaving the company vulnerable. Leaders need to view cybersecurity in terms of Return on Investment (ROI) and innovation-drivers. These drivers, in turn, enable the inclusivity of cyber insights into various functions of the business and tackles the problem of cybersecurity operating as a silo.  

3. Integration and collaboration on cybersecurity  

Business leaders require a ground-up rethinking of the culture surrounding IT and Security by encouraging integration and cooperation across functions and external experts. This move ensures a continuous knowledge transfer on cybersecurity, building high-skilled talents. Creating a culture that prioritises collaboration would allow cybersecurity functions to be innovation enablers and fully grasp the vital role cybersecurity plays in the organisation.

Key takeaways

Traditionally, cyber strategies are mostly cost-based and referred to as an operational element of the business. By improving the integration and collaboration in the decision-making process, cyber budgets can be perceived as risk-measured and more strategically aligned with business targets. This process translates into a better understanding of the cyber threats that each business decision holds. As a result, business leaders can drastically improve their knowledge of the elements behind cyber strategies’ ROI. In the end, there is an allowance for better prioritisation and utilisation of the cybersecurity investment.

In Malaysia, generally we are still investing in conventional security technology, which is very much basic security, more reactive and only effective for damage control measures. It is time for us to seek a new proactive and more adaptive strategic approach to cybersecurity risk management that enables Active Cyber Defense (ACD) and cyber resiliency.

For businesses, this means real-time cyber defence services, resulting in valuable time and cost savings, avoid business disruption, providing peace of mind and regulatory compliance by preventing, mitigating or eliminating cybersecurity threats.

The Managed Security Services Provider or MSSP provide the bridge to balance the needs of cybersecurity to realise the value and benefits of cloud and digital services; to grow and protect the business and in return enable organisations to focus on their transformation journey, securely and comfortably.

TM One, the business solutions arm of Telekom Malaysia Berhad (TM) is ever ready to deliver digital security solution to businesses and organisations to safeguard their operations. TM One’s Cyber Defence Centre (CYDEC) is a fully managed security services that bring multiple benefits including global cyber threat intelligence services to protect brand and reputation, online fraud and business disruptions. CYDEC also offers real-time visibility with the Global Cybersecurity Operations Centre (G-CSOC) or a 24/7 monitoring of global Cyber Threat Intelligence (CTI) services with Active Cyber Defence (ACD) capabilities.

CYDEC also delivers numerous benefit to Malaysian enterprises and public sector institutions in building digital trust and cybersecurity resilience. This is done by managing the key five (5) key areas of risk – cybersecurity, compliance, privacy, ethics and social responsibility. These managed security services provide access to real-time, continuous, predictive cybersecurity, quickly and without complexity. With CYDEC, organisations can effortlessly ensure that in-house IT resources can remain focused on their business core matters. 

Cyber threat is a huge risk to today’s world. In today’s digital era and ever-evolving technology standards, cybersecurity has quickly become a top concern and priority for individuals and companies worldwide. With this in mind, organisations are required to equip themselves to prepare for tight security measures and the best cybersecurity solutions to protect their vulnerability. It’s time to update your cybersecurity measures and get the security your business deserves. It is better to take preventive measures now than later recovering the after damages of cyberattacks. Always remember that an ounce of prevention is worth a pound of cure! 

Reference

1 Reported based on General Incident Classifications, 2020, Malaysia Computer Emergency Response Team
2 Checkpoint Cybersecurity Report 2021, Checkpoint, 2021
3 Sophos The State of Cloud Security, Sophos, 2021
4 IoT Growth Demands Rethink of Long-Term Storage Strategies, IDC, 2020
5 2020 Unit 42 IoT Threat Report, Palo Alto Networks, 2020

5 BFSI Cybersecurity Trends in APAC You Need to Know in 2022

May 19, 2022
184

Of your peers have already read this article.

6:00

Minutes time you’ll spend for this story!

As innovation and technology change, so does the world of cybersecurity. So what to expect in 2022? Here are 5 BFSI Cybersecurity Trends in APAC You Need to Know in 2022.

The rise of digital banking and accelerated digital transformation have brought about new security concerns. Criminals are turning their attention to gullible online users, creating ever-so sophisticated scamming schemes to defraud them. At the enterprise level, threat actors are opportunistically using the shifting work environment to adopt tactics to infiltrate organisations.

Statistics1 from the Commercial Crime Investigation Department at the Royal Malaysia Police show that cybercrime is skyrocketing as consumers shift to online channels.

Between 2017 and June 20, 2021, Malaysians suffered losses amounting to about RM2.23 billion (US$533 million) from cybercrime frauds.

Of the 67,552 cybercrime cases reported during the period, e-commerce scams topped the chart with 23,011 cases. Meanwhile, complaints on online transactions surged 112% between 2019 and 2020, indicating that cybercriminals are looking to capitalise on the surge in e-commerce activity and rapid consumer adoption of digital financial solutions amid the new normal brought about by the COVID-19.

The pandemic forced consumers to turn to online retailers to buy groceries and e-wallets to pay their bills. A survey conducted2 by Kaspersky and research agency YouGov found that out of the 1,600+ respondents in Asia-Pacific (APAC) polled, 90% indicated having used mobile payment applications at least once in the past 12 months. Around 15% of the total survey respondents said they began using digital payment methods during the pandemic.

1. Asia emerges as favoured target

At the enterprise-level, cyber threats are exploding as well. The 2022 IBM Security X-Force Threat Intelligence Index, released3 last month, revealed that Asia has become the most attacked region globally, with over one in four cyber attacks recorded by the tech firm last year targeting users in the continent.

Asia saw more cyber attacks than any other region in the past year, the report says, with financial services and manufacturing organisations in particular experiencing nearly a combined 60% of attacks in Asia.

Server access attacks, where the attacker gains unauthorised access to a server, was the second-most common attack type observed, making up 11% of all incidents IBM’s X-Force IR team remediated in 2021. The majority of these attacks occurred in Asia, and in many cases the threat actors were successful in deploying malware or employing penetration testing tools on a server, the report indicates.

2. Fast digital transformation puts stress on IT systems

The pandemic has accelerated digital transformation and forced people to change the way they worked, transacted, and banked. This unprecedented speed of digital transformation is putting stress on banks’ IT systems, compromising real-time data analysis, and creating storage and security issues.

A recent survey4 of 305 global bank COOs and CTOs conducted by data-monitoring and management company – ITRS Group, found alarmingly weak operational resilience at financial institutions in the wake of COVID-19.

84% of respondents stated that their IT environment has changed more in the past 12 months than over their company’s lifespan, with digital transformation, work-from-home arrangements, cloud adoption, and more sophisticated security threats cited as the top drivers of change in banks’ IT environment. The figure stands even higher for APAC-based institutions where the velocity of IT change was found to be the greatest.

Globally, 79% of respondents indicated that it has become increasingly difficult for their institution to maintain their SLAs, or service-level agreements, with more than half stating that they suffered at least one business day of unplanned downtime every year.

Additionally, 94% stated that digital transformation has resulted in a significant increase in the volume of data, leading to challenges in analysing data in real-time (65%), storing data (62%), and difficulties in securing data (62%), creating a concerning trend.

3. Security, fraud prevention as a differentiator

As more people rely on digital payments and get accustomed to digital services, awareness of cyber risks and crime is also on the rise.

In fact, security is becoming consumers’ top concern, with 67% of Southeast Asian respondents polled by Kaspersky and YouGov indicating that they hope for the implementation of one-time passwords (OTPs) through SMS for every transaction.

After OTPs, two-factor authentication was named the second most preferred security feature (57%), while 56% of respondents said biometric security features, like facial or fingerprint recognition, should be added for digital banking and e-wallets.

Going even further, a considerable proportion of consumers believe that financial services providers should play a bigger role in protecting their customers from being defrauded. In fact, 40% of respondents indicated that banks and mobile wallet companies should “start preventing frauds/scams automatically based on spending behavior and/or transfer history.”

4. Advanced scams and social engineering on the rise

With increasing international cooperation and the establishment of multiple task forces to trace ransomware gangs, Kaspersky experts believe the number of such attacks will decrease in 2022.

Instead, cybercriminals will turn to more advanced scams and social engineering as they seek to exploit human and system vulnerabilities. These scams will leverage all sorts of tools and channels, ranging from SMS and automated phone calls to messaging apps and social networks, and will be fueled by the availability of advanced technologies such as deepfake and voice synthesis, the experts said, quoted5 by Vietnam News.

In Thailand, nearly 40,000 people were scammed with their bank accounts and credit cards showing inexplicable transactions. In Malaysia, scammers used fake bank websites to steal customers banking details. And in Vietnam, criminals impersonated top e-commerce platforms to trick users into sending money.

5. Cryptocurrency and NFT industry continues to attract cybercriminals

Kaspersky experts predict a significant wave of attacks on cryptocurrency businesses, a trend that started in 2019 and which coincides with the beginning of the cryptocurrency market’s bull run.

Figures from blockchain data platform Chainalysis show6 that cryptocurrency-based crime, including scams, ransomware, and stolen funds, hit a new all-time high in 2021, with illicit addresses receiving US$14 billion over the course of the year, up 79% from RM32.91 billion (US$7.8 billion) in 2020.

Kaspersky experts said they have already witnessed advanced persistent threat (APT) groups rising to attack the cryptocurrency business aggressively, and they anticipate that this activity will continue as criminals increasingly exploit flawed security and resort to advanced techniques including manufacturing and retailing rogue devices with backdoors and social engineering campaigns to steal cryptocurrencies. Cryptocurrencies are particularly attractive to criminals, considering the anonymity they provide.

Southeast Asia could be more vulnerable than other countries, considering that consumers in these locations are known for being avid adopters of cryptocurrencies and non-fungible tokens (NFTs). Among 20 countries surveyed by Kaspersky, the Philippines was found to have the highest adopter rate of 32% of Filipinos indicating owning digital assets. This is followed by Thailand (26.2%), ranked second, then Malaysia (23.9%). Vietnam (17.4%) was fifth and Singapore (6.8%) 14th.

Protect Your Organisation Today

The urgency of addressing the relentless surge of cyber threats impacting both the public and business sectors is a fundamental step to enabling a sustainable, safe and successful digital society. As a key player in digital transformation for companies across industries, TM One’s commitment to cybersecurity helps to create a safe and secure online environment for businesses and protect consumers from fraud and identity theft.

TM One has collaborated with CyberSecurity Malaysia, the national cybersecurity specialist agency, to elevate the nation’s cybersecurity network and ecosystem while strengthening Malaysia’s self-reliance in cyberspace.

“At TM One, we understand that new technologies are driving the accelerated digital transformation for many industries, allowing players to respond quickly to changes as well as provide customers with better digital experiences. Having a strong cybersecurity foundation will benefit Malaysian financial institutions not only mitigate cyber risk, but boost performance.  Our Managed Security Services are designed to meet the specific needs of financial institutions and take their digital transformation forward to effectively improve operations, address compliance requirements, and enable open ecosystems,” said Muhammad Ghadaffi Mohd Tairobi, Director of Sales for Banking and Financial Services at TM One.

Do you know what are the key sources of cyber risk in Malaysia? Click here to download the infographics.

This article was first published by FinTech News Malaysia

References
1. https://www.nst.com.my/news/crime-courts/2021/07/708911/malaysians-suffered-rm223-billion-losses-cyber-crime-frauds
2. https://newsinfo.inquirer.net/1552270/threat-awareness-high-as-digital-banking-users-list-preferred-security-steps
3. https://www.ibm.com/downloads/cas/ADLMYLAZ
4. https://www.itrsgroup.com/a-global-operational-resilience-survey
5. https://vietnamnews.vn/economy/1141324/advanced-scams-data-breaches-crypto-and-nft-attacks-imminent-in-southeast-asia-kaspersky.html
6. https://blog.chainalysis.com/reports/2022-crypto-crime-report-introduction/
7. https://www.tmone.com.my/solutions/cybersecurity-services/bfsi-infographic/?utm_medium=cybersecuritypage&utm_source=TMONE&utm_campaign=CYDEC

TM One Experts Reveal Three Critical Keys to Counter Cyber Security Threats

November 10, 2021
144

Of your peers have already read this article.

4:08

Minutes time you’ll spend for this story!

Cybersecurity is a major concern in today’s world. Organisations need to rethink their approach to cybersecurity and go beyond just protecting their network.

Recent attacks on two major companies in Singapore – real estate group OY Group and Starhub, a telecom provider – were instances of an alarming surge of cyber-attacks around the globe. A mid-year 2021 global report from UK based cybersecurity specialist Acronis highlights that the average cost of a data breach was around US$3.56 million. The average ransomware payment increased by 33 per cent to more than USD100,000.

Covid-19 has further exposed multiple unauthorised excursions into an organisation’s information and processes. It is commonly asserted by experts that a cyber-attack is now a question of when and not if. Despite their best intentions, every organisation is continually at risk and is susceptible to such attacks, warned cybersecurity experts from TM One, the enterprise and public sector arm of Telekom Malaysia Berhad (TM), during the CYDES 2021 summit.

With the focus on diving deep into how public and private sectors can strengthen their cybersecurity preparedness, experts from a variety of fields gathered to openly share various insights, tools, tricks and approaches. A common consensus is that complexity is one of the real challenges to effective cybersecurity implementations in today’s hybrid Cloud era. Here are three critical keys to counter cyber security threats.

Securing faster ID authentication

Combining blockchain and biometric recognition offers a more robust and secure method of authenticating a user’s identity, said Rahmah Isahak, Assistant General Manager, Digital Identity Cluster, Innovative Solutions at TM One during the summit.

The Covid-19 pandemic has forced more organisations to find ways to complete transactions remotely and enable remote access to systems. As this trend is expected to continue, identity authentication of users is of vital importance to an organisation’s security and to drive seamless operations.

“A blockchain system allows data to be held collectively, which prevents any malicious tampering. Users can register their identity details into this system, and a cybersecurity organisation or service provider such as TM One will then ensure that it is impenetrable to hackers,” she explained.

TM One offers Blockchain Secure Authentication (BSA) as part of its Cyber Defence Centre’s (CYDEC) Digital Identity pillar, focusing on digital identity protection. It is a password-less authentication technology to avoid credential attacks, a condition when cybercriminals bypass organisational security measures and steal important data. This solution has its use cases in various verticals, such as in banking, financial services and insurance (BFSI), healthcare, social media services and retail sectors.

“Not only blockchain verification is secure, it is also fast. It is able to authenticate users in less than three seconds,” she said. “Combining a system with biometrics will enable the authentication process to be entirely password-less for employees.”

“Biometric technology, such as facial recognition systems, do not require users to memorise passwords. There are many cases in the media that show hackers accessing passwords, whereas biometric authentication helps organisations to sidestep password theft,” she added.

The future of security is automation

The second key highlight was automated cybersecurity systems. “Automation allows IT teams to optimise resources while reducing human error in security responses,” explained Dr Azman Ali, Head of Information Security Services, Professional Services at TM One, when he spoke at CYDES.

Automation and increasing digitisation are features that both include and go beyond cybersecurity systems, Dr Azman shared. “Mobile apps, Internet of Things (IoT), Artificial Intelligence (AI ) and automation can be used to replace the repetitive manual tasks as part of the government’s digital transformation efforts.”

“One example of this is data collection in the healthcare industry sector. A vast amount of new personal information is being generated that could potentially help to enhance pandemic handling,” said Dr Azman. He pointed out that: “Digital transformation initiatives will help better manage this huge stream of data and assist in extrapolating actionable insights, but let’s not forget, that this need to be done securely while making privacy a top priority.”

Partnering with cybersecurity experts

Many businesses do not have the required tools and skills to protect themselves in today’s highly complex and rapidly changing threat landscape. In light of this, the option of working with a security partner is rapidly becoming another key solution. TM One offers a subscription service that includes world-class tools to uncover vulnerabilities in organisations and, additionally, helps to upskill an organisation’s internal security team.

The cyber squad at TM One comprises architects, consultants and analysts. Architects focus on designing security systems, which the consultants help to enhance. Meanwhile, analysts will provide critical security information by continually assessing upcoming threats, explained Dr Azman.

As part of its world-class cybersecurity portfolio, TM One provides 16 products, which include identity access, IoT, Cloud, and others, to secure systems from today’s threats and breaches. Global communications firm Telefonica, which works directly with TM One as its global Security Operations Centre partner, helps to actively consult and also advises on cybersecurity matters. Leveraging on the expertise of both companies, Malaysian organisations can be assured of fortified cybersecurity solutions to build their cyber resiliency and trust in the digital era.

As experts in Cloud services, TM One was appointed as one of the cloud service providers for the Malaysian government in April 2021, said Dr Azman. “TM has played a huge part during the pandemic with its work with healthcare organisations and in creating internet infrastructure.”

Moving forward, connecting the digital dots requires a holistic stance in today’s highly challenging environment, with cybersecurity as a foundational part of the mix, said TM One’s experts during the summit. Their positioning of three keys — authentication, automation and assistance – will help organisations to greatly strengthen their cybersecurity preparedness.

Digitalisation calls for intensifying Zero Trust to combat persistence in attacks

November 02, 2021
122

Of your peers have already read this article.

4:02

Minutes time you’ll spend for this story!

TM One experts share insights on implementing a Zero Trust approach to guard against new cybersecurity challenges.

TM One experts share insights on implementing a Zero Trust approach to guard against new cybersecurity challenges

All governments and organisations today need to be aware that they are fully at risk from cyber-attacks, as demonstrated by recent high profile media reports of breaches in critical infrastructures – such as Colonial Pipeline – to large multinational organisations.

According to a recent Ponemon Institute survey, 44% of organisations experienced a third-party data breach in the last 12 months that resulted in the misuse of sensitive or confidential information. 63% of organisations say that remote access is their weakest attack surface.

Cybersecurity professionals must learn to flexibly adapt when new challenges arise in a scenario wherein 2021, cybersecurity experts claim there are 10 types of hackers ranging from white hat, black hat, grey hat, script kiddies to activists and malicious insiders.

The current consensus among white hat hackers and cybersecurity specialists is to advise the government and organisations to pivot from detection to prevention strategies, which will be affected by reducing the attack surface and preventing known and unknown attacks. These days, no organisation can trust luck to avoid attacks. It is just a matter of when and how to mitigate and recover from a successful attack.

Coming together at the CYDES 2021 conference, these experts discussed the areas in which organisations are most vulnerable. They also shared the latest cyber tools and strategies to help organisations adapt.

Interestingly, experts from Telekom Malaysia Berhad (TM) identified the malware as the cyberthreat that has consistently prevailed over decades and been weaponised in attacks, primarily those involving critical infrastructure. 

 What is the current challenge?

During the past three (3) years, malware has become increasingly sophisticated, a step above previous versions, explained Raja Azrina Raja Othman, Chief Information Security Officer at TM. The energy sector, a key aspect of a country’s critical national infrastructure, saw significant malware used for attackers’ persistence in compromised systems, she shared.

One example of this occurred in 2017 when malware was introduced into an oil refinery in Saudi Arabia. The malicious programmes were designed to shut down safety systems, increasing the likelihood of a catastrophic explosion, wrote Wired.

“Amongst security practitioners, we understand traditional malware defences have proven ineffective,” said Raja Azrina. Protection mechanisms should continue to evolve.  For example, the way that organisations protect access points such as laptops “are changing and will continue to change.”

Moving to the Cloud without proper protections in place constitutes another challenge, Raja Azrina pointed out. She has seen organisations “that migrate without sufficient planning”, exposing valuable data to vulnerabilities.

Email servers present another attack surface for hackers to introduce viruses and malware. This has led to the loss of critical data and “can culminate in ransomware attacks,” she said.

Another example, a scam email sent to a Sydney hedge fund that contained a fake Zoom invitation. When users clicked on it, a malicious software programme was secretly implanted into the system, leading to losses of more than US$580,000, reported Australian Financial Review.

Implementing Zero Trust and data residency

Sometimes called ‘perimeterless’ security, a zero-trust security model is not a new approach to the design and implementation of IT systems – originally coined by a Forrester analyst in the early 1990s. However, it is rapidly becoming a favoured recommendation to counter vulnerabilities arising from the use of third party solutions in today’s complex IT information architecture.

“Perimeter defences and network segmentation remain highly relevant,” explained Raja Azrina. Segmentation helps to restrict access from one system to another, reducing the attack surface that hackers can target, and containing breaches as they occur.

Zero Trust is indeed a valuable approach. This model authenticates users each time they access an organisation’s network, systems or applications, blocking unauthorised users.

TM’s enterprise and public sector business arm, TM One, provides Zero Trust systems to help secure networks. Such a provision implements strong identity requirements to ensure networks are more ‘watertight’ against malicious intruders.

Furthermore, Raja Azrina highlighted data residency as a top concern when securing the Cloud. Different jurisdictions apply different laws to data, which can lead to legal complications arising when data is stored overseas.

One benefit of keeping data close to home is that organisations have easy access to their data centre. This is one of the reasons why TM One has built its Cloud centres in Malaysia, she explained.

Additional safeguards

Prevention is the best product protection and TM One provides additional cyber safeguards via two (2) tools that are available amongst its wide cyber security product portfolio.

First, a firewall creates a set of rules for websites to block malicious attempts to access information. TM One provides threat management by combining firewalls, anti-virus and anti-intrusion systems at the entry points to networks, according to its website.

Second, TM One helps to encrypt data transmitted across the internet, only allowing the sender and receiver to decrypt and view the data. Introducing this system would give citizens a trust point when accessing the site, maintaining the reputation of an organisation’s cybersecurity.

Another takeaway is that cybersecurity must be viewed as a marathon and not a sprint. Organisations must be able to sustain protections to keep ahead of evolving threats. Malware has recently proven to be a significant threat to public sector institutions and critical national infrastructures. A more robust and strategic approach of adopting Zero Trust, storing data locally, and the use of proactive security tools are essential in today’s rapidly changing environment.

How TM One’s CYDEC Cybersecurity Solution Turns Cybersecurity Challenges Into Cyber Resiliency and Digital Trust

July 27, 2021
159

Of your peers have already read this article.

2:57

Minutes time you’ll spend for this story!

TM One Cyber Defense Centre (CYDEC) offers fully-managed security services that detect, respond, predict and prevent cyberattacks. It protects a wide range of digital assets and services including those powered by the cloud and 5G, such as IoT applications, information technology and operational technology systems, primarily within Critical National & Information Infrastructure (CNII).

Raja Azrina Raja Othman
Raja Azrina is the Information Security Advisor at TM One and a renowned expert with over 25 years of experience in information security and computer crime, as well as advising the Malaysian government and various large corporations in devising their cybersecurity strategies. She has led in design, development and implementation of innovative solutions, which includes cyber crisis command system and endpoint solution for critical infrastructure

Q Why is cybersecurity imperative in realising Malaysia’s Digital Nation vision?

The Malaysia Cyber Security Strategy 2020-2024 (MCSS) outlines the key objectives and five strategic pillars that will govern all aspects of cybersecurity planning and implementation in the country. One of the focus areas is to improve national cyber resilience against cyber threats.

In line with the 10-year Malaysia blueprint road map of MyDIGITAL as announced by the Government, we will see a transformation of Malaysia into a digitally-driven, and regional leader in the digital economy and cybersecurity will be at the forefront. Organisations will need to build stronger digital trust and cyber resiliency resulting in a better-protected digital infrastructure and cleaner data in the cloud, through every endpoint.

“In the distant past, Incident Response and Forensics were an option. However, today the ability to detect, respond and mitigate in a prompt manner are essential services. Detection capability depends on level of threat visibility. Response capability is dependent on the level of rotection measures in place. We cannot perform effective response, without proper control measures in place. Reality is off-the-shelf systems, be it IT, IoT, IIoT and OT systems are vulnerable, in their default state. Thus, at TM One, designing security into the solution is inevitable,” says Raja Azrina.

Q To sustain during the lockdown, organisations migrated their services and operations online. As more are moving to the cloud, it is important to remain aware of the lingering security risks. Where should you start?

Managing security incidents that affect your business in real-time can be confusing particularly to any organisation that is in the early period of its digital transformation.

Many businesses need real-time protection from cyber threats, as delays in determining attacks can have significant financial implications. Having limited and detached equipment, tools, and system hinder organisations to own effective and efficient end-to-end cybersecurity services. Finding out trusted well experience digital solutions providers are daunting while sorting it internally with a lack of trained and qualified in-house professionals and immature recovery planning is also a challenge.

For holistic cyber defense protection, your cybersecurity solutions need to be able to detect, respond, predict and protect your systems and data from the breach in real-time, 24/7.

Q Your company’s data represents your most critical assets and protecting them should be high on your list of priorities. How does a trusted partner ensures your digital assets are protected in real-time?

Your partner is your first line of defense in ensuring the safety of your cyber ecosystem. Having the right experts who can manage your cybersecurity portfolio, with the ability to reach your data house digitally and also physically closer to your location is crucial. It offers a worry-free convenience, so you can focus on your core business operations without compromising on security.

TM One Cyber Defense Centre (CYDEC) offers fully-managed security services that detect, respond, predict and prevent cyberattacks. It protects a wide range of digital assets and services including those powered by the cloud and 5G, such as IoT applications, information technology and operational technology systems, primarily within Critical National & Information Infrastructure (CNII).

TM One’s recent partnership with Telefonica Global Solutions, combined with our own cybersecurity experts with extensive experience, CYDEC’s capability and capacity offers you a business value approach, enabling you to achieve faster identification of potential risks, addressing the gaps in security implementation, and providing you with the right recommendations based on information security strategy. These will ensure that organisations can quickly, accurately and strategically build their cybersecurity resilience in this new wave of digitalisation.

The EDGE Vertical Column: CYDEC

Together, Let’s Create Success Stories

Help us know you better.

Which industry are you from?

One more quick question.

What solution are you looking for?

Our Experts Will Connect With You Soon.

Don't worry, we hate spam too.

If you agree to continue browsing, you accept the use of cookies on this site and have the option to disable them if you wish.

Accept & Continue