According to Technologist Dr. Saiyid Abdallah Syahir Al-Edrus, General Manager for Cybersecurity Services and Product & Innovation at TM One, every organisation has the responsibility to ensure that their cybersecurity strategies run in tandem with their business growth.
“Organisations are responsible to protect and safeguard their business and customer data from cybercriminals. They need to have the right tools, processes and above all the right people, a team of cyber-intelligence experts or security analysts, in place at all times.”
BusinessToday spoke to the industry expert who has over 15 years of experience in consulting, network security, endpoint security, cloud security, application & data security, and cybersecurity risk management, and who has leveraged his expertise to help organisations protect their businesses from the increasing challenge of cyber-attacks and threats.
He pointed out that many Malaysian organisations of all sizes and across all industries faced gaps between their perceived capabilities and their actual performance when it came to ensuring their cybersecurity strategies addressed the needs of their business.
“Organisations may believe that they have taken all the necessary steps to protect their data and systems, when they have not. This false sense of security has resulted in major global corporations and regional government agencies falling victim to massive security breaches.”
Dr. Saiyid also noted that organisations tended to become complacent. “Organisations often take for granted that they will not be the target for cyber-attacks, because they feel that they are not managing critical infrastructure and sensitive data. However, attackers will target any organisation that can provide them with a lucrative payoff.”
Lack of resources was a third factor, he added.
“Most organisations may not have the budget to invest in robust cybersecurity measures or the necessary expertise/personnel. Instead they often rely on general IT support. Unfortunately, cybersecurity itself encompasses a very huge spectrum and domain, for which you need specific skills, experience and knowledge.”
“Having an external partner that can provide professional and advisory services will help enterprises navigate and manage their cybersecurity strategy.”
Dr. Saiyid noted that while TM One, the enterprise and government sector arm of Telekom Malaysia Berhad is fully capable of providing a complete outsourced cybersecurity service to its customers, his preferred approach involved a hybrid solution between organisations and their cybersecurity partner.
“Cybersecurity strategies must be based on the organisation’s needs and priorities. My recommendation would be that policies are governed in-house, where the client dictates and determines which security services are needed and cybersecurity framework the organisation should adopt.”
Responding to an IDC Enterprise Services Sourcing Survey, which stated that over 70% of Malaysian organisations recognised that security is not their core expertise, Dr. Saiyid pointed out that this view stems from understandable reasons - cybersecurity is generally underfunded and under-resourced.
“Businesses are often challenged to find and retain the right talents to manage digitalisation, cybersecurity, and innovation within their organisations. IT departments are now expected to support new revenue streams, on top of managing operational efficiency and reducing cost. Business leaders find it difficult to understand the ROI of IT security, and are more focused on growing their digital revenue – especially in the wake of COVID-19.”
As a result, meeting the need to secure these digital platforms can weigh on businesses’ priorities, requiring them to divert limited budgets and resources from opportunities to risk avoidance, Dr. Saiyid highlighted.
“In large organisations, managing cybersecurity efficiently requires a significant amount of resources and effort. Aside from the need to secure a well-equipped and complex IT environment, setting up a dedicated team means organisations need to invest in the technology and put together the security controls for the entirety of their IT environment. This can prove difficult as there is a marked scarcity of cybersecurity professionals, not only in Malaysia but internationally.”
With these realities, individual organisations should decide whether they want to outsource a certain portion of their cybersecurity responsibility or outsource the whole function.
“For instance, they can choose to retain identity management, which is the heart of IT operations and sits with Active Directory and domain controllers, while the rest, such as perimeter security, firewalls, intrusion prevention systems, or the 24/7 monitoring of the overall environment can be outsourced to the experts, like TM One.”
Service providers such as TM One can also provide organisations with round-the-clock protection, ensuring that their systems are always safe and secure. Furthermore, outsourcing cybersecurity can help organisations free up their internal resources so that they can focus on other areas of business.
TM One’s Professional Services supports organisations to assess their cybersecurity capabilities, and provides consulting and advisory services to help them strengthen their capabilities to respond to potential threats.
Specifically, TM One’s Cyber Defence Centre (CYDEC) is an end-to-end cybersecurity service which includes cybersecurity consulting or professional services to guide organisations carve out the best cybersecurity solutions that fit their needs and budget.
Through continuous support from TM One’s Security Operations Centre (SOC) and CyberAssurance services, organisations can benefit from managed security services to discover and address potential cybersecurity vulnerabilities, leverage solutions that help strengthen the readiness of in-house security teams, test systems to identify exploitable gaps, and monitor their broader business ecosystem to detect attacks or indicators of compromised systems and data more efficiently.
This includes Security Posture Assessment (SPA), Vulnerability Assessment and Penetration Testing (VAPT) services and Digital Attack Simulation either as a one-time engagement or a retainer programme.
Organisations who are interested to learn more about how TM One can help enhance their cybersecurity profile can visit its website at https://www.tmone.com.my/solutions/cybersecurity-services/.
This article was first published in Business Today