Alex Loh, the country manager of Fortinet Malaysia Sdn Bhd talks about the company’s efforts to reach out to SMEs to make them realise the importance of cybersecurity to their business and the challenges faced by the cybersecurity industry in the coming years.

  • By Sharmila Valli Narayanan • Photos By V. Chanthiran

Alex Loh, a seasoned IT industry veteran, was appointed as Fortinet Malaysia Sdn Bhd’s country manager in March 2018. Loh has been tasked with driving Fortinet’s mission to deliver the industry’s most innovative and highest performing cybersecurity solutions to enterprises in Malaysia.

Fortinet is the global leader in broad, integrated and automated cybersecurity solutions. The company currently ranks as No 1 in the most security appliances shipped worldwide with more than 375,000 customers worldwide.

“At Fortinet, we are also very proud of being our industry’s most independently tested and validated security vendor,” says Loh. “The fact that we earn more certifications and validations is an extension of the value we place on rigorous and reputable outside evaluation. Every Fortune 10 Carrier relies on Fortinet’s high-performance solutions to secure their mission critical networks, as do nine of the top 10 retail and commercial banks and 70% of the top aerospace and defence agencies.”

All these achievements for a company that is not yet 20 years old! Fortinet’s success in addressing the security demands of the digital economy is thanks to its Security Fabric architecture that enables the delivery of required security features to any point, from the endpoint and IoT device to the cloud, in real time.

“The Fortinet Security Fabric architecture uniquely positions us to address the security challenges faced by enterprise customers today, including complex network ecosystems, public, private, and hybrid clouds and parallel networks encompassing IT, OT, and IoT,” explains Loh.

The Fortinet Security Fabric is powered by the threat intelligence services developed by FortiGuard Labs, consisting of more than 200 expert researchers and analysts stationed around the world. These researchers work with world class, in-house developed tools and technology, combined with data collected from more than two million sensors around the globe, to study, discover, and protect against new and evolving threats.

“There is still a general lack of awareness among SMEs in Malaysia on cyber threats and its impact.”

Malaysia ranks third among 193 countries in terms of commitment to cybersecurity. When it comes to implementation, how is Malaysia doing, especially in terms of SMEs?

According to a recent joint report by Microsoft and Frost & Sullivan in 2018, 62% of the businesses in Malaysia said they feared cyber-attacks and this has hindered digital transformation projects. More than 53% of organizations in Malaysia have experienced a security breach, but only 47% have the mechanisms to conduct a forensic investigation or data breach assessment.

CyberSecurity Malaysia found that 80% of SMEs in Malaysia have not invested in cybersecurity due to cost while others are not aware that they need to. As Malaysian companies including SMEs embrace digital transformation, they need to deal with many challenges. Business applications need to be available from anywhere, 24/7 and from any device. As technology adopters (IoT, cloud services, mobility), they need to deal with challenges associated with agility. As threats are getting more sophisticated and high-tech, the traditional approach of erecting firewalls and applying anti-virus security measures is no longer sufficient.

Companies, especially SMEs should not just focus on responding or being preventive but they also need to strengthen their protection and predictive capabilities.

What is Fortinet Malaysia doing to attract more SMEs to look seriously into their cybersecurity?

Although cybersecurity is a critical component to the continued operations of any business organization, there is still a general lack of awareness among SMEs in Malaysia on cyber threats and its impact.

To help cultivate more awareness among key industries including SMEs, Fortinet has been bringing its annual regional cybersecurity event, 361° Security to Malaysia. Now running in its 8th year, the event is held to educate cybersecurity professionals, enterprises and SMEs in terms of current cyber security trends and how disruptive technologies are changing the way security should be viewed and implemented.

Over the years, Fortinet Malaysia has also established strategic collaboration with CyberSecurity Malaysia as well as industry giants and academia in contributing towards cyber security capacity development. With CyberSecurity Malaysia, Fortinet has agreed to exchange security information and technical know-how, thus helping Malaysia to develop local information technology security expertise while offering real-time online threat intelligence services to government agencies and private organizations in Malaysia.

In 2017, Fortinet initiated the Fortinet Network Security Academy (FNSA) program in Malaysia by working with local university Universiti Teknologi Petronas (UTP) to create a pipeline of cybersecurity talent. FNSA collaborates with academic institutions, non-profit agencies, and veteran programs to provide a framework for students to become part of an elite group of cybersecurity professionals.

The FNSA program is designed to develop and train knowledgeable cybersecurity experts to manage new and advanced threats on the horizon.

What is the biggest challenge for a company like Fortinet in doing business in Malaysia?

Digital transformation (DX) is creating major opportunities for organizations in Malaysia. At the same time, more organizations than ever are conducting business online. However, the threat landscape continues to evolve rapidly. It now includes increasingly sophisticated, zero-day malware that traditional security approaches can no longer keep pace with. Multi-cloud deployments and the Internet-of-Things (IoT) have also expanded the attack surface, which has led IT teams to implement disparate and often isolated point solutions that often do not integrate with existing network or security infrastructures.

The challenge for Fortinet is to educate organizations that staying ahead of today’s accelerated cybercrime trends requires adding artificial intelligence (AI) to an organization’s network security strategy.

As an early adopter of AI, Fortinet began developing a self-evolving threat detection system over six years ago. This system leverages a custom-designed artificial neural network (ANN) comprised of billions of nodes, and we have been meticulously training it with new threat data every day since, giving us a significant competitive threat intelligence advantage over every other vendor in the security marketplace.

AI is part of the Fortinet Security Fabric, the first framework to provide a complete architectural approach to security. It allows organizations to connect distributed security solutions into a unified framework so they can dynamically adapt to your evolving IT Infrastructure and defend its rapidly changing and increasingly distributed attack surface.

In addition, its open standards design allows you to integrate software and solutions from a variety of vendors to enable seamless protection and actionable threat intelligence across all points in your network, from IoT to the cloud.

Fortinet has brought together over 40 Fabric-Ready Program Partners to deliver pre-integrated, end-to-end offerings ready for deployment, reducing the technical support burden, security management challenges and costs for enterprise customers.

If everything is working together, network hacking becomes much more difficult to do.

Malaysia is moving towards the digital economy. How prepared is Malaysia to face this new economy, especially in terms of cybersecurity?

The Malaysian government has declared its intention to accelerate adoption of technology and e-services to boost efficiency & transparency. For this reason, cybersecurity will remain high on its national security agenda. The government will also introduce a national cybersecurity policy in the first quarter of 2019. The policy will be implemented in hopes to overcome global and local cyber-attacks in Malaysia, including protecting netizens’ personal information.

As technology becomes central in driving digital transformation and business processes, it also makes the current enterprise IT environment more complex to secure and control. Some of the key factors include:

Multiple networks, physical and virtual: Businesses are now relying on multiple networks for communication, including public/ private, wireless and 4G/5G networks. Adoption of virtualization, SDN and the public cloud is accelerating.

Off-network resource management: Applications and data are now accessed from a variety of locations including remote offices, branches, on the road or from the cloud. Mobility: Users access corporate resources from inside and outside the corporate network with an ever-growing range of corporate and personal devices (BYOD).

Ever increasing bandwidth requirements: To keep up with business evolution and the data explosion driven by digital transformation, organizations must enable and protect higher data volumes and Ethernet speeds.

Advanced threats penetrating businesses: The increase and sophistication of cyber-attacks don’t stop, exposing organizations to thousands of new malware variants found every day and new advanced targeted attacks.

Lack of internal network security: Even as the sophistication of cyber-attacks increase, and mobility and cloud get adopted by enterprises, many firms’ internal networks remain flat and open with no or basic security controls. Organizations’ traditional focus on perimeter security facilitates the propagation of threats within their internal networks, increasing the damage to the business.

What are some of the challenges facing cybersecurity industry in the coming years?

We foresee four big challenges facing today’s organisations: complexity, borderless networks, speed in decision-making and talent shortage

Complexity: As networks adopt new technologies and solutions, such as cloud and IoT, they are becoming increasingly complex. Deploying additional, isolated security solutions actually compounds the problem and increases the costs of deployment, management, and orchestration.

Networks are borderless: Traditional security strategies designed to protect the edges of the network become less effective when the perimeter is constantly changing, resources are highly distributed, and data moves dynamically from IoT and remote devices across a network of physical, private, and public cloud environments.

Speed and responsiveness: To remain competitive, networks need to deal with the twin challenges of exponentially increasing data volumes and the speed at which decisions need to be made. Security cannot afford to get in the way of business demands.

Security skills shortage: A global shortage of cybersecurity talent combined with regulatory pressures continue to add to the complexity facing organizations. The number of available security professionals in the market cannot keep up with demand.