PIKOM Cybersecurity Chapter was launched in October 2017 in the wake of unprecedented cyber attacks around the world.
The years 2016 and 2017 were notable for the many headline grabbing cyber security breaches such as the hacking of Yahoo’s nearly 3 billion accounts, the Democratic National Convention and the US Department of Justice. Hackers also stole the data of 57 million Uber users and the company had to pay the hackers US$100, 00 to cover up the story and to prevent the hackers from leaking the data to others.
“Cyber attacks nearly doubled in these two years, making 2017 the worst year ever for cyber attacks and data breaches,” says Alex Liew, the Chair for the Cybersecurity Chapter. “PIKOM felt that cyber security is an important subject that needs to be addressed. Therefore, the Cybersecurity Chapter was formed and launched in Oct 2017.”
The committee members of this Chapter are from various areas of cyber security with a good mix from technology vendors, distribution, consulting, systems integration, cybersecurity services, Telco and managed security services. “Our advisors are from Cybersecurity Malaysia, MDEC and advisors from PIKOM,” adds Liew.
Although this Chapter is not yet a year-old, it already has a few programmes up and running. One of them is the collaboration with PIKOM CIO Chapter on Malaysia Threat Intelligence Exchange (MATRIX) platform, says Liew. “MATRIX is a multi industry collaborative security intelligence platform. Our collaboration partners are ISC2 and ISACA. The Chapter is also working on content to launch the Directors-Cyber Awareness Program (D-CAP). D-CAP is a cyber awareness programme targeting board of directors with the objective to instil more awareness to them.”
When advanced countries like the United States fall prey to cyber criminals and hackers, how does Malaysia fare when it comes to cybersecurity? Malaysia fares quite well actually, says Liew. “Malaysia is ranked third among 193 countries in terms of its commitment to cybersecurity, according to the Global Cybersecurity Index (GCI) 2017 behind Singapore and United States. One of the excellent commitments towards ensuring safe cyberspace was Malaysia’s creation of Information Security Certification Body (ISCB). So, the Malaysian Government is aware of the importance of cybersecurity.”
The Malaysian Government has taken steps to protect itself from cybersecurity breach and to combat hacker and other cybercriminals.
It has created the National Cyber Security Policy (NCSP) and has established Cyber Security Malaysia to implement NCSP. The NCSP has several objectives such as:
- To address the risk to Critical National Information Infrastructure (CNII)
- To ensure that the CNII is protected to a level that commensurate with the risks to it
- To develop a comprehensive programme and a series of frameworks to in the event of a cyber attack.
The CNII sectors and eight key NCSP Thrusts have also been identified.
The bigger question is not whether Malaysia is aware of cybersecurity, but whether ordinary Malaysians are taking the appropriate steps to address the importance of cybersecurity, says Liew. “Many companies are investing in cybersecurity technologies.
However, it is not just about technology. It is also people and processes. Many companies have a lackadaisical attitude when it comes to cybersecurity. They think they have done enough by investing in cybersecurity technologies, but cybersecurity is also about people and processes. Many of the chance configurations and patch on technology invested were not updated, therefore making them vulnerable to attack.” A cyber attack in the country can be very costly. Liew points out that a recent Microsoft and Frost & Sullivan study revealed that if Malaysia is hit by a major cyber attack, the economic loss would amount to a staggering USD 12.2 billion!
“Recent cyber attacks are highly motivated by financial gains through data leakage. Data leakage can be caused from internal or external breaches. In most cases, people are the weakest link. Lots of personal information is being shared over social media. Cyber criminals use social engineering techniques to gain this information and use them to commit offences such as fraud and impersonation. Cyber criminals are also coming in from the back door where passwords management and identity management are weak. In today’s world, password should not be taken lightly. Unfortunately, this is not the case with many people. Some have never changed their passwords even after 10 years!
In some companies, the IT administration is not very efficient. So, when an employee leaves an organisation, his or her email access is not cut off immediately. They still have access to sensitive company information. These are a few examples of loopholes that need to be fixed,” says Liew.
Liew emphasized that to be effective in protecting a company from cyber attacks, three things need to be in place: people, process and technology. “Today, there are many best practices that we can obtain, great technologies that we can subscribe to. However, it is people, who are the most important element in battling cyber attacks. And it is this, unfortunately, that Malaysia lacks. We do not have enough talent in cybersecurity.”
In order to rectify this shortage of talent, the Chapter has been actively speaking to academic institutions about the shortage of cyber talents and encourages them to offer cyber security courses. “We are also very active in advisory roles in some academic institutions for creation of cybersecurity courses and syllabus structure,” adds Liew.
The Chapter, under the aegis of PIKOM, is working with the Malaysian Government to strengthen the cyber framework of the nation. “We are on the board of advisors and a panel of various information security initiatives set up by the Government. Our key objective is to share the voice of cybersecurity from the industry standpoint.”
Tips To Strengthen The Security Of Private Devices
In this age of hackers and cyber criminals, even our personal devices such as laptops and smart phones are not safe from being hacked. Here are a few tips from Liew on how to secure our private devices:
- Do not share too much personal information over social media or publicly.
- Beware of suspicious emails, web links and phone calls
- Make sure software and apps are regularly updated. Use only original software and not pirated.
- Do a background check on an application that is downloaded to your device to make sure that the app is not a vulnerable app to viruses, etc.
- Practice good password management.
- Install anti-virus and do updates often.
- Use public Wi-Fi wisely. Do not perform sensitive transactions like banking, credit card payment, etc on public Wi-Fi as it can be easily hacked by a third party.