KUALA LUMPUR, June 27— Like the rest of the world, Malaysians have become more dependent on the Internet and digital technology.
We spend a lot of time online and this puts us at risk of being attacked by cybercriminals.
Cyber threats have become much more sophisticated over the years and pose serious risks to individuals, businesses, and national security.
According to Trend Micro Incorporated, most organizations in Malaysia believe they will come under attack in the next 12 months as the cyber security landscape becomes more challenging due to increasing sophistication and advances in information technology and communications. communications (ICT).
So the question boils down to this: How prepared is Malaysia to deal with incoming cyber threats?
malay mail spoke to CyberSecurity Malaysia (CSM) CEO Datuk Amirudin Abdul Wahab to learn more.
According to Amirudin, there is no such thing as being 100% safe from cyber threats due to the changing nature of the Internet.
He said that no matter how strong a country or organization is in terms of cyber security, it is only a matter of time before it is attacked.
The most important thing is to prepare for any attack.
“It is best to assume that the criminal will eventually break through the organization’s cyber defenses. The most important action for an organization is to design strategies and implement cyber security to lessen the impact due to cyber attacks.
“It is essential to know how to act and recover or rebound once attacked. There is still a lot (room for) improvement by many organizations in Malaysia,” he said.
According to the Cyber Incident Clearinghouse (Cyber999), common threats are fraud, cyber bullying, intrusion, malicious code, and related content.
In May 2022, the Malaysian Computer Emergency Response Team (MyCERT) under CSM reported 3057 cyber incidents.
Amirudin said ensuring a secure, resilient and trustworthy cyber environment is necessary to sustain progress and prosperity, adding that a more innovative, proactive and adaptive security approach is required to address such situations.
“In addition, our approach also has to be adaptive, dynamic and innovative, encompassing people, processes and technologies.
We also need to strengthen the Public-Private-Academic Partnership and national, bilateral, regional and international collaboration.
“Malaysia should also move towards cyber resilience as the threat of a global cyber security breach continues to pose a significant risk,” he said. malay mail.
What about the recent personal data leaks Malaysia faced?
According to Amirudin, Malaysia has launched and carried out various initiatives and national strategic plans, collaborating with other nations, reviewing policies and holding vigorous discussions to determine the best approach to address these problems.
He said that Malaysia currently ranks fifth globally in the 2020 ITU Global Cyber Security Index (GCI) report, with the highest commitment to cyber security.
However, he said the government and organizations need to ensure their digital infrastructure is updated with a good security environment, review their standards and best practices, and have staff with awareness and knowledge of the latest security trends and technology.
For this purpose, continuous auditing and monitoring is needed.
“The rise and breadth of attacks by cybercriminals can no longer be defended with a direct cybersecurity approach.
“Malaysia needs to become more cyber-resilient and various strategic approaches need to be taken, such as defense in depth encompassing the people, process and technology aspects of cybersecurity.
“Due to the widespread use of the Internet of Things (IoT), various devices have the potential to become a risk to individuals and organizations. Organizations need to know their system and make sure there are no risks coming from external and internal parties,” he said.
Among other things, he said Malaysia can adopt a “zero trust” or “trust but verify” approach, which operates on continuous verification of all resources, limits the scope of credentials, and automates context collection and response, making Constant data backups, secure remote control. working, implement an encryption method to ensure data is secure and have a comprehensive response plan for any attack.
Does Malaysia have a large enough cybersecurity team to handle all threats?
The quick answer is no.
According to Amirudin, Malaysia has registered a need for 20,000 professionals in the cybersecurity workforce by 2025.
Amirudin said that the supply of cybersecurity talent generated by local universities is insufficient for the long-term needs of the industry, and that there is a gap between the quality of the students and the requirements or expectations of the industry, since the Students are educated primarily through theory and not so much through practical experience.
“The development of trained cybersecurity professionals cannot be created overnight. It will take time for the right people to enter this profession. Addressing the human capital gap requires a combination of strategic public-private collaboration and multi-party incentives, such as job-guaranteed scholarships, mentorships, and internships.
“We need to create a knowledge generation capable of defending against ever-evolving cybersecurity threats. Last but not least, we need to produce truly skilled, high-value digital citizens of the future who will keep our cyberspace safe as we move toward a new digital economic order,” he said.
So what can CSM do to address this?
Amirudin said CSM can train, retrain and certify people through CyberGuru and the Global ACE Scheme.
“CyberGuru has been designed in-house by the technical experts in the industry. In addition to our content development, we also partner with other security platforms like SANS, (ISC)2 and others to provide comprehensive training.
“(The) Global ACE Scheme was established to validate and certify cybersecurity personnel as a world-class competent cybersecurity workforce and promote the development of cybersecurity professionals within the region.”
Amirudin said the scheme uses a holistic framework of professional cybersecurity education that outlines the general approach, identification and classification of cybersecurity domains, impartiality of examinations, competencies of trainers, and the need for membership for the Permanent learning.
“The collective benefit that arises from such educational and consulting exercises is proof of their improved cybersecurity posture within the country and to external actors,” he said.
Certifications provided include Certified Penetration Testers, MyCC Assessors, Secure Application Professionals, First Responder Digital Forensics, Information Security Awareness Managers, and Information Security Management Systems Auditors.