We are creating some awesome events for you. Kindly bear with us.

EXCLUSIVE – Malaysian government agencies increasingly vigilant against cyber threats

EXCLUSIVE - Malaysian government agencies increasingly vigilant against cyber threats

The OpenGov Breakfast Dialogue on ‘Winning the war against surging perils – Cybersecurity in the public sector’ saw representatives from a range of government, education and healthcare organisations have an open discussion on their preparedness for dealing with cyber threats.

Mohit Sagar, editor-in-chief of OpenGov started the conversation talking about the many different types of risk, emanating from insider threats, ransomware, web and email and shift to the cloud. He highlighted the currently dismal dwell time (The time from infection to remediation) of over 200 days for cyber threats in organisations. 

OGBD_Malaysia_Sept22nd

Alvin Rodrigues, Chief Security Strategist (APAC), Fortinet spoke about the importance of real-time monitoring for identifying baseline and detecting anomalies in the network and how few organisations have it. Vulnerabilities can be found and exploited in the areas of people, processes and technology. Cyber security and physical security work hand-in-hand. Credentials can be used to infiltrate into network environment. Even lower level credentials can be used by attackers as a stepping stone for gaining entry into the system and breaking into higher level networks.  

Mr. Rodrigues further talked about the rapidly transforming environment resulting in a borderless world for technology and along with it, cybersecurity. Today’s standard approaches such as those focusing on compliance and point solutions need to evolve. The need of the hour is seamless integration, and critical actionable intelligence.

OGBD_Malaysia_Sept_22

Guest speaker from Singapore, Dr. John Kan, Chief Information Officer (CIO), Information Technology Shared Services at A*STAR, shared his agency’s security-in-depth framework, encompassing governance, policy, compliance, process and technology for dealing with wide range of cyber attacks, ranging from Distributed Denial of Service attempts to brute force user authentication and spywares. Dr. Kan also spoke about implementing a BYOD policy with robust cybersecurity measures.

Before starting polling Mr. Sagar highlighted the fallacy of thinking that ‘we are not going to be attacked’. It is a result of the normalcy bias, which causes people to underestimate the possibility of a disaster and its possible ramifications.

Dialogue questions and discussion

Around 42% of organisations present stated that cybersecurity is handled in house at their agency or organisation, while for 47% it was a mix of in-house and outsourced teams and resources. Here, outsourcing included other government agencies and not just commercial vendors.

Marsineh Binti Jarmin, Head of Cluster for Technological Innovation Cluster Management  (i-IMATEC), National Institute of Public Administration (INTAN) stated that their decision to rely on a mix was driven by costs, internal capabilities and nature of activities.

Around 16% of delegates responded that they felt their current cybersecurity setup was sufficient to protect against cyber-attacks. Delegates who said ‘Yes’, explained that they had implemented whatever systems they could and they needed to have trust in it. They would continue to test the systems to check their resilience. However, 42% of respondents picked ‘maybe’, because of the uncertainty caused by rapidly transforming technology and unpredictable user behaviour. However, the same unpredictability and the role played by chance, for instance through accidents or natural disasters, also got in a vote for the outlier of ‘hope for the best’.

Syed Norris Hikmi Bin Syed Abdullah, Deputy Director of Infrastructure and Operations (CICT), Universiti Teknologi Malaysia highlighted the importance of culture. From culture the talk veered to problems with implementing BYOD security measures. Giving up control over your device so that your organisation’s IT team can scan it, possibly look at browsing history and private information could be a privacy concern for some employees. Employees might also get frustrated with things like keying in long, complicated passwords or changing passwords frequently, looking at these an unnecessary inconvenience. The challenges are even more severe for non-IT staff.

When asked if cybersecurity was a concern at their ministerial or board room level, an overwhelming 75% replied positively. The consequences of this were visible in the answers to the next question if delegates’ agencies have internal cyber security awareness programs. Over 70% responded that they had awareness programs in place. A similar percentage said that they have an incident reporting and management program.

This question sparked off a fascinating discussion on achieving balance between having strong security measures and maintaining productivity, user-friendliness and costs. The importance of educating employees, imprinting the importance of security in their minds through persistent efforts was highlighted.

There could be two different approaches to modify user behaviour. One is a more indirect, gentler approach where staff are exposed to information repeatedly through awareness campaigns, notified when they make an error. The alternative would be a carrot and stick or penalties and incentives path. The pros and cons of both approaches were debated vigorously.

An interesting example came up of how absence of resources required for productivity might lead to security issues. For instance, if the organisation does not have a secure file-sharing system, employees might use personal drives, exponentially increasing the risk of exposure to malware. Here the objective is to improve productivity but it ends up undermining security.

Regarding training, it was mentioned that at times, cybersecurity training might be entry level officials might be weak. Such holes would need to be plugged because security is only as strong as the weakest link in the chain or the fabric.

OGBD_Malaysia_22nd sept_3

Rabiah Bte Ahmad, Deputy Director, Centre of Research Innovation and Management, Professor at IT Faculty, Universiti Teknikal Malaysia Melaka brought up the difficulties in categorizing and classifying information and data and putting in authentication protocols for access and dissemination of information.

Executives expressed concerns over budgetary constraints. However, it also appeared that sincere and structured attempts were being made to do the best with available resources.

A set of questions regarding the ability to detect threat, respond to it and recover subsequently presented a picture of vigilant government agencies in Malaysia. More than 80% of delegates replied that they had confidence in their capacity to detect a cyber threat, could respond within 12 hours after detection and recover within 7 days of an attack. Several agencies have set up 24/7 operation centres for dealing with cyber attacks.

There was a consensus that attacks are unavoidable in the present day environment. In the event of a cyberattack, it is essential to have identified the core assets in advance and functions you need to protect to ensure that your business is not run into the ground. The key learning was to have people, processes and technology in place to protect the ‘crown jewels’ and in the event of an attack to have the ability to respond and recover afterwards.

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

CTC Global Singapore, a premier end-to-end IT solutions provider, is a fully owned subsidiary of ITOCHU Techno-Solutions Corporation (CTC) and ITOCHU Corporation.

Since 1972, CTC has established itself as one of the country’s top IT solutions providers. With 50 years of experience, headed by an experienced management team and staffed by over 200 qualified IT professionals, we support organizations with integrated IT solutions expertise in Autonomous IT, Cyber Security, Digital Transformation, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Well-known for our strengths in system integration and consultation, CTC Global proves to be the preferred IT outsourcing destination for organizations all over Singapore today.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.

Send this to a friend