Malaysia needs to rethink cybersecurity, address skills gap for a post-pandemic world

Malaysia needs to rethink cybersecurity, address skills gap for a post-pandemic world.(Photo by Mohd RASFAN / AFP)

Malaysia needs to rethink cybersecurity, address skills gap for a post-pandemic world

  • In the first part of our interview with Cybersecurity Malaysia and Menlo Security, we discussed the current state of cyber threats in Malaysia and what the government is doing about it.
  • In this second part, Cybersecurity Malaysia and Menlo shared what should organizations do to face threats that are growing to be more and more sophisticated.

At this point, most of us are aware that the pandemic has created a new set of opportunities for cybercriminals around the world. While digital security has been crucial for as long as people have used the internet, the pandemic has affected how people do so, and that has brought new focus to the issue. Even when it comes to Malaysia, Covid-19 brought along new security challenges, highlighting where old strategies fall short.

In this part two joint conversation with Cybersecurity Malaysia (CSM) CEO Dr Amiruddin Abdul Wahab and Menlo Secruity’s regional director for Southeast Asia CK Mah, we discussed how as cyber threats continue to grow in sophistication, organizations face a persistent challenge in recruiting skilled cybersecurity professionals capable of protecting their systems against the threat of malicious actors.

Where do you think Malaysians stand in terms of their readiness in facing cyber threats? 

CK: At the end of the day, it boils down to the individual. We can have a good strategy, but if we can’t execute well then what good is it? For starters, when it comes to security, we must get it right every time, whereas attackers only need to get it right one time. The problem is that most companies, SMEs or even individuals tend to risk the situation by having a more reactive action, instead of proactive.

The good news is that more organizations are adapting a zero trust strategy, which means trust no one. For individuals though, some of the cyber hygiene that can be considered are simple things like an ad blocker, looking out for URL or email with special characters or numbers that are suspicious, keeping the software on your PC or laptop up to date and many other preventative methods. So these are certainly things that our individual can do but at the end of the day, it all boils down to execution by individuals or companies.

Do you reckon that SMEs in our country are well prepared in terms of cyber attacks?

CK: Truthfully, SMEs are as exposed as any other larger corporation but for obvious reasons (financials), they are not the target as much. Bad actors are inclined towards larger corporations because they are more beneficial financially.

Amiruddin: Well, the priorities of SMEs are usually different from the bigger companies. Considering their survival is primary, cybersecurity may not be an important segment. As a result, they end up lagging security-wise. They need to understand and be prepared to deal with the increasingly sophisticated cyber threats out there. 

The government, through Cybersecurity Malaysia, are in fact working to help SMEs through a program called the Cyber Health Check where we encourage SMEs to adopt best practices when it comes to cybersecurity and we even provide them with training. It is a continuous program that even countries like Russia are doing the same. Through this, we work with various SMEs, including associations like SME Corp. This way, the entire SME industry is equipped and ready.

What sort of challenges are there in terms of helping organizations to improve their security posture? 

Amiruddin: For CSM, there are three challenges, first being awareness. I do feel the awareness among our people needs to be strengthened — and that is a continuous journey. It is important, so they don’t fall into a modus operandi by all cyber criminals. This would require training to ensure even the practitioners are competent enough to protect their organization and system. 

Second challenge is the issue of risk and compliance. What all organizations require, be it public or private, is best practices in place when it comes to cyber hygiene and in dealing with cyber related issues. Cybersecurity shouldn’t just be an IT department matter, it has to be seen as a business concern, whereby the board and the management both have to take responsibility and play their respective roles. 

Third, is technology — and keeping up with it. Since it is evolving every moment, sometimes it gets difficult to keep up with its fast-paced changes. But at the same time, cyber threats are getting more sophisticated, so with that, strategies need to evolve. Because, there is no such thing as free from cyber threats — cyber attacks are inevitable. The importance is how we bounce back and ensure continuity in business. So these are three challenges that need to be overcome.

When it comes to talent, do we have enough? 

CK: The demand for talent will always be there. You can see in almost every country, including Malaysia, especially since the pandemic. as a result of COVID-19. I think the demand will go on  for a period of time, and even the need for more talents. We have to ensure education is in place to ensure the continuity of talents, especially locally.

Amiruddin: There are two ways to mitigate the shortage of talent. For Cybersecurity Malaysia, for example, we keep training new people, while strengthening the current workforce and the same should be applied in both the private and public sector. They should invest in people because the risk of being attacked is far larger.