The session featured a research presentation by Keith Detros, Programme Lead at Tech for Good Institute. He introduced a conceptual framework on cyber resilience, offered a landscape overview of cyber resilience in the region, and discussed actionable recommendations for academics, policymakers and businesses to consider. The session also included insights from government, the private sector and civil society representatives. The dialogue ended with a panel discussion, with a focus on improving cyber resilience in Malaysia.
Left to Right: Regina Ng, Partnership Lead, Tech for Good Institute; Farlina Said, Senior Analyst, ISIS;Shariffah Rashidah Syed Othman, Senior Principal Assistant Director, Chief Executive’s Office, National Cyber Security Agency; Keith Detros, Programme Lead, Tech for Good Institute; Harris Zainul, Deputy director (research), ISIS Malaysia; Maryam Lee, Strategic Programme Manager, The IO Foundation; Dr Rachel Gong, Deputy Director of Research, Khazanah Research Institute (KRI) and Jay Sharma, Director of partnerships & development, The IO Foundation
by Farlina Said, Senior Analyst, ISIS
While the rapid adoption of digital technologies has enabled new opportunities in the digital economy, it has also seen corresponding growth in risks and challenges. For Malaysia, in particular, web threats increased during the pandemic as more people went online. Cybersecurity solutions company Fortinet stated that in the fourth quarter of 2022, Malaysia experienced an average of 84 million attacks every day. In another report, Palo Alto Networks saw an increase in ransomware and extortion cases last year. The economic consequences of such cyber attacks were evident as Malaysians have lost an estimated USD 130 million last year due to cybercrimes.
With cyber attacks increasing in frequency and severity, it is crucial to have a conversation on how to achieve resilience in the face of a rapidly evolving threat landscape. The Tech for Good Institute’s research on cyber resilience offers a point of discussion for stakeholders to discuss how to increase awareness and improve capability in order to enable a safe and secure digital economy. With a spotlight on Malaysia, the discussion highlighted several recommendations for stakeholders to consider.
- Shariffah Rashidah Syed Othman, Senior Principal Assistant Director, Chief Executive’s Office, National Cyber Security Agency;
- Jay Sharma, Director of partnerships & development, The IO Foundation;
- Dr Rachel Gong, Deputy Director of Research, Khazanah Research Institute (KRI);
- Keith Detros, Programme Lead, Tech for Good Institute; and
- Farlina Said, Senior Analyst, ISIS
1. Elevating the conversation from cybersecurity to resiliency.
As technology advances, there is a need to highlight the importance of adapting to the constantly changing threat environment. By highlighting resilience, organisations will be reminded to continually seek improvements in their capabilities and processes to minimise the potential impacts of the cyber attacks. To enable this, a shift in the mindset is necessary. Resilience is not just a matter of putting up protections and cybersecurity solutions as a one-time investment, but mainly a sustained process that is an integral part of an organisation’s digital journey. In addition, it is also important to highlight governance as a key cog in achieving resiliency. National Institute of Standards and Technology’s (NIST) Cybersecurity Framework is currently being updated to include governance structures as a key pillar. The governance component focuses on developing procedures, coordination and collaboration mechanisms to improve cybersecurity.
2. Cyber resilience is both a technical and a business issue.
As part of elevating the conversation of cyber resilience, securing digital assets and networks should not only be considered as a technical issue, but also a clear business issue for decision makers. Cyber resilience adds value to a brand and builds up the reputation of an organisation. Knowing that their data and transactions are secure, consumers are able to build trust with organisations that observe cyber resilient practices. This has a net positive effect on the business side of the operations. It is also important to recognise that the discussion of cyber resilience should not be solely a responsibility of information technology (IT) teams. Instead, a concerted effort from the entire organisation is needed to help adapt to cyber threats.
3. Malaysia is committed to improving cyber resilience.
Malaysia’s National Cybersecurity Strategy (NCSS) 2020-2024, under directive number 26 of the National Cybersecurity Management, contains commitments towards achieving cyber resilience. For instance, the strategy mentions encouraging certification which ensures the CNII agencies and organisations have the necessary information security protection in place. To address the need for cybersecurity professionals, the strategy also details the plans to develop talent in R&D and foster a local cybersecurity industry through the support of Malaysia Digital Economy Corporation and Cybersecurity Malaysia. In addition, the NCSS also includes expanding crisis planning exercises, which would be similar to current critical sector coordination exercises known as X-MAYA. Finally, Malaysia will also be launching the Cybersecurity Awareness master plan in October 2023 where the plan will look at vulnerable groups such as children and the retired population.
Watch the Event Highlights