WHAT IS ABOUT CYBERSECUTIRY RISK :
A GROWING ESG ISSUE ?
BUSINESSES MUST IMPLEMENT ADAPTIVE, HOLISTIC CYBERSECURITY AND CYBER RESILIENCE STRATEGIES
The ubiquity of technology today, alongside rapid development, has led to an unprecedented rise in the adoption of devices and digital technology among businesses worldwide.
That said, the heightened reliance on technology comes at a cost that is often unseen.
The number of Internet of Things (IoT) devices an organisation employs - as well as the adoption of cloud, data analytics, artificial intelligence and machine learning - also translates into a corresponding expansion in the potential attack surface.
Growing in tandem is the concern that the usage of such devices generates an enormous amount of data, personal or otherwise, which is increasingly being hosted online these days - much to the delight of cybercriminals.
Simply put, cybersecurity is paramount as going digital has trade-offs in terms of new cyber threats and risks.
These include hacking, phishing, malware, ransomware and distributed denial of service (DDoS) attacks, among others.
RISE OF NEW THREATS
The impacts include downtime, financial or data loss, brand degradation and reduced physical safety, according to Fortinet's global 2022 State of Operational Technology (OT) and Cybersecurity Report.
The report revealed that security instrusions significantly impact organisations' productivity and their bottom line, with 97 % of global organisations considering OT a moderate or significant factor in their overall security risk.
Moreover, 100 % of all Malaysian OT organisation surveyed eperienced at least one intrusion in the past 12 months.
Nearly 59 % of local organisations suffered an operation outage that affected productivity, with 90 % of instrusions requiring hours or longer to restore service.
A total of 4,693 incidents have been reported from January to July this year; while in 2021, more than 10,000 cyber incidents were reported to Cyber999, the cybersecurity incident response centre operated by the Malaysia Computer Emergency Response Team (MyCert).
MyCert is a unit within CyberSecurity Malysia, the national cyber security specialist centre.
Of the number reported, around 70 % are fraud-related, which CyberSecurity Malaysia chief executive officer Datuk Dr Amirudin Abdul Wahab said has been a consistent trend in the last five to eight years.
The other two top threats reported include intrusion attempts and malicious codes such as ransomware or malware.
KPMG Malaysia executive director and partner, for technology, risk and cybersecurity, Ubaid Mustafa Qadiri, said, " Cyber crime is changing as criminals avail themselves to new technology, which means our approach to cybersecurity must evolve as well.
" Whether it's advanced persistent threats, ransomware, backdoor attacks or something we've yet to see, there will likely always be new perils with which to contend.
" We have found that a lack of preparation and being overly reactionary can be as detrimental as the actual cyber incident.
" That's why it's so important to have a plan, test your responses according to different scenarios and understand the depth and breadth of potential cyber incidents to your business."
Fortinet Malaysia country manager Dickson Woo concurred, as Fortinet's assessment of Malaysia's threat landscape reveals that malicious actors are continuously adapting their tactics to exploit current global developments and target local organisations.
" This hampers organisations' ability to detect and prevent threats, given the complexity of these unknown threats.
" At the same time, this is aggravated by a lack of integration and complexity of security architectures, which results in fragmentation and makes implementing cybersecurity that much more difficult," he said.
CYBERSECURITY OF CYBER RESILIENCE ?
It's clear that the evolving threat landscape requires a proactive approach utilising adaptive and holistic cybersecurity and cyber resilience strategies that relate to people, process and technology.
Broadly speaking, cybersecurity points to the application of methods and processes of protecting electronic data, whereas cyber resilience refers to a company's ability to mitigate and swiftly recover from the impact of cyber attacks that disrupt regular business operations.
CyberSecurity Malaysia's Amirudin explained, " It's important for us to have the ability to recover and rebound to move forward, meaning that even if things go wrong, it doesn't affect our operations. This is called what we call digital or cyber resilience."
Malaysia has been looking into cybersecurity for several decades, as evidenced by the 1997 launch of CyberSecurity Malaysia.
More recently, the Government has launched the Malaysia Cyber Security Strategy 2020 - 2024, whereas the corporate sector - especially the most targeted, the financial sector - has also adopted Bank Negara Malaysia's Risk Management in Technology (RMiT) policy.
" Malaysia fares quite well against its peers in the region, but no doubt there are a lot of areas for improvement.
" While the financial sector is making progress due to its commitment to the RMiT, there are other critical national information infrastructure sectors that are still a bit lacking, such as transportation and energy.
" There is a need to fill the gap in various areas, so we can really be prepared in times of crises," he said.
Other areas of improvement include detection and predictive capabilities.
Fortinet Malaysia's Woo added, " Organisations are finding it hard to prioritise security when trying to undergo digital innovation strategies and digital transformation, such as the adoption of cloud and enabling remote working arrangements though online collaboration tools.
He added that the answer lies in ensuring that every network decision places security at the forcefront and ensures unity of action between network and security teams.
AN ESG IMPERATIVE
At its core, cybersecurity is a sustainability issue, he said, as cyber threats present actual societal impacts that can be catastrophic, both for businesses and communities.
Menlo Security Southeast Asia regional director CK Mah, on the other hand, highlighted execution as one of the key challenges to improving any security landscape.
Organisations, he emphasised, cannot just have good strategies, but must also proactively work on deployment and implementation.
This is because, among other reasons, investors are increasingly looking into an organisation's cybersecurity and cyber resilience as a measure of ESG risk, particularly when it relates to business continuity.
" ESG and sustainability are critical in today's world, with cyber threats being among the most financially-focused risks that organisations face today.
" Failure to implement good governance or cybersecurity will mean that companies are less resilient or sustainable," he stated.
Organisations have the responsibility to ensure that cybersecurity, which helps protect intangible assets, is central as part of their ESG strategies, with the keywords being governance and education.
" Governance - such as the structure, framework and policies - is very important, because survival for any commercial entity often depends on investors.
" Sometimes, the lack of public disclosure does make it difficult for them to continuously improve cybersecurity and cyber resilience," he said, adding that organisations must ensure good cyber hygiene among employees.
Fortinet Malaysia's Woo further said, " Organisations should also ensure that their people are aware of best practices to ensure that cybersecurity is a collective, organisation-wide effort.
" In many cases, employees are an organisation's first line of defence. Enhancing employees' understanding through continual improvement is a strategic imperative for the organisation of today."
Meanwhile, Dr Amirudin underscored the need for organisations to understand that cyber threats are also business risks.
" Cybersecurity shouldn't be an afterthought.
" It must be seen as an investment by any organisation, which is embedded in the business plan.
" It goes beyond technical issues, which is how cybersecurity and cyber resilience relate to ESG.
" People play a central part as the weakest link, so education is the best way to move forward in managing this issue, " he concluded.
>>>READ MORE ARTICLE HERE<<<