Cybersecurity Archives - TM One https://www.tmone.com.my/think-tank/tag/cybersecurity/ Tue, 23 Jan 2024 16:13:50 +0000 en-GB hourly 1 https://www.tmone.com.my/wp-content/uploads/2023/12/TM-One_Logo@2x-square-150x150.png Cybersecurity Archives - TM One https://www.tmone.com.my/think-tank/tag/cybersecurity/ 32 32 Cybersecurity: Is your company doing enough to protect itself from cybercrime? https://www.tmone.com.my/think-tank/is-your-company-protected-from-cybercrime/ Thu, 09 Mar 2023 03:48:40 +0000 http://jetpack.tmone.com.my/?p=8435 According to Technologist Dr. Saiyid Abdallah Syahir Al-Edrus, General Manager for Cybersecurity Services and Product & Innovation at TM One, every organisation has the responsibility […]

The post Cybersecurity: Is your company doing enough to protect itself from cybercrime? appeared first on TM One.

]]>
According to Technologist Dr. Saiyid Abdallah Syahir Al-Edrus, General Manager for Cybersecurity Services and Product & Innovation at TM One, every organisation has the responsibility to ensure that their cybersecurity strategies run in tandem with their business growth.

“Organisations are responsible to protect and safeguard their business and customer data from cybercriminals. They need to have the right tools, processes and above all the right people, a team of cyber-intelligence experts or security analysts, in place at all times.”

BusinessToday spoke to the industry expert who has over 15 years of experience in consulting, network security, endpoint security, cloud security, application & data security, and cybersecurity risk management, and who has leveraged his expertise to help organisations protect their businesses from the increasing challenge of cyber-attacks and threats.

He pointed out that many Malaysian organisations of all sizes and across all industries faced gaps between their perceived capabilities and their actual performance when it came to ensuring their cybersecurity strategies addressed the needs of their business.

“Organisations may believe that they have taken all the necessary steps to protect their data and systems, when they have not. This false sense of security has resulted in major global corporations and regional government agencies falling victim to massive security breaches.”

Dr. Saiyid also noted that organisations tended to become complacent. “Organisations often take for granted that they will not be the target for cyber-attacks, because they feel that they are not managing critical infrastructure and sensitive data. However, attackers will target any organisation that can provide them with a lucrative payoff.”

Lack of resources was a third factor, he added.

“Most organisations may not have the budget to invest in robust cybersecurity measures or the necessary expertise/personnel. Instead they often rely on general IT support. Unfortunately, cybersecurity itself encompasses a very huge spectrum and domain, for which you need specific skills, experience and knowledge.”

“Having an external partner that can provide professional and advisory services will help enterprises navigate and manage their cybersecurity strategy.”

Dr. Saiyid noted that while TM One, the enterprise and government sector arm of Telekom Malaysia Berhad is fully capable of providing a complete outsourced cybersecurity service to its customers, his preferred approach involved a hybrid solution between organisations and their cybersecurity partner.

“Cybersecurity strategies must be based on the organisation’s needs and priorities. My recommendation would be that policies are governed in-house, where the client dictates and determines which security services are needed and cybersecurity framework the organisation should adopt.”

Shifting Resources Purposefully

Responding to an IDC Enterprise Services Sourcing Survey, which stated that over 70% of Malaysian organisations recognised that security is not their core expertise, Dr. Saiyid pointed out that this view stems from understandable reasons - cybersecurity is generally underfunded and under-resourced.

“Businesses are often challenged to find and retain the right talents to manage digitalisation, cybersecurity, and innovation within their organisations. IT departments are now expected to support new revenue streams, on top of managing operational efficiency and reducing cost. Business leaders find it difficult to understand the ROI of IT security, and are more focused on growing their digital revenue – especially in the wake of COVID-19.”

As a result, meeting the need to secure these digital platforms can weigh on businesses’ priorities, requiring them to divert limited budgets and resources from opportunities to risk avoidance, Dr. Saiyid highlighted.

“In large organisations, managing cybersecurity efficiently requires a significant amount of resources and effort. Aside from the need to secure a well-equipped and complex IT environment, setting up a dedicated team means organisations need to invest in the technology and put together the security controls for the entirety of their IT environment. This can prove difficult as there is a marked scarcity of cybersecurity professionals, not only in Malaysia but internationally.”

With these realities, individual organisations should decide whether they want to outsource a certain portion of their cybersecurity responsibility or outsource the whole function.

“For instance, they can choose to retain identity management, which is the heart of IT operations and sits with Active Directory and domain controllers, while the rest, such as perimeter security, firewalls, intrusion prevention systems, or the 24/7 monitoring of the overall environment can be outsourced to the experts, like TM One.”

Service providers such as TM One can also provide organisations with round-the-clock protection, ensuring that their systems are always safe and secure. Furthermore, outsourcing cybersecurity can help organisations free up their internal resources so that they can focus on other areas of business.

TM One’s Professional Services supports organisations to assess their cybersecurity capabilities, and provides consulting and advisory services to help them strengthen their capabilities to respond to potential threats.

Specifically, TM One’s Cyber Defence Centre (CYDEC) is an end-to-end cybersecurity service which includes cybersecurity consulting or professional services to guide organisations carve out the best cybersecurity solutions that fit their needs and budget.

Through continuous support from TM One’s Security Operations Centre (SOC) and CyberAssurance services, organisations can benefit from managed security services to discover and address potential cybersecurity vulnerabilities, leverage solutions that help strengthen the readiness of in-house security teams, test systems to identify exploitable gaps, and monitor their broader business ecosystem to detect attacks or indicators of compromised systems and data more efficiently.

This includes Security Posture Assessment (SPA), Vulnerability Assessment and Penetration Testing (VAPT) services and Digital Attack Simulation either as a one-time engagement or a retainer programme.

Organisations who are interested to learn more about how TM One can help enhance their cybersecurity profile can visit its website at https://www.tmone.com.my/solutions/cybersecurity-services/.

This article was first published in Business Today

The post Cybersecurity: Is your company doing enough to protect itself from cybercrime? appeared first on TM One.

]]>
TM ONE addresses the unmet skills gap in cybersecurity https://www.tmone.com.my/think-tank/addressing-unmet-skills-gap-in-cybersecurity/ Thu, 09 Mar 2023 03:48:22 +0000 http://jetpack.tmone.com.my/?p=8454 Cyberattacks have now become a constant threat for businesses everywhere incurring cost and causing reputational issues, on top of other economic conditions that organisations have […]

The post TM ONE addresses the unmet skills gap in cybersecurity appeared first on TM One.

]]>
Cyberattacks have now become a constant threat for businesses everywhere incurring cost and causing reputational issues, on top of other economic conditions that organisations have to contend with.

Despite the inevitability and increasing frequency of these attacks, most businesses have yet to adequately safeguard their infrastructure and systems, with today’s more sophisticated hackers finding new ways to attack businesses of all sizes.  

International Data Corporation (IDC) has reported that in 2021, Southeast Asian organisations spent a whopping US$3.2 billion on cybersecurity services, software and appliances.

Closer to home, the Malaysia Cyber Security Strategy 2020-2024 report states that the country may face economic losses of up to RM51 billion due to cyber threats. A study in VMware’s “The State of Incident Response 2021” report also found that 49% of organisations lack the expertise and tools for adequate incident response.

According toTs. Dr. Saiyid Abdallah Syahir Al-Edrus, General Manager, Cybersecurity Services, TM One, “A proactive strategy is when businesses wholly employ a good cybersecurity framework including leveraging new technologies and trends to keep their systems secure. Utilising artificial intelligence (AI) in cybersecurity and automation to bring benefits to their overall operations.”


AI has revolutionised the world by leaps and bounds, with AI in cybersecurity making it much faster to trace potential attacks, reduce the delay in response time and ultimately save man hours. Technology enables cybersecurity solution providers and analysts to analyse similar attack patterns and provide the necessary responses if there is a behaviour change. 

Emerging cybersecurity technology will now help to facilitate organisations become more proactive. This includes the utilisation of security information and event management through technologies such as Extended Detection and Response (XDR), Security Orchestration, Automation and Response (SOAR) and Next Gen Security Operations Centre (SOC).

This ensures that enterprises and the government sector are able to implement and maintain a proactive cybersecurity strategy, leveraging the skills and capabilities of dedicated specialised talents and reducing the impact to their own over-stretched IT teams.

TM One works closely with its customers by thoroughly assessing their security posture, technology maturity and business needs through its consulting and other value-added services. The firm has positioned itself apart from its competitors through Managed Security Services (MSS) as its core solution offering. 

TM One also recently received the prestigious Frost & Sullivan Best Practices 2022 Cybersecurity Company of the Year award. 

Their credibility is seen in the development of its products and solutions offered for the cybersecurity scene. According to TM One, most Malaysian organisations lack in-house security expertise, professionals and tools. This leads to them importing or outsourcing their security operations to ensure the security posture of business infrastructure and manage their cyber risks.

To address this issue, TM One provides a wide spectrum of cybersecurity solutions, helping organisations improve their security posture and business infrastructure as well as better manage their cyber risks via TM One’s Cyber Defense Centre (CYDEC).  

CYDEC’s extensive and comprehensive cybersecurity portfolio includes MSS, encompassing managed unified threat management, managed SOC, managed detection and response, cyber threat intelligence, managed anti-DDoS, managed web application firewall, vulnerability management, capture-the-flag service, cyber deception service, digital risk protection and many more. 

TM One’s cybersecurity consulting services also include, and are not limited to, security assessment and posture, vulnerability assessment and penetration testing, cybersecurity design and implementation, compromised assessment and digital attack simulation.

Fuelled by TM’s SOC and centralised cybersecurity platform, TM One’s CYDEC incorporates advanced technologies like predictive analytics and machine learning to help customers address evolving cyberattacks on-premises and on the cloud. As an added advantage, this extensive cybersecurity portfolio allows TM One to curate and customise solutions based on customers' needs across various business sizes. 

TM One has continuously proven that the right solution alongside robust technology will augment organisations in safeguarding systems, especially within the current complexities of today’s digital landscape. Prioritising cybersecurity skills as one of the most important areas to be addressed, TM One is committed to addressing the industry’s current challenges and support businesses navigate the digital space with greater confidence. 

To find out how TM One can help you achieve world class cybersecurity, visit Cybersecurity Services and Solutions — TM One CYDEC

This article was first published in CEO Morning Brief - The Edge Markets

The post TM ONE addresses the unmet skills gap in cybersecurity appeared first on TM One.

]]>
Cybersecurity an investment to protect Enterprises & the Government sector https://www.tmone.com.my/think-tank/cybersecurity-an-investment-to-protect-enterprises-the-government-sector/ Thu, 09 Mar 2023 03:47:45 +0000 http://jetpack.tmone.com.my/?p=8419 TM One highlights inclusion of machine learning and predictive technology to sift out cyber threats THE push for digitalisation has enabled the Enterprise and Government […]

The post Cybersecurity an investment to protect Enterprises & the Government sector appeared first on TM One.

]]>
TM One highlights inclusion of machine learning and predictive technology to sift out cyber threats

THE push for digitalisation has enabled the Enterprise and Government sectors to expand their reach and improve efficiency. But with more transactions done online, the risk of cybersecurity breaches has also risen.

Every year, millions of new security threats are created, which have cost businesses more than US$1tril in 2020 alone.

These incidents of breach not only expose organisations to data leaks and fraud attacks, they also erode brand value and could potentially damage customer trust, according to Dr Saiyid Abdallah Syahir al-Edrus, General Manager of Cybersecurity Services at TM One.

Unfortunately, awareness on the importance of cybersecurity and the impact of breaches to  organisations remains low.

Cybersecurity threats to organisations have been growing over the years from both external and internal sources and these attacks have also become more sophisticated over time.

“External attacks can happen on your Information Communication Technology infrastructure, Internet of Things (IoT) or operational technology (OT) devices, your cloud environment, remote service attacks, your supply chain infrastructure, or even as part of social engineering whereby your employee is targeted and lured to divulge sensitive information.

“Sometimes, disgruntled employees can also be a threat,” he added.

The importance of investing in well-rounded cybersecurity controls can’t be emphasised more, Saiyid noted.

Implementing a good combination of network and endpoint security controls such as a data leakage prevention system can help mitigate the situation. This includes regularly updating your software, improving detection capabilities, and reviewing your processes to respond to these attacks.

Educating employees in the proper use of IT facilities will also help.

Predictive advantage

As perpetrators become more advanced in their attacks, organisations will have to ensure that their security systems are 10 steps ahead.

One of the elements that TM One sees as increasingly crucial to deploying a robust cybersecurity system is the inclusion of artificial intelligence (AI) or machine learning, which allows enterprises and the government sector to become more accurate when predicting threats.

According to Saiyid, some organisations would typically sift through 50 to 100 security alerts in a day. Having machine learning capabilities or the right predictive tools will enable them to filter through these alerts quicker and identify true security threats more precisely.

“Before the use of machine learning, we needed human intelligence to do all the analysis to identify whether the alerts we get are a true positive or false positive. With machine learning, it helps us sift through hundreds of events and collect the data we need to confirm it as a true positive and to register that a true security incident is happening.

“But that doesn’t mean we should eliminate human intelligence from the process altogether, as we still need human intelligence to validate the outcome churned out by machine learning,” Saiyid explained.

Having predictive tools also helps organisations enhance their Security Operation Centres (SOC) with better mitigation and analytical abilities. This goes a long way in improving their productivity and efficiency when it comes to operations.

Customers, no doubt, have been favourable to integrating AI into their cybersecurity framework. The challenge, said Saiyid, is the availability of funds to invest in the technology.

"At TM One, we provide advisory services when we address the security controls they need to help them improve and defend their infrastructure. Via a consultative approach, we bring them through the journey of maturity. We understand that customers are at different maturity levels, so our approach is customised for each. It’s really about working with the customer and being able to help them find the best solution for their organization."

"You can start small and build as you mature, and understand the value of cybersecurity and how it helps you defend your brand value and critical assets. You may not see your data as critical assets but they are,” he said.

Threading carefully

Notably, as with all forms of technology, there are risks in using AI. Even machine learning tools or AI platforms are susceptible to attacks or compromise.

"It really depends on how robust and secure your infrastructure is," said Saiyid.

"It really depends on how robust and secure your infrastructure is," said Dr. Saiyid Abdallah Syahir al-Edrus, General Manager of Cybersecurity Services at TM One.

If an organisation's security infrastructure is not robust, there may be a possibility of a system manipulation or "data poisoning". As machine learning relies on large data sets for analysis to determine accurate outcomes, organisations need to ensure the integrity and reliability of their data sets to avoid false predictions by the system.

Saiyid also urged enterprises and the government sector to consider multiple layers of check-and-balance cybersecurity mechanisms to ensure a resilient cybersecurity system and reduce over-reliance on AI only.

"Sometimes, the intention of data poisoning is to derail the focus of the system analysis to get the true positive incident or anomaly."

"By diverting attention to somewhere else, the hacker is able to use loopholes to enter your system.”

Ahead of the curve

While machine learning is fairly new in Malaysia, the integration of AI in cybersecurity has advanced and this trend can help organisations in Malaysia.

"We started to develop services that leverage predictive technology as part of threat hunting, and others technologies that combine predictive tools and a bit of automation to respond to repetitive security incidents."

TM One is also deploying cybersecurity with machine learning enabled in the IoT and OT security monitoring space.

To find out how TM One can help you achieve cost effective world class cybersecurity, visit www.tmone.com.my

This article was first published in The Star

The post Cybersecurity an investment to protect Enterprises & the Government sector appeared first on TM One.

]]>
Open APIs, digital banking and hybrid work - how TM One protects its clients from cyber threats https://www.tmone.com.my/think-tank/protects-clients-from-cyber-threats/ Mon, 06 Mar 2023 09:49:42 +0000 http://jetpack.tmone.com.my/?p=8405 The pandemic accelerated digitalisation to levels never before seen, forcing the financial sector to evolve quickly or risk being left behind. In addition to pivoting […]

The post Open APIs, digital banking and hybrid work - how TM One protects its clients from cyber threats appeared first on TM One.

]]>
The pandemic accelerated digitalisation to levels never before seen, forcing the financial sector to evolve quickly or risk being left behind. In addition to pivoting to a remote workforce, financial sector also embraced digital banking and open application programming interfaces (API) in a race to compete with upstart fintechs.

TM One, the enterprise and government sector arm of Telekom Malaysia Berhad (TM), was on hand to help its clients in the financial sector using their Zero Trust Network Access (ZTNA) concept – which TM One calls Secure Access Service Edge, (SASE) or pronounced "sassy", to quickly secure their clients’ business environments while still achieving optimal speed-to-market for their digital banking products.

When the pandemic hit, many major financial institutions had to quickly pivot to enable their people to work remotely, securely. TM One responded with its SASE offerings for two main components: Internet Access and Organisation Assets.

Ts. (Technologist) Dr. Saiyid Syahir Al-Edrus, General Manager of Cybersecurity Services at TM One and his team are overseeing TM One’s efforts in real-time.

Saiyid explains, “Firstly, employees need secure internet access. Typically, when users browse the internet they are exposed to threat vectors. A cybersecurity solution protects employees by connecting all user traffic via a micro tunnel that goes into the SASE enforcement node or cloud proxy. Secondly, we secured employee access while using organisation assets such as SAP, Salesforce, and emails via secure remote access.

“Our cybersecurity solutions deployment is often quicker than other providers, because TM One does not need to deploy devices. All we need to do is push an agent into the customers’ laptops. The agent forwards traffic to the closest edge services, connecting users to the internet, a SaaS application, or an internal application through the appropriate zero trust service.

“This agent is also intelligent enough to determine when a user wants to access any cloud application for instance. So it will route users automatically based on that HTTP request. All IT activities are secured via a secure tunnel, which is encrypted and encapsulated,” he said.

Balancing digital banking growth and security concerns

Financial institutions are now launching a myriad of mobile apps dedicated to stock broking, wealth management, insurance services and other financial services to capture new markets and revenue. Their security practices, need to evolve quickly enough with these new digital offerings. Observed gap is mainly due to the lack of security planning at the development stage, said Saiyid. Too often, security comes as an afterthought, or is the last piece to the product puzzle pre-launch.

TM One is on a mission to educate more clients on the need to involve security right from the beginning of the product development process with DevSecOps.

“DevSecOps oversees security measures and how clients should secure all their applications or any new digital development. From the start of the app development process, DevSecOps will look at multiple security perspectives: What sort of app are we launching? Will it be hosted in the cloud or on premise? And, once released to market, how should the app be secured from being tampered?”

“Typically, you download an app from a marketplace, not the developer's website. However, when an app or a patch is still pending launch from the official source, a malicious attacker can hijack the app by releasing a fraudulent version first. Anyone visiting the app marketplace will mistake the fake app for the real thing.”

“Even after the app has already been released by the official source, it can still be tampered with using malicious code. This code or virus capable of stealing user data or hijack the data that users key in.”

“Typically, a financial services app cannot be published if you do not remediate any non-compliance findings or gaps. This will further delay the release of the app or product. This creates a bit of friction between a business's market growth aspirations and compliance with certain regulations. If clients only try to secure the environment at the end of the production process, it will just delay their launch further,” Saiyid remarked.

TM One provides Professional Services who consult and advise financial institutions about DevSecOps throughout the product development process. This includes conducting Vulnerability Assessment and Penetration Testing (VAPT) and security code assessments through which the cybersecurity team roots out bugs and corrects the app syntax that can unwittingly enable errors or bugs which are then taken advantage of by hackers.

“We’ve seen instances where the app works fine, but certain non-best practices in the code stream open it up to abuse or breach and increase product susceptibility to hacking and SQL injections,” Saiyid warned.

Besides that, TM One also secures the app infrastructure through cloud-hosted apps, with one of TM One’s solutions including the setting up Web Application Firewalls (WAF) either as a dedicated solution or WAF as a Service.

Cybersecurity needs to be both proactive and reactive

Due to massive monetary and brand value, financial institutions are among the most-targeted groups by Advanced Persistent Threats (APTs), which are groups of hackers that have been backed up by certain organisations that keep on attacking certain entities or certain individuals.

TM One is committed to protecting its clients both before and after APT attacks.

“TM One’s Digital Risk Protection services (DRP) include threat intelligence. We scour the public web, the deep web, and the dark web for certain keywords such as the company or brand name or even the name of key personnel linked to a financial institution. If there is chatter about organising an attack, we can quickly inform the customer to backup and monitor certain assets. If a client already outsources monitoring to TM One, we will do it ourselves. That’s the prevention part.

“However, despite an enterprise’s best efforts, APTs can still breach their environment. That’s why our DRP services also include mitigation or takedown services. If client data has been breached or shared in the internet, we initiate a takedown service by collaborating with our international pool of partners to reach out to the malicious attacker or whoever has shared the sensitive data.  We force them to take down the sensitive data from being published, on threat of legal action. That’s the mitigation part,” Saiyid explained.

For financial institutions, brand value lies chiefly in customer trust in their services. Securing those services requires both proactive and reactive cybersecurity measures. At TM One, cybersecurity is a continuous, evolving effort that is both proactive against possible threats and reactive with quick-acting and widespread mitigation efforts.

This article was first published in Fintech News

The post Open APIs, digital banking and hybrid work - how TM One protects its clients from cyber threats appeared first on TM One.

]]>
3 Kunci Kritikal Menangani Ancaman Keselamatan Siber https://www.tmone.com.my/think-tank/3-kunci-kritikal-menangani-ancaman-keselamatan-siber/ Mon, 04 Jul 2022 07:42:26 +0000 http://jetpack.tmone.com.my/?p=6731 Keselamatan siber adalah antara cabaran utama masa kini buat setiap organisasi di era digital. Pendekatan dan solusi yang melangkaui aspek perlindungan perlu diperhalusi untuk mengekalkan […]

The post 3 Kunci Kritikal Menangani Ancaman Keselamatan Siber appeared first on TM One.

]]>

Keselamatan siber adalah antara cabaran utama masa kini buat setiap organisasi di era digital. Pendekatan dan solusi yang melangkaui aspek perlindungan perlu diperhalusi untuk mengekalkan kesinambungan perniagaan setiap organisasi.

Laporan global pertengahan tahun 2021 daripada pakar keselamatan siber yang berpangkalan di United Kingdom – Acronis,  menunjukkan bahawa kos purata pelanggaran/kebocoran data dan maklumat adalah sekitar AS$3.56 juta. Purata bayaran perisian tebusan (ransomware) pula meningkat sebanyak 33 peratus kepada lebih daripada AS$100,000.

Menurut ulasan dari pakar keselamatan siber dari TM One - cabang perusahaan dan sektor awam Telekom Malaysia Berhad (TM), COVID-19 telah mendedahkan syarikat dan organisasi kepada lebih banyak ancaman pencerobohan pangkalan maklumat. Persoalan tentang serangan siber kini telah menjadi ‘bila’ ianyanya akan berlaku dan bukan lagi ‘jika’ ia akan berlaku. Walaupun pelbagai langkah telah di ambil, kebanyakan organisasi masih berisiko dan terdedah kepada serangan.

Tahukah Anda?

50% daripada data Kerajaan yang menjadi sasaran, berpotensi untuk digodam, dengan akses kepada data melalui API.3 Ancaman Utama keselamatan ICT  terhadap pusat data sektor awam Malaysia:
1. Ancaman Teknikal
2.Perisian Perisik dan Phishing
3. Kejuruteraan Sosial

Sumber: Researchgate
152,653
Jumlah insiden Botnet Drones dan Malware dilaporkan di bawah MyCert pada Mac 2022.



Sumber: MyCERT

Dengan tumpuan untuk menyelami bagaimana sektor awam dan swasta boleh mengukuhkan tahap kesiapsiagaan keselamatan siber mereka, ramai pakar dari pelbagai bidang berkongsi pelbagai pandangan, pengalaman, dan pendekatan secara terbuka. Konsensus umum mendapati isu persekitaran IT yang kompleks adalah cabaran utama terhadap pelaksanaan keselamatan siber yang efektif.

Berikut adalah tiga kunci kritikal untuk menentang ancaman keselamatan siber:

Pengesahan ID yang lebih pantas

Gabungan teknologi blockchain dan kaedah biometrik menawarkan solusi yang lebih mantap dan selamat untuk mengesahkan identiti pengguna.

Pandemik COVID-19 telah memaksa lebih banyak organisasi mencari penyelesaian untuk membolehkan akses dari jauh (remote) kepada sistem. Memandangkan trend ini dijangka berterusan, pengesahan identiti pengguna adalah amat penting untuk keselamatan organisasi dan untuk memacu operasi yang lancar.

Sistem blockchain membenarkan data disimpan secara kolektif, yang menghalang sebarang gangguan/godaman. Pengguna boleh mendaftarkan butiran identiti mereka ke dalam sistem ini, dan organisasi keselamatan siber atau penyedia perkhidmatan seperti TM One kemudiannya akan memastikan ia tidak dapat ditembusi oleh penggodam.

TM One menawarkan penyelesaian Pengesahan Blockchain Terjamin (Blockchain Secure Authentication – BSA). Penyelesaian ini adalah sebahagian daripada tonggak Pusat Pertahanan Siber (CYDEC) yang fokus kepada perlindungan identiti digital. Ia adalah teknologi pengesahan tanpa kata laluan untuk mengelakkan serangan kelayakan (credential attacks), dimana penjenayah siber memintas langkah keselamatan organisasi dan mencuri data sulit. Langkah keselamatan melalui penyelesaian ini amat diperlukan terutamanya dalam sektor-sektor yang menyimpan data-data sulit dan peribadi pelanggan mereka seperti sektor Perbankan, Perkhidmatan Kewangan dan Insurans (BFSI), Sektor Kesihatan, Perkhidmatan Media Sosial dan Sektor Runcit.

Pengesahan blockchain adalah selamat, malah lebih pantas, dimana pengesahan pengguna boleh dilakukan dalam masa kurang daripada tiga saat. Penggabungan dengan sistem biometrik pula akan membolehkan proses pengesahan tanpa kata laluan sepenuhnya untuk pekerja sesebuah organisasi.

Teknologi biometrik, seperti sistem pengecaman muka, tidak memerlukan pengguna menghafal kata laluan. Terdapat banyak kes yang melaporkan penggodam mengakses dan mencuri kata laluan, dan pengesahan biometrik boleh membantu mengelakkan perkara ini.

Automasi sistem keselamatan

Automasi sistem keselamatan siber membolehkan pasukan IT mengoptimumkan sumber sambil mengurangkan kesilapan manusia dalam tindak balas keselamatan.

Automasi ini juga dapat memberi faedah yang melangkaui  aspek keselamatan siber. Aplikasi peranti mudah alih, Internet Benda (IoT), Kecerdasan Buatan (AI) dan automasi boleh digunakan untuk menggantikan tugas manual yang berulang sebagai sebahagian daripada usaha transformasi digital kerajaan dalam menyediakan perkhidmatan yang efektif dan selamat kepada rakyat.

Sebagai contoh, keselamatan pengumpulan maklumat sulit dan peribadi yang besar dalam sektor kesihatan melalui aplikasi yang membantu meningkatkan usaha pengendalian wabak. Inisiatif transformasi digital seperti ini akan membantu mengurus aliran data dan maklumat yang sulit dengan lebih baik tetapi ianya perlu dilakukan dengan menjadikan perlindungan privasi dan keselamatan data dan maklumat sebagai keutamaan.

Bekerjasama dengan pakar keselamatan siber

Banyak perniagaan tidak mempunyai peralatan dan kemahiran yang diperlukan untuk melindungi mereka daripada ancaman siber yang sangat kompleks dan sentiasa berubah dengan pantas. Sehubungan dengan ini, pilihan untuk bekerjasama dengan rakan kongsi keselamatan menjadi salah satu penyelesaian utama. TM One menawarkan perkhidmatan langganan yang merangkumi penyelesaian bertaraf dunia untuk membantu meningkatkan kemahiran pasukan keselamatan dalaman sesebuah syarikat atau organisasi.

Pasukan perkhidmatan profesional keselamatan siber TM One terdiri daripada arkitek, perunding dan penganalisa keselamatan. Arkitek memberi tumpuan terhadap reka bentuk sistem keselamatan, yang di bantu oleh pakar perunding. Sementara itu, penganalisa keselamatan akan memberikan maklumat operasi keselamatan dengan menilai ancaman secara berterusan.

Portfolio keselamatan siber bertaraf dunia TM One menyediakan pelbagai penyelesaian untuk melindungi sistem daripada ancaman siber masa kini. Malah, TM One telah menandatangani perjanjian dengan firma komunikasi global Telefonica untuk memperkukuhkan penyelesaian infrastruktur digitalnya dan menentang ancaman siber secara global. Kepakaran kedua-dua syarikat ini akan memberi organisasi di Malaysia penyelesaian keselamatan siber yang kukuh dan berdaya tahan siber yang tinggi.

Kesinambungan kesemua ekosistem keselamatan digital perlu dilakukan secara holistik. Dalam persekitaran yang sangat mencabar hari ini, kolaborasi dalam menangani keselamatan siber menjadi keperluan asas untuk membantu organisasi dalam kesiapsiagaan keselamatan siber mereka dengan lebih baik.

TM One akan terus memainkan peranan penting dalam membantu organisasi memperkukuh keselamatan siber mereka dan mengurangkan risiko serangan siber.

Adakah anda tahu apakah sumber utama risiko siber di Malaysia? Klik pautan untuk memuat turun maklumat grafik megenai risiko siber utama di Malaysia.

Artikel ini telah diterbitkan oleh Berita Harian pada 23 Jun 2022.

The post 3 Kunci Kritikal Menangani Ancaman Keselamatan Siber appeared first on TM One.

]]>
5 BFSI Cybersecurity Trends in APAC You Need to Know in 2022 https://www.tmone.com.my/think-tank/5-bfsi-cybersecurity-trends-in-apac-you-need-to-know-in-2022/ Thu, 19 May 2022 11:19:42 +0000 http://jetpack.tmone.com.my/?p=5552 The rise of digital banking and accelerated digital transformation have brought about new security concerns. Criminals are turning their attention to gullible online users, creating […]

The post 5 BFSI Cybersecurity Trends in APAC You Need to Know in 2022 appeared first on TM One.

]]>
The rise of digital banking and accelerated digital transformation have brought about new security concerns. Criminals are turning their attention to gullible online users, creating ever-so sophisticated scamming schemes to defraud them. At the enterprise level, threat actors are opportunistically using the shifting work environment to adopt tactics to infiltrate organisations.

Statistics1 from the Commercial Crime Investigation Department at the Royal Malaysia Police show that cybercrime is skyrocketing as consumers shift to online channels.

Between 2017 and June 20, 2021, Malaysians suffered losses amounting to about RM2.23 billion (US$533 million) from cybercrime frauds.

Of the 67,552 cybercrime cases reported during the period, e-commerce scams topped the chart with 23,011 cases. Meanwhile, complaints on online transactions surged 112% between 2019 and 2020, indicating that cybercriminals are looking to capitalise on the surge in e-commerce activity and rapid consumer adoption of digital financial solutions amid the new normal brought about by the COVID-19.

The pandemic forced consumers to turn to online retailers to buy groceries and e-wallets to pay their bills. A survey conducted2 by Kaspersky and research agency YouGov found that out of the 1,600+ respondents in Asia-Pacific (APAC) polled, 90% indicated having used mobile payment applications at least once in the past 12 months. Around 15% of the total survey respondents said they began using digital payment methods during the pandemic.

1. Asia emerges as favoured target

At the enterprise-level, cyber threats are exploding as well. The 2022 IBM Security X-Force Threat Intelligence Index, released3 last month, revealed that Asia has become the most attacked region globally, with over one in four cyber attacks recorded by the tech firm last year targeting users in the continent.

Asia saw more cyber attacks than any other region in the past year, the report says, with financial services and manufacturing organisations in particular experiencing nearly a combined 60% of attacks in Asia.

Server access attacks, where the attacker gains unauthorised access to a server, was the second-most common attack type observed, making up 11% of all incidents IBM’s X-Force IR team remediated in 2021. The majority of these attacks occurred in Asia, and in many cases the threat actors were successful in deploying malware or employing penetration testing tools on a server, the report indicates.

2. Fast digital transformation puts stress on IT systems

The pandemic has accelerated digital transformation and forced people to change the way they worked, transacted, and banked. This unprecedented speed of digital transformation is putting stress on banks’ IT systems, compromising real-time data analysis, and creating storage and security issues.

A recent survey4 of 305 global bank COOs and CTOs conducted by data-monitoring and management company - ITRS Group, found alarmingly weak operational resilience at financial institutions in the wake of COVID-19.

84% of respondents stated that their IT environment has changed more in the past 12 months than over their company’s lifespan, with digital transformation, work-from-home arrangements, cloud adoption, and more sophisticated security threats cited as the top drivers of change in banks’ IT environment. The figure stands even higher for APAC-based institutions where the velocity of IT change was found to be the greatest.

Globally, 79% of respondents indicated that it has become increasingly difficult for their institution to maintain their SLAs, or service-level agreements, with more than half stating that they suffered at least one business day of unplanned downtime every year.

Additionally, 94% stated that digital transformation has resulted in a significant increase in the volume of data, leading to challenges in analysing data in real-time (65%), storing data (62%), and difficulties in securing data (62%), creating a concerning trend.

3. Security, fraud prevention as a differentiator

As more people rely on digital payments and get accustomed to digital services, awareness of cyber risks and crime is also on the rise.

In fact, security is becoming consumers’ top concern, with 67% of Southeast Asian respondents polled by Kaspersky and YouGov indicating that they hope for the implementation of one-time passwords (OTPs) through SMS for every transaction.

After OTPs, two-factor authentication was named the second most preferred security feature (57%), while 56% of respondents said biometric security features, like facial or fingerprint recognition, should be added for digital banking and e-wallets.

Going even further, a considerable proportion of consumers believe that financial services providers should play a bigger role in protecting their customers from being defrauded. In fact, 40% of respondents indicated that banks and mobile wallet companies should “start preventing frauds/scams automatically based on spending behavior and/or transfer history.”

4. Advanced scams and social engineering on the rise

With increasing international cooperation and the establishment of multiple task forces to trace ransomware gangs, Kaspersky experts believe the number of such attacks will decrease in 2022.

Instead, cybercriminals will turn to more advanced scams and social engineering as they seek to exploit human and system vulnerabilities. These scams will leverage all sorts of tools and channels, ranging from SMS and automated phone calls to messaging apps and social networks, and will be fueled by the availability of advanced technologies such as deepfake and voice synthesis, the experts said, quoted5 by Vietnam News.

In Thailand, nearly 40,000 people were scammed with their bank accounts and credit cards showing inexplicable transactions. In Malaysia, scammers used fake bank websites to steal customers banking details. And in Vietnam, criminals impersonated top e-commerce platforms to trick users into sending money.

5. Cryptocurrency and NFT industry continues to attract cybercriminals

Kaspersky experts predict a significant wave of attacks on cryptocurrency businesses, a trend that started in 2019 and which coincides with the beginning of the cryptocurrency market’s bull run.

Figures from blockchain data platform Chainalysis show6 that cryptocurrency-based crime, including scams, ransomware, and stolen funds, hit a new all-time high in 2021, with illicit addresses receiving US$14 billion over the course of the year, up 79% from RM32.91 billion (US$7.8 billion) in 2020.

Kaspersky experts said they have already witnessed advanced persistent threat (APT) groups rising to attack the cryptocurrency business aggressively, and they anticipate that this activity will continue as criminals increasingly exploit flawed security and resort to advanced techniques including manufacturing and retailing rogue devices with backdoors and social engineering campaigns to steal cryptocurrencies. Cryptocurrencies are particularly attractive to criminals, considering the anonymity they provide.

Southeast Asia could be more vulnerable than other countries, considering that consumers in these locations are known for being avid adopters of cryptocurrencies and non-fungible tokens (NFTs). Among 20 countries surveyed by Kaspersky, the Philippines was found to have the highest adopter rate of 32% of Filipinos indicating owning digital assets. This is followed by Thailand (26.2%), ranked second, then Malaysia (23.9%). Vietnam (17.4%) was fifth and Singapore (6.8%) 14th.

Protect Your Organisation Today

The urgency of addressing the relentless surge of cyber threats impacting both the public and business sectors is a fundamental step to enabling a sustainable, safe and successful digital society. As a key player in digital transformation for companies across industries, TM One's commitment to cybersecurity helps to create a safe and secure online environment for businesses and protect consumers from fraud and identity theft.

TM One has collaborated with CyberSecurity Malaysia, the national cybersecurity specialist agency, to elevate the nation’s cybersecurity network and ecosystem while strengthening Malaysia’s self-reliance in cyberspace.

“At TM One, we understand that new technologies are driving the accelerated digital transformation for many industries, allowing players to respond quickly to changes as well as provide customers with better digital experiences. Having a strong cybersecurity foundation will benefit Malaysian financial institutions not only mitigate cyber risk, but boost performance.  Our Managed Security Services are designed to meet the specific needs of financial institutions and take their digital transformation forward to effectively improve operations, address compliance requirements, and enable open ecosystems,” said Muhammad Ghadaffi Mohd Tairobi, Director of Sales for Banking and Financial Services at TM One.

Do you know what are the key sources of cyber risk in Malaysia? Click here to download the infographics.

This article was first published by FinTech News Malaysia

References
1. https://www.nst.com.my/news/crime-courts/2021/07/708911/malaysians-suffered-rm223-billion-losses-cyber-crime-frauds
2. https://newsinfo.inquirer.net/1552270/threat-awareness-high-as-digital-banking-users-list-preferred-security-steps
3. https://www.ibm.com/downloads/cas/ADLMYLAZ
4. https://www.itrsgroup.com/a-global-operational-resilience-survey
5. https://vietnamnews.vn/economy/1141324/advanced-scams-data-breaches-crypto-and-nft-attacks-imminent-in-southeast-asia-kaspersky.html
6. https://blog.chainalysis.com/reports/2022-crypto-crime-report-introduction/
7. https://www.tmone.com.my/solutions/cybersecurity-services/bfsi-infographic/?utm_medium=cybersecuritypage&utm_source=TMONE&utm_campaign=CYDEC

The post 5 BFSI Cybersecurity Trends in APAC You Need to Know in 2022 appeared first on TM One.

]]>
TM One Experts Reveal Three Critical Keys to Counter Cyber Security Threats https://www.tmone.com.my/think-tank/tm-one-experts-reveal-three-critical-keys-to-counter-cyber-security-threats/ Wed, 10 Nov 2021 05:54:44 +0000 http://jetpack.tmone.com.my/?p=4481 Recent attacks on two major companies in Singapore – real estate group OY Group and Starhub, a telecom provider – were instances of an alarming […]

The post TM One Experts Reveal Three Critical Keys to Counter Cyber Security Threats appeared first on TM One.

]]>
Recent attacks on two major companies in Singapore – real estate group OY Group and Starhub, a telecom provider – were instances of an alarming surge of cyber-attacks around the globe. A mid-year 2021 global report from UK based cybersecurity specialist Acronis highlights that the average cost of a data breach was around US$3.56 million. The average ransomware payment increased by 33 per cent to more than USD100,000.

Covid-19 has further exposed multiple unauthorised excursions into an organisation’s information and processes. It is commonly asserted by experts that a cyber-attack is now a question of when and not if. Despite their best intentions, every organisation is continually at risk and is susceptible to such attacks, warned cybersecurity experts from TM One, the enterprise and public sector arm of Telekom Malaysia Berhad (TM), during the CYDES 2021 summit.

With the focus on diving deep into how public and private sectors can strengthen their cybersecurity preparedness, experts from a variety of fields gathered to openly share various insights, tools, tricks and approaches. A common consensus is that complexity is one of the real challenges to effective cybersecurity implementations in today’s hybrid Cloud era. Here are three critical keys to counter cyber security threats.

Securing faster ID authentication

Combining blockchain and biometric recognition offers a more robust and secure method of authenticating a user’s identity, said Rahmah Isahak, Assistant General Manager, Digital Identity Cluster, Innovative Solutions at TM One during the summit.

The Covid-19 pandemic has forced more organisations to find ways to complete transactions remotely and enable remote access to systems. As this trend is expected to continue, identity authentication of users is of vital importance to an organisation’s security and to drive seamless operations.

“A blockchain system allows data to be held collectively, which prevents any malicious tampering. Users can register their identity details into this system, and a cybersecurity organisation or service provider such as TM One will then ensure that it is impenetrable to hackers,” she explained.

TM One offers Blockchain Secure Authentication (BSA) as part of its Cyber Defence Centre’s (CYDEC) Digital Identity pillar, focusing on digital identity protection. It is a password-less authentication technology to avoid credential attacks, a condition when cybercriminals bypass organisational security measures and steal important data. This solution has its use cases in various verticals, such as in banking, financial services and insurance (BFSI), healthcare, social media services and retail sectors.

“Not only blockchain verification is secure, it is also fast. It is able to authenticate users in less than three seconds,” she said. “Combining a system with biometrics will enable the authentication process to be entirely password-less for employees.”

“Biometric technology, such as facial recognition systems, do not require users to memorise passwords. There are many cases in the media that show hackers accessing passwords, whereas biometric authentication helps organisations to sidestep password theft,” she added.

The future of security is automation

The second key highlight was automated cybersecurity systems. “Automation allows IT teams to optimise resources while reducing human error in security responses,” explained Dr Azman Ali, Head of Information Security Services, Professional Services at TM One, when he spoke at CYDES.

Automation and increasing digitisation are features that both include and go beyond cybersecurity systems, Dr Azman shared. “Mobile apps, Internet of Things (IoT), Artificial Intelligence (AI ) and automation can be used to replace the repetitive manual tasks as part of the government’s digital transformation efforts.”

“One example of this is data collection in the healthcare industry sector. A vast amount of new personal information is being generated that could potentially help to enhance pandemic handling,” said Dr Azman. He pointed out that: “Digital transformation initiatives will help better manage this huge stream of data and assist in extrapolating actionable insights, but let’s not forget, that this need to be done securely while making privacy a top priority.”

Partnering with cybersecurity experts

Many businesses do not have the required tools and skills to protect themselves in today’s highly complex and rapidly changing threat landscape. In light of this, the option of working with a security partner is rapidly becoming another key solution. TM One offers a subscription service that includes world-class tools to uncover vulnerabilities in organisations and, additionally, helps to upskill an organisation’s internal security team.

The cyber squad at TM One comprises architects, consultants and analysts. Architects focus on designing security systems, which the consultants help to enhance. Meanwhile, analysts will provide critical security information by continually assessing upcoming threats, explained Dr Azman.

As part of its world-class cybersecurity portfolio, TM One provides 16 products, which include identity access, IoT, Cloud, and others, to secure systems from today’s threats and breaches. Global communications firm Telefonica, which works directly with TM One as its global Security Operations Centre partner, helps to actively consult and also advises on cybersecurity matters. Leveraging on the expertise of both companies, Malaysian organisations can be assured of fortified cybersecurity solutions to build their cyber resiliency and trust in the digital era.

As experts in Cloud services, TM One was appointed as one of the cloud service providers for the Malaysian government in April 2021, said Dr Azman. “TM has played a huge part during the pandemic with its work with healthcare organisations and in creating internet infrastructure.”

Moving forward, connecting the digital dots requires a holistic stance in today’s highly challenging environment, with cybersecurity as a foundational part of the mix, said TM One’s experts during the summit. Their positioning of three keys — authentication, automation and assistance – will help organisations to greatly strengthen their cybersecurity preparedness.

The post TM One Experts Reveal Three Critical Keys to Counter Cyber Security Threats appeared first on TM One.

]]>
Digitalisation calls for intensifying Zero Trust to combat persistence in attacks https://www.tmone.com.my/think-tank/digitalisation-calls-for-intensifying-zero-trust-to-combat-persistence-in-attacks/ Tue, 02 Nov 2021 00:48:09 +0000 http://jetpack.tmone.com.my/?p=4437 TM One experts share insights on implementing a Zero Trust approach to guard against new cybersecurity challenges All governments and organisations today need to be […]

The post Digitalisation calls for intensifying Zero Trust to combat persistence in attacks appeared first on TM One.

]]>
TM One experts share insights on implementing a Zero Trust approach to guard against new cybersecurity challenges

All governments and organisations today need to be aware that they are fully at risk from cyber-attacks, as demonstrated by recent high profile media reports of breaches in critical infrastructures - such as Colonial Pipeline - to large multinational organisations.

According to a recent Ponemon Institute survey, 44% of organisations experienced a third-party data breach in the last 12 months that resulted in the misuse of sensitive or confidential information. 63% of organisations say that remote access is their weakest attack surface.

Cybersecurity professionals must learn to flexibly adapt when new challenges arise in a scenario wherein 2021, cybersecurity experts claim there are 10 types of hackers ranging from white hat, black hat, grey hat, script kiddies to activists and malicious insiders.

The current consensus among white hat hackers and cybersecurity specialists is to advise the government and organisations to pivot from detection to prevention strategies, which will be affected by reducing the attack surface and preventing known and unknown attacks. These days, no organisation can trust luck to avoid attacks. It is just a matter of when and how to mitigate and recover from a successful attack.

Coming together at the CYDES 2021 conference, these experts discussed the areas in which organisations are most vulnerable. They also shared the latest cyber tools and strategies to help organisations adapt.

Interestingly, experts from Telekom Malaysia Berhad (TM) identified the malware as the cyberthreat that has consistently prevailed over decades and been weaponised in attacks, primarily those involving critical infrastructure. 

 What is the current challenge?

During the past three (3) years, malware has become increasingly sophisticated, a step above previous versions, explained Raja Azrina Raja Othman, Chief Information Security Officer at TM. The energy sector, a key aspect of a country’s critical national infrastructure, saw significant malware used for attackers’ persistence in compromised systems, she shared.

One example of this occurred in 2017 when malware was introduced into an oil refinery in Saudi Arabia. The malicious programmes were designed to shut down safety systems, increasing the likelihood of a catastrophic explosion, wrote Wired.

“Amongst security practitioners, we understand traditional malware defences have proven ineffective,” said Raja Azrina. Protection mechanisms should continue to evolve.  For example, the way that organisations protect access points such as laptops “are changing and will continue to change.”

Moving to the Cloud without proper protections in place constitutes another challenge, Raja Azrina pointed out. She has seen organisations “that migrate without sufficient planning”, exposing valuable data to vulnerabilities.

Email servers present another attack surface for hackers to introduce viruses and malware. This has led to the loss of critical data and “can culminate in ransomware attacks,” she said.

Another example, a scam email sent to a Sydney hedge fund that contained a fake Zoom invitation. When users clicked on it, a malicious software programme was secretly implanted into the system, leading to losses of more than US$580,000, reported Australian Financial Review.

Implementing Zero Trust and data residency

Sometimes called 'perimeterless' security, a zero-trust security model is not a new approach to the design and implementation of IT systems - originally coined by a Forrester analyst in the early 1990s. However, it is rapidly becoming a favoured recommendation to counter vulnerabilities arising from the use of third party solutions in today's complex IT information architecture.

“Perimeter defences and network segmentation remain highly relevant,” explained Raja Azrina. Segmentation helps to restrict access from one system to another, reducing the attack surface that hackers can target, and containing breaches as they occur.

Zero Trust is indeed a valuable approach. This model authenticates users each time they access an organisation’s network, systems or applications, blocking unauthorised users.

TM’s enterprise and public sector business arm, TM One, provides Zero Trust systems to help secure networks. Such a provision implements strong identity requirements to ensure networks are more ‘watertight’ against malicious intruders.

Furthermore, Raja Azrina highlighted data residency as a top concern when securing the Cloud. Different jurisdictions apply different laws to data, which can lead to legal complications arising when data is stored overseas.

One benefit of keeping data close to home is that organisations have easy access to their data centre. This is one of the reasons why TM One has built its Cloud centres in Malaysia, she explained.

Additional safeguards

Prevention is the best product protection and TM One provides additional cyber safeguards via two (2) tools that are available amongst its wide cyber security product portfolio.

First, a firewall creates a set of rules for websites to block malicious attempts to access information. TM One provides threat management by combining firewalls, anti-virus and anti-intrusion systems at the entry points to networks, according to its website.

Second, TM One helps to encrypt data transmitted across the internet, only allowing the sender and receiver to decrypt and view the data. Introducing this system would give citizens a trust point when accessing the site, maintaining the reputation of an organisation’s cybersecurity.

Another takeaway is that cybersecurity must be viewed as a marathon and not a sprint. Organisations must be able to sustain protections to keep ahead of evolving threats. Malware has recently proven to be a significant threat to public sector institutions and critical national infrastructures. A more robust and strategic approach of adopting Zero Trust, storing data locally, and the use of proactive security tools are essential in today’s rapidly changing environment.

The post Digitalisation calls for intensifying Zero Trust to combat persistence in attacks appeared first on TM One.

]]>
How TM One’s CYDEC Cybersecurity Solution Turns Cybersecurity Challenges Into Cyber Resiliency and Digital Trust https://www.tmone.com.my/think-tank/tm-one-cydec-delivers-cyber-resiliency-and-digital-trust/ Tue, 27 Jul 2021 05:06:19 +0000 http://jetpack.tmone.com.my/?p=3573 Raja Azrina Raja Othman Raja Azrina is the Information Security Advisor at TM One and a renowned expert with over 25 years of experience in […]

The post How TM One’s CYDEC Cybersecurity Solution Turns Cybersecurity Challenges Into Cyber Resiliency and Digital Trust appeared first on TM One.

]]>

Raja Azrina Raja Othman
Raja Azrina is the Information Security Advisor at TM One and a renowned expert with over 25 years of experience in information security and computer crime, as well as advising the Malaysian government and various large corporations in devising their cybersecurity strategies. She has led in design, development and implementation of innovative solutions, which includes cyber crisis command system and endpoint solution for critical infrastructure

Q Why is cybersecurity imperative in realising Malaysia’s Digital Nation vision?

The Malaysia Cyber Security Strategy 2020-2024 (MCSS) outlines the key objectives and five strategic pillars that will govern all aspects of cybersecurity planning and implementation in the country. One of the focus areas is to improve national cyber resilience against cyber threats.

In line with the 10-year Malaysia blueprint road map of MyDIGITAL as announced by the Government, we will see a transformation of Malaysia into a digitally-driven, and regional leader in the digital economy and cybersecurity will be at the forefront. Organisations will need to build stronger digital trust and cyber resiliency resulting in a better-protected digital infrastructure and cleaner data in the cloud, through every endpoint.

“In the distant past, Incident Response and Forensics were an option. However, today the ability to detect, respond and mitigate in a prompt manner are essential services. Detection capability depends on level of threat visibility. Response capability is dependent on the level of rotection measures in place. We cannot perform effective response, without proper control measures in place. Reality is off-the-shelf systems, be it IT, IoT, IIoT and OT systems are vulnerable, in their default state. Thus, at TM One, designing security into the solution is inevitable,” says Raja Azrina.

Q To sustain during the lockdown, organisations migrated their services and operations online. As more are moving to the cloud, it is important to remain aware of the lingering security risks. Where should you start?

Managing security incidents that affect your business in real-time can be confusing particularly to any organisation that is in the early period of its digital transformation.

Many businesses need real-time protection from cyber threats, as delays in determining attacks can have significant financial implications. Having limited and detached equipment, tools, and system hinder organisations to own effective and efficient end-to-end cybersecurity services. Finding out trusted well experience digital solutions providers are daunting while sorting it internally with a lack of trained and qualified in-house professionals and immature recovery planning is also a challenge.

For holistic cyber defense protection, your cybersecurity solutions need to be able to detect, respond, predict and protect your systems and data from the breach in real-time, 24/7.

Q Your company’s data represents your most critical assets and protecting them should be high on your list of priorities. How does a trusted partner ensures your digital assets are protected in real-time?

Your partner is your first line of defense in ensuring the safety of your cyber ecosystem. Having the right experts who can manage your cybersecurity portfolio, with the ability to reach your data house digitally and also physically closer to your location is crucial. It offers a worry-free convenience, so you can focus on your core business operations without compromising on security.

TM One Cyber Defense Centre (CYDEC) offers fully-managed security services that detect, respond, predict and prevent cyberattacks. It protects a wide range of digital assets and services including those powered by the cloud and 5G, such as IoT applications, information technology and operational technology systems, primarily within Critical National & Information Infrastructure (CNII).

TM One's recent partnership with Telefonica Global Solutions, combined with our own cybersecurity experts with extensive experience, CYDEC’s capability and capacity offers you a business value approach, enabling you to achieve faster identification of potential risks, addressing the gaps in security implementation, and providing you with the right recommendations based on information security strategy. These will ensure that organisations can quickly, accurately and strategically build their cybersecurity resilience in this new wave of digitalisation.

The EDGE Vertical Column: CYDEC

The post How TM One’s CYDEC Cybersecurity Solution Turns Cybersecurity Challenges Into Cyber Resiliency and Digital Trust appeared first on TM One.

]]>
Never waste a crisis: Lessons from Asian cyber attacks https://www.tmone.com.my/think-tank/never-waste-a-crisis-lessons-from-asian-cyber-attacks/ Wed, 30 Jun 2021 15:33:28 +0000 http://jetpack.tmone.com.my/?p=3358 A closer look at what we can learn from past attacks in Southeast Asia and beyond. It was just another day in January 2021. Some […]

The post Never waste a crisis: Lessons from Asian cyber attacks appeared first on TM One.

]]>
A closer look at what we can learn from past attacks in Southeast Asia and beyond.

It was just another day in January 2021. Some Malaysians had gone onto the official website of the state of Perak to access public services, only to be greeted by a startling message. “Hello admin, we just found your website is vulnerable for hacktivist. Please check your website and make sure it is patched before your website gets stamped again,” the warning read.

16 other websites for local governments and universities were also defaced. This was part of a campaign by hackers from Anonymous Malaysia to highlight weaknesses in the Malaysian government’s cybersecurity, reported ZDNet.

No hacks have been discovered since February 2021, The Malay Mail wrote. But the incident points to the potential vulnerabilities of public servers and the importance of securing them. How can governments learn from breaches such as this to build cyber resilience and digital trust?

Cyber hacks through the years

Malaysia certainly isn’t alone in being targeted by hackers. Singapore suffered a much publicised breach in its health data systems in 2018. 1.5 million Singaporeans had their personal information leaked onto the dark web, including Prime Minister Lee Hsien Loong.

Besides leaking personal data, cyber attacks can seriously disrupt our lives especially when they target critical infrastructure. Estonia’s major attacks in 2007 crippled banks, the media and some government agencies. Public servants couldn’t use their email to communicate with one another, and media outlets couldn’t deliver the news.

The threat of cyber attacks can escalate to threaten human lives. Earlier this year, a hacker tried to poison a water treatment facility in Florida through its remote access software. A German patient died as the first hospital she was sent to had been hit by hackers, and she couldn’t reach another hospital in time.

On a global scale, the 2017 WannaCry ransomware attacks impacted more than 150 countries and caused US$4 billion in losses worldwide. Perhaps most frighteningly, the attacks affected a third of National Health Service (NHS) hospital trusts in the UK, with ambulances rerouted and 19,000 appointments cancelled, according to Kaspersky.

Cyber tools for governments

What new tools or strategies can help governments fortify their digital borders?

In Malaysia, TM One, the enterprise and public sector business solutions arm of  Telekom Malaysia Berhad (TM), strongly believes that protecting critical infrastructure must become a key priority for enabling a digital Malaysia future. TM One’s cybersecurity solution helps Malaysian enterprises and public sector build digital trust and cybersecurity resilience, by managing five (5) key areas of risk – cybersecurity, compliance, privacy, ethics and social responsibility.

TM One has developed a Cyber Defense Centre (CYDEC), which is a fully Managed Security Services Provider (MSSP) that can detect, respond, predict and prevent cyber threats from a wide range of digital services in real time. These services include 5G, Cloud, Information Technology (IT), Operational Technology (OT), Internet of Things (IoT) and other Critical National and Information Infrastructure (CNII).

These solutions are crucial for organisations to safeguard their business, customer data and brand reputation from cyber threats and cybercriminals.

CYDEC was developed locally in Malaysia, and provides public and private sectors with digital trust and cyber resilience capability and capacity with its Global Cybersecurity Security Operation Centre (G-CSOC).

It is endorsed by both local cyber authorities, such as CyberSecurity Malaysia and the National Cyber Security Agency of Malaysia (NACSA), and has a Global Telco Security Alliance partner with telco giant Telefonica.

“With remote working here to stay and cloud becoming a critical component of an organisation’s digital transformation, decisions around what can be done in-house and what should be outsourced or purchased as a service can be game-changing for Malaysian enterprises seeking to turn “new normal” into an opportunity,” Maznan Bin Deraman, Head of Innovative Solutions & Cybersecurity Services, TM One told Business Today.

What we can learn

Never waste a crisis, as they say. Every breach presents an opportunity for governments to learn from mistakes and strengthen their cyber defenses.

The Florida water treatment facility incident, for instance, highlights the importance of security as people shift to remote working. "The problem is not the fact that remote software existed. I think the problem is that an adversary got hold of the credentials such that the adversary was able to access it," Damon Small, Technical Director of Security Consulting at NCC Group North America, told CNN .

“Critical infrastructures will need to implement strong authentication methods when using remote access systems”, he emphasised. The world needs a passwordless-based with blockchain secure authentication to defend against credential theft.

“With more organisations and services moving to the cloud, we now see a greater evolution of threats and cybercrimes,” urged TM One’s Maznan. “There is an urgent need to protect digital infrastructure, data in the cloud and at every endpoint.”

As for WannaCry, its solution seems disproportionately simple for such a large scale attack. “Were it not for the continued use of outdated computer systems and poor education around the need to update software, the damage caused by this attack could have been avoided,” Kaspersky wrote.

Indeed, education and awareness are crucial in a nation’s cyber defense. Last year, Singapore launched a Safer Cyberspace Masterplan to raise general cybersecurity levels in the country. The plan will help businesses and individuals, Gwenda Fong, Assistant Chief Executive of the Cyber Security Agency of Singapore told GovInsider.

Nations will need watertight strategies and advanced Active Cyber Defense (ACD) to safeguard their digital borders. TM One CYDEC enables this for Malaysian organisations with real-time monitoring, simplified solutions and a comprehensive range of tools.

“Especially with the implementation of Malaysia’s Digital Economy Blueprint (MyDIGITAL), TM One CYDEC will ensure that government institutions can digitally transform while having the added assurance of knowing that public data is kept secure and in compliance with regulatory requirements,” Maznan concluded.

This article was written in collaboration with GovInsider.Asia

The post Never waste a crisis: Lessons from Asian cyber attacks appeared first on TM One.

]]>