Photo - CyberSecurity Malaysia CEO Dato' Dr Amirudin bin Abdul Wahab's keynote opens the 11th Computerworld Malaysia Security Summit
The evolution of cyber threats, its repercussions for businesses, and the strategic use of technology to predict, prevent, manage and recover from cyberattacks were major points of discussions during the 11th Computerworld Malaysia Security Summit held at Connexion@Nexus, Kuala Lumpur on 20 April 2017.
Like last year's gathering, about 200 invited delegates from the cybersecurity community attended the event organised by Executive Networks Media (publisher of Computerworld Malaysia), with speakers drawn from government bodies, private sector practitioners and solution experts engaged in topics such as nanotechnology, talent management, artificial intelligence, and hardware security.
"Digital technology is the key driver to Malaysia's transformation," declared CyberSecurity Malaysia chief executive officer Dato' Dr Haji Amirudin bin Abdul Wahab in his keynote opening address. "The Internet of Things (IoT) is bringing on more devices and more connectivity, but also opens up more vulnerabilities with new avenues for more advanced and disastrous cyberattacks that can turn the Internet of Things into the Internet of Threats."
"A new approach is required to address advanced persistent threats and the new breed of cyberattacks. Malaysian organisations cannot just depend on the traditional cybersecurity approach to protect themselves - these are important but not sufficient as they leave significant gaps in cyberdefences," he continued.
Instead cybersecurity should be more adaptive in its approach. "Adaptive security can evolve as the threat environment changes. It learns and improves to deal with new cyberthreats and conforms to evolving needs by adopting a behavioural-based approach to predict threats," said Dr Amirudin, who also covered state level and critical infrastructure attacks in an exclusive with Computerworld Malaysia a week before his keynote.
CIMB Bank Berhad managing director and head, Digital Banking, Kanags Surendran concurred that security frameworks had to evolve. "For banks, the security perimeter has expanded beyond the physical perimeters of the old days, and moved towards end-users and the devices they use to access services," he said. "The most vulnerable security point today is the end user and the authentication framework."
"Banks are adding controls on authentication to secure the perimeters. However, these measures effectively compromises usability while not solving the issue," he admitted. "Users are identified based on things they know, things they have rather than who they are. Security needs to be identity-centric, but our identity is broken. Thus, we adopt a layered security approach involving data encryption, fraud management authentication, digital signing and end-point protection, and we try our best to balance usability and security."
To Jupiter Networks consulting SE, Center of Excellence, Alex Cheong, strengthening controls included aligning an organisation's security to its business imperatives through a centrally orchestrated policy.
"Cyberthreats need a network as a medium to traverse across a company. By gathering and distributing threat intelligence across your entire network, and leveraging on cloud economics for real-time analysis, organisations can identify risk sooner, and automatically apply enforcement in real time," said Cheong. "The network can be the single detection and enforcement domain to secure your data, your brand, your business and your company."
Sign up for CIO Asia eNewsletters.