[Also see an exclusive with MDEC's Wan Murdani Wan Mohamad, who is Director, Digital Enablement - How Security is powering Malaysia's Digital Economy ]
The iProperty Group head of IT security Nigel S. Rodrigues believed that end-users played a crucial role in securing the enterprise. "Create awareness of security risks by making it fun for end-users to lean about security. Make use of images and gamification to educate end-users of the danger," he advised.
Photo - (From left) Panel moderated by AvantiKumar, Editor Computerworld Malaysia; Nigel S Rodrigues, Head of IT Security, iProperty Group; Junaid UR Rehman, Security Advisor, HP Inc.; Victor Lo, Head of Information Security Enabling Ecosystem, MDEC; and Murari Kalyanaramani, Head of Information Security, Standard Chartered Bank.
Predict and Prevent
"The nanotechnology revolution is changing device and system designs, with devices becoming smaller, more portable and increasingly ubiquitous, and this will influence the security ecosystem," stated NanoMalaysia Berhad chief executive officer Dr Rezal Khairi Ahmad in opening the 'Predict and Prevent' track focusing on pre-attack strategies. (Before the Summit, Dr Rezal gace an exclusive interview to Computerworld Malaysia.)
"From a security aspect, it is enhancing solutions. New quantum cryptography is being developed which can expose intrusion attempts and invalidate codes," said Dr Rezal. "Nanotechnology will enable authentication systems to be scaled down and improve the accuracy associated with authentication. The use of nano-optical switches will also greatly increase the speed of networks and make tapping very difficult to achieve."
As methods of attacks evolve, so too should an organisation's risk management framework. "There is the perception that being compliant is enough. However, compliance does not equal security; it is the bare minimum in order to certify that the basics are covered," said Check Point chief strategist, APAC, Middle East & Africa, Tony Jarvis. "What is right for one organisation may not necessarily be right for another as each face different threats, has different skill levels, and the solution chosen may be governed by what is already in place and how well each system integrates with the rest."
"Prevention is possible. While attacks may be inevitable, breaches themselves should not be," argued Jarvis. "A multi-layered approach towards security and some wise choices concerning preventative controls is critical with technologies available which can prevent many of attacks before they breach your network."
"DDOS attacks could have a long-lasting impact on the credibility of your brand. Cyberattackers are increasingly combining different techniques to attack brands, with smaller attacks used to ensure an operational impact, while they go for their real and bigger target," warned CSC Digital Brand Services APAC regional director Jayce Yeo. "Attackers look for weaknesses in how you manage your assets, then use that knowledge to attack those assets. Therefore, when planning your security framework, determine the likely targets and understand the risks before implementing your solution."
Manage and Recover
In kicking off the 'Manage and Recover' track which focused on security strategies after an attack, Malaysia Digital Economy Corporation (MDEC) director, Enabling Ecosystem, Wan Murdani Mohamad pointed out the importance of the digital economy to Malaysia.
"In the last year, the digital economy brought in new investments of RM16.3 billion, generated revenue of RM47.1 billion, and contributed RM19.1 billion towards export sales," he said. "Cybersecurity is an enabler of digital transformation and acts as a catalyst to digital adoption."
"A recent survey of Malaysia-based security companies showed that there is a good spread of companies supplying security solutions in Malaysia. However, a behavioural change is required for Malaysian organisations to appreciate the importance of security, and understand the risks of not taking more responsibility for their own security," he added.
Being more aware of prevailing cyberthreats would be a starting point. Citing recent examples of ransomware cases, AhnLab Inc security consultant manager-AhnLab HQ, Hyunjung (Hailey) Park spoke of improved solutions in the market. "Traditional solutions are ineffective in detecting and blocking the more sophisticated malware and ransomware as these new and variant advanced malwares avoid known detection patterns. This limits protection for the first victim of an attack," she said. "A solution which enhances endpoint protection through continuous endpoint hardening would be more effective."
Enterprises should also be aware of the risks exposed by familiar hardware, such as printers, as their functions evolved. "Although many IT departments rigorously apply security measures to individual computers and the business network, printing and imaging devices are often overlooked and left exposed. As printers become increasingly sophisticated, they offer greater opportunities for attackers to compromise the device, the data, or the entire network," warned HP Inc security advisor Junaid UR Rehman.
"Printer-related attacks occur as there is a lack of security policies for printers, a lack of security features in printers, or when those features are not enable," said Junaid. "Today's printer is a fully functioning client on the network. From the point of view of network security, printers require the same degree of protection as PCs."
The latest version of this article lives at Computerworld Malaysia.
Sign up for CIO Asia eNewsletters.