The threat of being targeted by cybercriminals is real. Simple attack techniques such as email phishing, to the most complex techniques such as Advanced Persistent Threats (APT) launched by cyber criminals are issues that every company needs to be alerted to and prepared to counter.
At the bottom, the elimination of spyware and the preservation of privacy for the consumer are critical goals if the Internet is to remain safe and reliable and credible.Cliff Stearns, former US Representative
Therefore, it is important to work closely with reputable cybersecurity professionals to implement the latest digital security and privacy technology solutions and to minimise the risks of successful attacks to business.
Last December, as SolarWinds attacks have been published, the victims listed include tech companies, local governments, universities, hospitals, banks and telecommunication operators.
As companies are likely to get hit, managing cyber risks is mandatory to avoid unanticipated business interruptions by these cybercriminals from anywhere and at any time.
An integrated physical and digital security is required nowadays to safeguard day-to-day business operations.
Cybersecurity specialists should be able to recommend appropriate methodology of analysing vulnerabilities and threats to organisation, determine the potential losses, identify cost-effective measures and recommend residual risk to be insured.
The purpose for establishing risk baseline is to assist companies in developing a comprehensive level of security and reduce business threats to an accepted level. In some business sectors, such as banking and finance and public listed companies, compliance to regulatory requirements is mandatory.
Bank Negara Malaysia has published the Risk Management in Technology (RMIT) on June 19 last year for companies to manage their technological risks in running their businesses.
According to RMIT, technology risk refers to risks emanating from the use of information technology (IT) and the Internet. These risks arise from failures or breaches of IT systems, applications, platforms, or infrastructure, which could result in financial loss, disruptions in financial services or operations, or reputational harm to a financial institution.
The Securities Commission Malaysia (SC) had published a document, “Guidelines on Management of Cyber Risks” dated October 31 2016, which serves as a guideline for all public listed companies’ board of directors and their management team in the governance of cyber risks.
ESPC Cyber Range services can facilitate these cyber drills and cyber exercises to all these companies as recommended by RMIT document and test their cyber risks preparedness by simulating cyber-attacks. This simulation exercises can be used to validate companies’ processes and procedures and ascertain if they are good enough to the threat’s scenarios.
The Malaysia Cyber Security Strategy (MCSS) 2021-2024 was launched late last year. This strategy can help improve cybersecurity capabilities to fight cybercrimes and at the same time can increase cybersecurity economic activities by intensifying the growth of local industries in this area.
According to MCSS, the first pillar is to enhance national cybersecurity governance and ecosystem with three strategic initiatives proposed.
The first strategy is to enhance collaboration and trust building through information sharing and effective public-private partnership. To enable it, we need a good digital platform to connect with each other.
Serba Dinamik Cybersecurity team has developed a digital platform called E-Security and Privacy Channel (ESPC) specifically for this purpose and can support information sharing and smart partnerships activities seamlessly. This digital platform is accessible at https://www.espc2go.com.
To date, ESPC digital platform is connected to more than 30 local and international partners, and ready to provide cybersecurity services to federal and local governments, local town councils, and private companies based on international standards and best practices.
The other strategy mentioned in MCSS is to strengthen Cyber Security Incident Management and Active Cyber Defence. To support this strategy, ESPC CERT promotes a non-conventional Cyber Emergency Response Services which put more emphasis on solving human issues, as opposed to focusing on technical layers as what is currently practised. ESPC CERT services as of now can connect to CERT partners in more than 30 countries.
ESPC media and ESPC Open Education is well equipped with Green Studio, Security Operation Centre, reputable strategic partners, large capacity cyber range to run cyber exercises and regional competitions, and digital forensics services.
ESPC communities’ services offers children online safety and protection programmes, online safety monitoring services, and cybercrimes prevention services.
All of these services are integrated within the ESPC digital platform to enable us to serve government agencies, private companies, NGOs, parents, teachers and children better.
As we are living in both the physical and digital world, we can only feel safe when we have implemented both physical and cyber safety measures effectively and be able to connect to trusted professionals around us for good advice and cost saving options based on budget availability.
ESPC can be made a reliable contact point and reference centre to begin with, as it operates in smart partnerships with many companies and professionals globally.
Cybersecurity and digital privacy technology business represent a new wave of opportunity for a future Malaysia. Using a smart partnership model, enabled by a dedicated digital platform, government agencies, private sectors, NGOs, parents, teachers and students can work together creatively for a safer digital future and increase our business competitiveness for global opportunities.
Shortages of cybersecurity professionals globally, for instance, provide us with good job opportunities for young and talented Malaysian to serve both domestic and international markets. ESPC Open Education and ESPC Job Services can assist these professionals to move forward.
In conclusion, cybersecurity and digital privacy technology solution is a global business, an opportunity for our talents to work anywhere. So, let us work together in this technology adventure to a better future.
Till then, be safe and always verify before you click. Avoidance from being a victim is much easier than the complexity of recovery in the digital world.
The views expressed are those of the author and do not necessarily reflect the official policy or position of the New Sarawak Tribune.
Source: New Sarawak Tribune