(Caption above pic: (L-R): Jay Bavisi, Cybersecurity Malaysia CEO, Dr. Amirudin Bin Abdul Wahab, Deputy MOSTI Minister, Dr. Abu Bakar Mohamad Diah)
During the EC-Council’s inaugural Cybersecurity Summit in Malaysia, EC Council’s CEO, Jay Bavisi, kicked things off, with a top-level overview of what was going to be discussed, and what should be discussed during the whole day event.
A few things stuck out for this journalist however. Here they are, in no particular order.
Cybersecurity spending
Does it help to find out that the Southeast Asia (SEA) region, is not investing enough in cybersecurity?
Described as an upcoming hub of growth and digital innovation, the Internet and digital economy in SEA is expected to rake in USD200 billion over the next few years – shouldn’t the spending to protect the mechanisms that generate this revenue, be commensurate with that?
If yes, then what would be an ample measurement of this?
Cybersecurity spending as a percentage of a country’s GDP was captured and then benchmarked against the global average. Needless to say, all the countries in SEA are spending below that average, except for Singapore.
According to Jay, the top 1000 companies in SEA stand to lose up to a total of USD750 billion.
But the same time too, he drew attention to the fact that increased spending does not guarantee increased security. Increased cybersecurity is should also be determined by where spending goes to, and how budgets are being spent to achieve the required returns.
Governance and legislation
All across the SEA region, different countries are experiencing different levels of maturity when it comes to legislation and governance for cybersecurity.
According to Jay’s observation, Vietnam and India face a legislation landscape that is “getting there”, but there is no sector specific focus.
The host country of Malaysia, was complete in that it fulfilled the criterion of legislation, established processes, and a mindset that champions international cooperation. Cybersecurity spending was just a little below the global average. Our efforts in awareness and capacity building has even been recognised and is ranked among the top in the world.
And yet despite all this, Jay pointed out that the nation’s telcos had been massively compromised last year.
What’s missing?
Securing our privacy
In the midst of all the recent debacle about Facebook leaking its user data, Jay also spoke of a data scientist working for a company that could influence election data.
The whole set up basically consists of using artificial intelligence/machine learning to send out text messages to constituents about their concerns.
Simply put, the service collects all of these, manifests electoral issues to politicians, and enables them to more effectively engage their constituents, via social media, and so on and so forth, with a 65-percent rate of successfully achieving planned outcomes.
Jay posed the hypothetical scenario of all that data falling into the wrong hands: “Can you imagine all the potential for civil unrest if this happens?
“There is also the (abuse of) civil liberties at the centre of all this,” he said, while opining that this is the real danger that exists today.
Most people do not think twice about exchanging their information for a convenience, like a discount voucher or promotion. Especially the younger generation, is known to be a sharing generation, exposing their activities and data on social media for their friends to read about.
This attitude may be slowly changing however, and people are keeping their private data under closer wraps, this year.
Emerging tech and talents
Attack surfaces are increasing all the time.
Every time there is a new technology to deploy in an organisation, every time a device connects to the Internet, that is also another surface or doorway, inviting a hacker to walk through.
And every roll out of technology comes with the challenge of knowing it well enough to secure it; cloud computing, Internet of Things, and so on and so forth.
Jay asked, “How do we train people to do the jobs of the future?”
More significantly, in the context of a cybersecurity professional, how do they train to deal with all these cybersecurity risks that come from the use, and most times the incorrect use, of new technologies?
In Malaysia, the supply of cybersecurity talent is also not meeting demand for these talent, in terms of numbers or quality.
A later panel discussion about skills gap, also brought to light that on-the-job training for cybersecurity, is lacking in Malaysia.
There is consensus that awareness about cybersecurity jobs have to start from school.
But how do kids in school get a taste of what they are really up against, and what is at stake, when cybersecurity at an individual level, an organisation level or a national level, fails?
