A panel discussion on “Next-gen Cybersecurity – How can Malaysia do better?” took place virtually on October 8th with Foong Choong Fook, CEO, LGMS moderating the panel discussion. Peter Leong, Technical Program Director from a Financial Sector, and Vidit Arora, Senior Director & Global Technology of Securonix shared their insights on cybersecurity, cloud adoption, and remote working.
Speaking on cloud security which was the first part of the panel discussion, Vidit Aurora shared that with everything that’s moving at a rapid speed especially now, organistions have changed in a good way when adopting cloud over the years.
He further explained the controls have changed over the years in terms of the environment. From existing on an on-premise/under control of the data centre-based environment to one that is completely virtual now.
“You have to think about cloud as an extension of on-premise environments and it has to be protected and architected in that way, so the level of governance and monitoring has completely changed as well,” he added.
A lot has shifted over the last few years, from where companies were TO where they are today. This applies to their readiness for the future.
Echoing Vidit on this positive change over time, Peter Leong shared his insights from a management perspective of how security has spread across businesses.
“You probably have to involve the risk management team as part of the whole ‘addressing-volatility’ strategy for cloud hosting or even involve the server team.” Peter explained this is due to having to secure other endpoints as well.
Touching on cyber defense strategies in adopting cloud, Vidit highlighted the key ones that include:
- Access control (role-based access governance) – Identity intelligence and ensuring people have the right level of permission in the cloud
- Visibility (monitor & alert) – Having visibility across all cloud infrastructure, cloud applications that correspond to on-premise environment
Peter also highlighted management best practices of the organisation that is adopting cloud, which is to have good administrative control from regulating policies all the way to procedures.
“One of the best practice is to incorporate annual site audits to the cloud provider, whether it is a surprise audit or a scheduled one – it is crucial,” he added.
From a financial service perspective, he further stated that data is very key. It is also important to have some level of checkpoints when data passes the firewall to prevent unauthorised clicks or downloads.
In recent years he said the financial service has seen more collaborations with service providers in addressing the cyber threats. For instance, Bank Negara Malaysia (BNM), the central bank of Malaysia issued the RMiT (Risk Management in Technology) guidelines recently to ensure institutions maintain their cyber exposure to a level commensurate to the risk.
Whilst on the topic of the pandemic, Malaysia has seen the Movement Control Order (MCO) since the beginning of March with Malaysians working remotely and relying on an unsecured network. This has caused concerns amongst enterprises and businesses.
Adding to that point, Peter shares how businesses can encourage proper cybersecurity adoption practices in the private sector. For example:
- BCP testing – Ensure basic firewalls are in place and having a second level protection and verification in terms of VPN
Vidit ended his session by sharing some advice to top management regarding remote working. He emphasised the focus first has to be operations – to make sure businesses are operating as usual.
“This is key because most companies were never prepared to ever let people access a document from the comfort of their homes. With that the next advice automatically comes down to security – don’t compromise on your security.”
Finally, he advises top management to not be afraid to approach cloud – and to ensure they take the leap with a sense of verification and governance to ensure the vendors are following the same security protocols.
From an enterprise perspective, Peter shared his final outlook when it comes to the security of remote working. His advice includes to further enhance security features and day-to-day security reporting, to spot any unforeseen items.
“Make sure to implement and tighten up conditions and requirements to avoid threats especially now, (as) we are in a vulnerable condition,” he ended.
