Technology can help society to be resilient and adapt to the current situation and threats due to the pandemic
When asked how he planned his career path to be a successful technology leader, Dato Dr Amirudin Abdul Wahab, CEO of CyberSecurity Malaysia, in an exclusive interview with CIO News, said, everyone has their own set of skills and experience to assist in their path. However, the key ingredient for any successful endeavour is teamwork. Within the technology sphere, no one can handle technology alone but if everyone plays their part and contributes toward the success of the organization, everyone succeeds.
Even the word TEAM consists of Together Everyone Achieve More.
When I first joined CyberSecurity Malaysia (CSM) in 2013 as its CEO, I went and approached as many staffs as possible with the purpose:
- To know them better
- To understand their problems/issues/challenges
- To learn their potential
- To share my vision and strategic direction for a new CSM
My conclusion, they are all excellent people in their respective areas of expertise, but their potential is not properly been tapped.
Therefore, as the CEO of CSM, I set my focus onto:
- To unleash their potential
- To set shared direction and vision
- Form a strong team
When asked about challenges he faced in his career path and how he overcame them, he said, Throughout my career, there are many challenges I’ve faced but I will notably only mention a few:
- The COVID-19 Pandemic: During the pandemic, there were several challenges and concerns that arose regarding the Malaysian Movement Control Order (MCO) as it impacts all staffs’ work. Therefore, various discussions were held, and new action plans were executed such as working from home, a hybrid workplace, using a Virtual Private Network (VPN), the use of video conferencing method as a way to communicate, and many more.
- On the other hand, since the pandemic hit the globe, cybercriminals have been exploiting and attacking vulnerable individuals, organizations, and the country. As a technical expert and specialist cyber-security agency, we actively monitor and report the latest trend of cyber threats, and cybercrime statistics, alert the rising of cyber-attacks, increase cyber awareness through all media platforms, etc.
- There are also challenges in spreading awareness and persuading others to see the importance and prioritize cyber-security in an organization or a country. Some organizations still take cyber-security for granted and do not see the importance to invest or allocating the budget for cyber-security. CSM is trying its best to make others see the importance of cyber-security for the security of organizations and also the nation.
All challenges and hardships faced, CSM has come so far and achieved great length. Some of CSM’s achievements, awards, and recognition are as follows:
- Won Champion Prizes at the World Summit of the Information Society (WSIS) for two consecutive years (2016 & 2017) and also most recently in the year 2020 as the Winner of WSIS Prizes 2020 Category 5 at World Summit of the Information Society (WSIS) 2020: “Building Confidence and Security in the use of ICTs”.
- CSM has been accredited by INTERPOL for the contribution and assistance of digital forensics expertise in developing the INTERPOL Global Guidelines for Digital Forensics Laboratories
- In March 2021, CyberSAFETM L.I.V.E. Gallery was developed under the CyberSAFETM Program and it is recognized by the Malaysia Book of Records as the ‘First Cyber Security Gallery’ in Malaysia.
When asked about a cyber-attack or any cyber-security incident faced by his current organization and how he tackled it, he said, at CSM we receive and monitor several cyber-attacks and security incidents. These incidents can cause people to lose money and data leakage and cause suffering not only to people but also to businesses and organizations. Some of the cyber incidents are as follows:
- Phishing: This is the most common method used by cybercriminals to gain advantages among the victims. By sending a fake email, message, or any form of communication that contains a link that entices the user with a form of reward (most commonly money) or sending an alert or warning to the users and threaten them to follow blindly the instruction given or there will be bad consequences. CSM tackles this issue by providing consistent awareness and training programmes for all employees. There is also a phishing assessment test to challenge employees and if anyone fails, they will be given a warning and further training will be required.
- Social Engineering: Due to the abundance of digital technology, many users tend to use digital appliances and forget security details. Cybercriminals used social engineering to gather information from unexpected victims who are careless and lack awareness regarding their own privacy. CSM combats social engineering by spreading awareness during events and regularly updating the latest cyber threat and cybercrimes trends via emails. Even passwords need to be changed to avoid the same password being used.
- Malware attack: Digital revolution has introduced malware as a criminal tool. A malware attack is both a local and global issue. In most cases, malware serves as an initial step to bigger and more sophisticated cyber-attacks. It usually searches for critical vulnerabilities in software running on networked computers. Antivirus software and updating software are needed to combat malware attacks. Since it is common, cybercriminals can find loopholes within old software and exploit it.
When asked how his organization geared up in terms of technology in the COVID times, he said:
- Due to the COVID-19 pandemic, people started to rely more on digital technology and applications. It has also accelerated major technology trends such as digital/contactless payments, telehealth, robotics, artificial intelligence, etc.
- Technology can help society to be resilient and adapt to the current situation and threats due to the pandemic. During the COVID-19 pandemic, technologies play a crucial role in keeping our society functional in a time of lockdowns and quarantines. And these technologies may have a long-lasting impact beyond COVID-19.
- Within CSM, the hybrid workplace is implemented. This is to ensure productivity and avoid miscommunication among employees during working hours. Remote work is enabled by technologies including virtual private networks (VPNs), voice over internet protocols (VoIPs), virtual meetings, cloud technology, work collaboration tools, and even facial recognition technologies that enable a person to appear before a virtual background to preserve the privacy of the home.
- To ensure everyone is healthy when coming to work or WFH, a healthy standard of practice is implemented. One of the conveniences of digital technologies used is the ‘MySejahtera’ apps (by the Government). It is a must for Malaysians to identify any potential COVID-19 risk, verify their current vaccination status, and notify any new COVID-19 cases.
When asked about technology solutions and innovations he plans to implement in the post COVID era, he said:
- Digital transformation: The COVID-19 pandemic has accelerated digital transformation globally. Organizations have no choice but to become more trusting of what technology can do and they are pushing ahead with digital transformation
- The accelerated process of automation in business: It can streamline business for simplicity, achieve digital transformation, increase service quality, improve service delivery or control costing
- CSM focuses onto become a cyber-resilience organization: Any organization that relies on technology or entering the digital era must be cyber resilience. Since there is no absolute defence against cyber threats, digital infrastructure can be breached in a matter of time. Cybercriminals nowadays are very organized and creative in discovering loopholes within any organization’s defences
- Proactive and adaptive security: Adaptive Security is an approach to cyber-security that analyses behaviours and events to protect against and adapt to threats before they happen. With an Adaptive Security Architecture, an organization can continuously assess risk and automatically provide proportional enforcement that can be dialled up or down. Identify, protect, detect, respond, and recover
- Collaborations provide a mutual benefit to all parties and share knowledge and experience towards a goal: One of CSM collaborations is with higher learning institutions and academia. Through our collaboration programs, we partnered with various higher learning institutions in designing, developing, and producing industry-standard knowledge such as cyber-security courses, papers, certifications, and labs including malware labs. This collaboration identifies talented cyber-security students through various programs offered by local universities and colleges
When asked about challenges faced by technology leaders today in a similar industry while implementing digital technologies, he said:
- To adapt to the new complex and sophisticated tools, processes, and technology
- Lack/Shortage of skilled professionals
- Cyber security concerns (cyber threats and cyber-attacks)
- Increase of cyber-attack surface
- Budget constraints
- Having an old-school mind-set. Things change slowly, automation is looked down upon, and new technologies are difficult to adopt. They are sceptical to adapt to new technologies.
When asked how technology leaders can overcome the challenges faced, he said:
- Cooperation: An organization does not operate by itself; it needs employees, managers, executives, and C-level officers to assist each other to achieve the targeted objective. This is especially true towards cyber-security as many people believe cyber-security is a single man’s job or one department’s task.
- Enforcing the correct policy: Due to the rapid development of technology, many organizations across industries started to emerge. With many niche companies emerging, it is important to enforce the correct policy to avoid disruption within the workflow or company operations. There are some tasks that are suited for a hybrid workplace, then there are tasks that are suitable for office environments, and there are even tasks that can be done from home only.
- Collaboration: Technology has wide applications within the digital world today. Thus, collaboration provides an approach to sharing knowledge, implementing new ideas, and opportunities to execute interesting plans and improve relationships between parties.
- Cyber-security is not an afterthought: For those who want to become technology leaders or already need to know that cyber-security must be implemented early on, this is to avoid any potential weaknesses or loopholes from being exploited in the nearest future.
When asked about best practices/industry trends/advice he would like to suggest to fellow technology leaders for their successful professional journeys, he said:
- Investment in R&D and new technologies
- Recognize the importance of cyber-security
- Analyse the current cyber-security situation
- Implement cyber-security policies
- Make cyber-security embedded in the organization’s culture
- Be accountable and responsible
- Be creative and innovative
- Be open and clear
- Able to communicate well to others regarding security strategies such as risk appetite
- Training and awareness
- Keep everyone updated with the latest cyber-security trends and treats
- Conduct audits and assessments
- To fight cybercrime, we need to understand its economics, the relationship, connection, behaviours, and the incentives that drive cybercriminals.
- There is no such thing as 100% security. There is still much improvement to be made. We need to increase and strengthen our cyber-security manpower and professional skills.
- There is a need to ensure a secure, resilient, and trusted cyber environment in order to sustain progression and prosperity. In this regard, a more innovative and proactive adaptive security approach is required to address such situations. Adaptive cyber-security encompasses predictive, detective, responsive, and corrective capabilities.
- In addition, our approach must be adaptive, dynamic, and innovative covering people, processes, and technology.
- Strengthening Public-Private-Academia Partnership and national, bilateral, regional, and International Collaboration.
- Malaysia should gear itself towards cyber resilience as the threat of a global cyber-security breach continues to pose a major risk.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics