South-East Asia is unquestionably one of the most dynamic and exciting places to do business, benefiting from an increasingly interconnected regional economy and boasting one of the fastest growing internet markets globally. Much of this success can be attributed to the region’s early adoption and bold experimentation with new digital technologies, including automation, machine learning, mobile internet and cloud adoption.
The Malaysian Government has developed a serious agenda to fully leverage digital technology both as an enabler and a driver of economic transformation. Key milestones over the last few years include the establishment of the world’s first cyber court in 2016, and another world first in the establishment of a digital free trade zone. These, among a raft of other digital-friendly policies, put Malaysia’s goal of having 20 percent of its GDP attributed to digital well within reach.
Indeed, corporations in Malaysia scored well in several areas of Accenture’s Digital Performance Index, with 54 per cent of companies having launched new digital products and 44 per cent have digitalised their current products. This shows that Malaysia’s corporate leadership understand and are convinced of the importance of digital, where 44 per cent have included digital in their growth strategy.
However, one area in which Malaysia needs to do better on its digital score card is in securing sensitive personal and business data from cyber threats.
A timely, but unfortunate reminder that Malaysia is not immune to the increasing cyber threat landscape was the large data breach uncovered in late 2017 that affected major mobile service providers. The leak included mobile numbers, identification card numbers, and residential addresses. This data – especially when aggregated – is very lucrative on the black-market where criminals can exploit it to conduct online fraud and identity theft.
Malaysia is not alone in facing this growing cyber threat. Globally, changes in how business practices and global supply chains are expanding the threat landscape as much as changes in technology. Accenture estimates that the typical organisation will face over a hundred focused, targeted breach attempts every year, and that one in three of these will result in a successful security breach.
Data protection is proving a tricky conundrum for many government and business leaders globally. On the one hand, there is no doubt the ability to collect large amounts of data is overwhelming the ability of many organisations to secure this data. But on the other hand, the ability to reveal tremendous insight from aggregating this data is leading to transformational insights which drive business growth and benefit society. We call this ‘Applied Intelligence’, where intelligent technology and human ingenuity applied at the core of business across every function can address an organisation’s complex challenges of mining business gems as well as keep them secure.
As the landscape continues to evolve and new threats emerge, it is vitally important that Malaysian government and business leaders continually re-examine their security strategies to stay ahead of the adversary. As a start, I recommend the following ‘to do’ list for all leaders.
Be brilliant at the basics: Good enterprise-wide ‘security hygiene’ and security is often seen as an afterthought, when it should be a central part of the business strategy. Information security is an Executive/Board level responsibility. Implement a strategic review of the current maturity level of your current security strategies (cyber, physical, personal) to ensure you identify your security gaps. This can be done internally or with the assistance of a 3rd party and, depending on the scope, can take anywhere from a few weeks to a few months.
Know yourself: Companies typically struggle with identifying the core assets to protect and who takes accountability for protecting those assets. Having ‘total security’ is impossible, but you can help protect your business and customers by identifying and hardening your high-value assets – those things which are critical to operations, subject to the most stringent regulatory penalties, important trade secrets, or that give you that competitive edge.
Know your enemy: The threat landscape is expanding and threats are becoming more difficult to detect. You must ensure that your security strategy is based on a realistic picture of the strategic environment by investing in proper intelligence feeds, both internal and external to your business. Challenge your security team to adopt the mindset of an attacker – simulate ‘worst-case’ scenarios designed to uncover what they want, and design and execute your threat and vulnerability programme to deny it.