Every day is a field day for cyber crooks as cybercrime tools become more sophisticated and more readily available; however, this is not evident to us because many countries lack the legal provisions that require organisations to disclose cybersecurity incidents or data breaches.
This would also be the case in Malaysia, says Fong Choong Fook, CEO of LE Global Services Sdn Bhd (LGMS) and Founder of Asia Cybersecurity Exchange (AsiaCyberX). Fong shares his opinion on the cyberattack statistics in Malaysia, in which cybersecurity incidents are underreported due to the absence of such laws or regulations, subsequently making it difficult to plan and take proactive measures. In other words, as there is no law that requires an organization to report cyber security incident to the authorities, nobody really knows…
Fong points out that many SME owners have the impression that they are not as susceptible to cyberattacks as compared to larger organisations — and this is a major misconception. Hackers, he notes, are no longer “biased” in their attacks as they use automated software, which means if a small company uses email and websites, the risk of encountering a cybersecurity incident is no different from the bigger players. In fact, SMEs have a disadvantage in this
matter, as they may not have the budget that big companies have to protect their assets against the same kind of exposure which does not discriminate based on the size of organisation.
“It is also important to note that the data or assets which the hackers are after, may not necessarily be valuable to them — but it may be indispensable to the targeted SMEs,” says Fong. He added that ransomware attacks do not pick and choose their targets, as the whole point of the attack is to cause an inconvenience so that their victims will be forced to pay up. Fong also says “SMEs may think that their information is not that valuable but just imagine if their customers’ invoices were to be encrypted due to a ransomware attack. They would not be able to access their email and this is
no longer just an information technology problem but also a business one. This mindset needs to change.”
To make matters worse, Fong reveals there is an alarming shortage of cybersecurity talents in the country in addition to the rapidly growing rate of cyberattacks where cybersecurity professionals are unable to catch up. In fact, Cybersecurity Jobs Report 2018 – 2021 has predicted that there will be about 3.5 million unfilled cybersecurity positions by 2021 globally.
“This means we now have more thieves than policemen. And some of these thieves are not human — they areautomated tools and software. Cybercriminals are constantly finding ways to hack into organisations, and these automated attacks can also take place 24/7. This talent shortage will be our biggest problem in the next five years or so,”
Fong says. He also adds that if the problem of talent shortage goes unresolved, the country as a whole will not be able to protect itself against much largerscale cyberattacks, which brings upon catastrophic consequences.
Locally, he cites a case from July last year that involved trading firms. “A group of hackers sent huge traffic to the networks of these trading firms. It was so overwhelming that they had to shut down their systems,” Fong says, adding that the incident was not widely reported.
“There is a serious need to identify undiscovered cybersecurity talents and entrepreneurs as our lifestyles become more digitally-dependent, and to that end, Asia Cybersecurity Exchange (AsiaCyberX) was formed.”
As disclosed by Fong, LGMS is the leading cybersecurity firm in Asia Pacific. As the globally trusted name in the field of Cybersecurity Testing and Assessment Service Provider, LGMS’ mission is to provide world class cybersecurity penetration testing, forensic and cyber security consulting services locally and abroad. Whereas AsiaCyberX is the brainchild of LGMS, it was formed out of a partnership between LGMS & ACE Group to advocate and support cybersecurity entrepreneurship, while also nurturing skilled cybersecurity professionals to meet the growing demand in this space. It also serves as a key catalyst for the cybersecurity ecosystem in the region. ACE Group is involved in financial services, investments and capital management.
“AsiaCyberX’s mission is to empower cyber entrepreneurs and grow cyber defenders with huge potential. With our training and mentorship programmes, we aim to elevate Malaysia’s cybersecurity ecosystem to a whole new level by strengthening the capabilities of local talent and entrepreneurs,” said Fong.
“A fund of RM200 million is up for grabs for cybersecurity start-ups with high-growth potential; the ultimate aim is to elevate Malaysia as a hub for cybersecurity entrepreneurship and talent. Let us know if you have a cybersecurity idea.”
“With our training and mentorship programmes, we aim to elevate Malaysia’s cybersecurity ecosystemto a whole new level by strengthening the capabilities of local talent and entrepreneurs. By increasing the diversity of the cybersecurity workforce, we believe we will be able to create a broader pool of cybersecurity talent and muster the right talent to develop rich responses to the increasing threat of cybersecurity attacks,” says Fong in response to what AsiaCyberX is doing to achieve its vision. Fong is also a 20-year cybersecurity veteran and has advised and trained multiple government bodies and multinational companies throughout the Asia Pacific, Eastern Europe, and Africa regions.
To further grow the talent pool, AsiaCyberX has a accelerator programme for cybersecurity start-ups to help them secure funding by connecting them with investors. Fong shares that the programme allows these talents to develop entrepreneurship, as well as discover and validate cybersecurity ideas with huge growth opportunities. Since its launch in April, AsiaCyberX has identified four cybersecurity start-ups and are still looking for more to join the accelerator programme. He adds that “Sometimes we see good talent but many are not able to articulate the business side of their ideas. They really want to create something fantastic but we need to help them get guidance, resources and funding, and this is our role.”
Another obstacle for these start-ups, Fong points out, is the lack of testing grounds for their products or the products they create. With AsiaCyberX, this becomes less of a problem as AsiaCyberX is working with the ACE group, which has many companies from various different sectors listed under the organisation; whereby great start-up ideas can be applied across these different listed companies.
The AsiaCyberX initiative is also supported by the Malaysia Digital Economy Corp (MDEC), who is also partnering with LGMS to roll out a 12-month MDEC Cybersecurity Development Program leveraging on the AsiaCyberX platform.
Fong says this will be achieved via a full schedule of activities, including cybersecurity conferences, hackathons, chief information security officer (CISO) roundtables as well as industry collaboration workshops over the next 12 months. The partnership targets to train as many as 240 cybersecurity specialists in the next 12 months with an aim of increasing the number from next year onwards.
“So far we have trained a few cohorts of 50 students in total. Each batch of students — who were selected through a stringent process by our partner MDEC — spent six weeks being schooled by AsiaCyberX’s hands-on learning programme,“ Fong says. He shares that the students are either in their second or final year of obtaining a degree, and the difference between AsiaCyberX programme and an internship is the mentorship aspect as they bring in industrial experts who have been in the industry for a long time to guide the students.
“We also provide assessments and an international cybersecurity certificate if they pass. We retain their profiles and match their skills and capabilities with employers who approach us to look for talent. So AsiaCyberX also serves as job placement centre,” Fong adds.
JOINING FORCES WITH INDUSTRY EXPERTS
To further boost the country’s cybersecurity ecosystem, MDEC and LGMS leverages on the AsiaCyberX platform to organise CISO roundtable events where top information security officers from different organisations gather and discuss common cybersecurity landscape and issues. The participating chief security officers are from various sectors and industries, such as telecommunications, healthcare and property development. These meetings and conferences are held regularly and a report will be produced at the end of every meeting, containing all the concerns, issues and proposed solutions. The report will then be sent to the relevant authorities such as the Malaysian Communications and Multimedia Commission and National Cyber Security Agency. Furthermore, the workshops and talks are free and
they cover topics including but not limited to cloud computing security, internet of things security as well as financial technology (FinTech); the people who give these talks or conduct the workshops are all experts in their fields.
Exciting things are happening at AsiaCyberX as they progressively roll out their initiatives for cybersecurity players all over the country. For more relevant information, resources and opportunities, head on to https://asiacyberx.com or https://lgms.global.
Click Here For the Article