GIVEN the continuous growth of Malaysia’s Digital Economy, the introduction of Malaysia’s eagerly anticipated Cybersecurity Bill by Digital Minister Gobind Singh Deo in Parliament recently is a key development in ensuring the resilience and security of the nation’s digital infrastructure against evolving cyber threats.
IBM Malaysia managing director and technology leader Dickson Woo said that the noticeable rise in cybersecurity incidents within Malaysia which is reflective of a worldwide trend underscores the critical need for stringent measures.
“Cyberattacks which include everything from data theft to ransomware pose serious criminal threats that could jeopardise our national security, economic resilience and the safety of the public,” contended the experienced information technology (IT) influencer.
“The emphasis of the Cybersecurity Bill on setting and enforcing cybersecurity standards for entities involved with National Critical Information Infrastructure (NCII) represents a forward-thinking approach to reducing these threats.”
In Malaysia, some 3,000 cyber incidents were reported to the National Cyber Coordination and Command Centre (NC4) under the National Cyber Security Agency (NACSA) as of October 2023, highlighting the agency’s pivotal role in addressing cybersecurity concerns.
High risk
Furthermore, according to cybersecurity outfit Surfshark, Malaysia ranked as the eighth most breached country in the third quarter of 2023 with a staggering 494,699 accounts compromised.
Adding to the concern, cybersecurity firm Kaspersky and Surfshark reported an average of 74,000 attacks per day in 2023. This translates to approximately four Malaysian user accounts being compromised every minute during 3Q 2023.
“These findings underscore the timeliness for robust cybersecurity measures and highlight the importance of the recent legislative efforts to enhance Malaysia’s digital defences,” asserted Woo, noting that cybercriminals are increasingly exploiting user identities, hence signalling a pressing global identity crisis.
“By exploiting the vast amounts of personal data available online and through the dark web coupled with the use of AI (artificial intelligence), cybercriminals are bypassing traditional security barriers to gain unauthorised access to corporate networks globally,” he revealed.
“This marks a deepening breach into personal and organisational security, necessitating a re-evaluation of our cybersecurity defences.”
According to the IBM 2024 X-Force Threat Intelligence Index which draws on insights from over 150 billion security events daily across more than 130 countries, there is now a shift of focus to Europe from the Asia-Pacific region which was previously most impacted by cyber incidents.
However, the manufacturing sector remains the most targeted industry within the region, emphasising the urgent need for reinforced cybersecurity measures across various sectors.
The report further highlighted the evolving threat landscape with phishing and malware attacks leading the charge yet notes a significant decrease in phishing volumes attributed to advancements in AI potentially optimising these attack vectors.
“There is now the critical importance of modernising identity management and leveraging AI-powered technologies to safeguard against the sophisticated tactics of cybercriminals, thereby protecting the integrity of corporate networks and personal data against the backdrop of a burgeoning global identity crisis,” envisages Woo.
IBM’s AI-SECURE Blueprint
Amid the accelerating adoption of generative AI (GenAI) as a leading area of technological investment, a significant gap has emerged regarding the readiness of organisations to address cybersecurity risks.
To address these emerging challenges, Woo urged organisations to consider implementing and adopting the IBM AI-SECURE Blueprint, a plan grounded in fundamental principles aimed at addressing the vulnerabilities associated with GenAI technologies.
“This blueprint delivers a thorough framework for organisations looking to improve their cybersecurity stance with a strong focus on melding AI technologies with security protocols,” he enthused.
The AI-SECURE Blueprint was built by IBM on the core principles of:
A: Assess Al Exposure: Bring together cybersecurity, technology, data and operations leaders to assess and understand Al exposure, including risks associated with adversarial Al.
I: Integrate Security Across the Al Pipeline: Focus on securing and encrypting data throughout the AI pipeline from training to deployment. Continuously scan for vulnerabilities, malware and model-specific threats.
S: Strengthen Defences for Al: Invest in new defences tailored to secure Al systems with a focus on detecting and preventing adversarial attacks on Al models.
E: Embed Trust and Security into Al Use: Prioritise data policies and controls by emphasising security, privacy, governance and compliance. Communicate the importance of transparency and accountability.
C: Champion Protection of Al-Powered Data: Task the CISO with discovering and classifying sensitive data used in Al training. Implement data loss prevention techniques and enforce access policies to protect against threats.
U: Unify Cybersecurity and Business Goals: Treat cybersecurity like a product and stakeholders like customers. Align cybersecurity outcomes with business outcomes for Al initiatives that drive revenue.
R: Respond to AI-Specific Threats: Treat cybersecurity as an ongoing process. Establish a response plan for Al-specific threats, including adversarial attacks and inappropriate content.
E: Educate for Cybersecurity Excellence: Promote a culture of excellence by educating teams on cybersecurity threats associated with GenAl. Emphasise the value of behavioural changes to enhance data and security hygiene.
“The AI-SECURE Blueprint encapsulates the key actions needed to address cybersecurity concerns in the context of Al, promoting a comprehensive and proactive approach,” noted Woo.
“As GenAl continues to mature, its potential to deliver value while mitigating risks will only grow. Companies that have built broad capabilities in both risk and resilience will be able to go farther faster with this new technology – and be better positioned to defend future growth.” – May 18, 2024
