community-concept

FIRMUS-PCC conference – Industry stalwarts voice out cybersecurity hopes and concerns

During Firmus’ annual cybersecurity conference in Langkawi, Firmus renewed it’s collaboration with PIKOM’s CIO Chapter (PCC) for the fifth time.

About half of the conference attendees, are also PCC members, a collection of cybersecurity and technology movers and shakers who  oversee and contribute to the “health” of their respective organisations’ technology and operations.

Indeed after the long lockdown and being away from each other for such a long time, the Firmus’s 2022 conference was a good time to not only learn about the latest developments in cybersecurity. It was timely for the industry to reconnect and pick up from where they left off in 2019.

 Firmus co-founder and CEO, Alan See said, “After a long trend of working in siloes, this event is for everyone to finally reconnect.

Firmus was founded by Alan and his partner, Eric Yeow, in 2008. Over the years, the company collected over 200 clients as well as several awards, some of them notably by Cyber Security Malaysia (CSM), Malaysia’s premier cybersecurity agency.

“We believe we are currently one of the largest cybersecurity companies in Malaysia. Our offerings are holistic and end-to-end in terms of cybersecurity solutioning and advisory,” Alan said.

Every business user was asked the following two questions:

  1. How have your views/challenges of cybersecurity changed after the pandemic?
  2. How is this event helping you address your concerns/views about cybersecurity?

Over 100 cybersecurity and technology leaders and advocates attended the event. Here is a collection of their comments about the cybersecurity landscape, as well as their expectation of the cybersecurity conference.

MALINI KANESAMOORTHY, AMBANK GROUP

  1. The pandemic has caused an increase in both the complexity and evolution of cyber threats as attackers take this as an opportunity to exploit the loopholes that comes with the hybrid work arrangement/work from home .

This has brought additional challenges to the financial industries, which are managing the outcome of cyber attacks while ensuring minimal business and financial impact. Emphasis on addressing existing risks remains a priority as we also see new risks emerging.

The relationship building has a positive note and helped to bridge the gap in networking, due to the past MCO lock downs.

Dan Fadalini, SAINS

2. The event and key takeaways from the presentation has solidified my concerns on the evolving threat landscape and the need for us to continue building up our security defences to combat cyber attacks while also ensuring there is more focus on user and customer awareness. We are all susceptible to cyber attacks… it’s a matter of when it will happen and whether we have the right defense measures to minimise the impact, recover from it, or prevent it altogether.

DAN FADALINI – SARAWAK INFORMATION SYSTEMS

I see the industry expanding, with more solutions that address the existing challenges in HR and automation.

The pandemic has caused an increase in both the complexity and evolution of cyber threats as attackers take this as an opportunity to exploit the loopholes that comes with the hybrid work arrangement/work from home .

Malini Kanesamoorthy, Ambank Group

Existing customers and potential clients have increasingly been more open about improving their security posture and making the appropriate investments to do so.

2. I have gained necessary updates to what’s new in the cybersecurity world now. The relationship building has a positive note and helped to bridge the gap in networking, due to the past MCO lock downs.

KANG YEW JIN, PLUS

Before the pandemic the focus on cybersecurity was more on protection of the perimeter. But with the pandemic, the work force moved to work from home and the focus moved from protecting the perimeters to zero trust, and how we can secure the workforce that is working from home.

The includes securing their access to corporate resources, because using a cheaper consumer grade internet connection is not necessarily within the boundaries of corporate protection.

It is challenging to manage and implement IAM (identity access management) as hundreds of new devices are connecting to our external WiFi network.

James Thang, UCSI Group

2. I will use this event to get exposure to the various security vendors, network with peers, and also understand the latest trends and views on cybersecurity.

JAMES THANG, UCSI GROUP

1. External student and internal operational team network zone segregation are matters of concern along with ransomware, Trojan horse and computer viruses. All of these and over 35,000 connected devices are becoming more and more difficult to manage.

I will use this event to get exposure to the various security vendors, network with peers, and also understand the latest trends and views on cybersecurity.

Kang Yew Jin, PLUS

It is challenging to manage and implement IAM (identity access management) as hundreds of new devices are connecting to our external WiFi network.

2. Yes it’s helpful to get know all the on stage vendor presentation and know where to get solutions when we need it.

DZULASTRA LATIB, P&O INSURANCE

Encouraging mobile devices to blend with an organisation’s operations is the biggest challenge. Shifting key users from desktop to laptops is the first challenge. Smaller screen sizes and smaller in-built keyboard are the usual issues that technology champions will hear from users.

Initially we do have rejection from users who also intend to surrender their laptops to go back to using their desktops, but that obviously will hamper the organisation’s direction to manage business continuity (BC) measures when preparing the resources to work from anywhere/remotely.

 I mean, we are governed by Bank Negara, so we have to fulfill guidelines like RMiT which they provide. But, those are just ticking checkboxes, and are not enough.

Prasanta Roy, Tune Protect

Organisations also require more robust security solutions to be implemented to ensure infrastructure remain vigilant towards any possible threat due to the increase of remote connectivity into the infrastructure. (Failing to prepare will cause) a chain reaction that will impact the existing budget.

Regulators also begin to actively and regularly rollout assessment exercises to industry players which will eventually add to the existing basic Risk Management In Technology (RMiT) policy and requirements.

I see this potentially shifting the board-level mindset to balance the need of security and IT budget versus the conventional ROI mechanism that is usually adopted for every investment made.

Lastly… extra effort required for the CIO/CSO/CTO to be on the cutting edge and to be updated on the current security trends and available solutions.

2. (This event is an) amazing effort and platform by the organiser to promote essential  networking among peers who share a common interest, and for the solution provider to reach out and present their latest innovation that would be relevant to the different industries.

There are sessions that will allow us to stay updated on the latest technologies and solutions available.

PRASANTA ROY, TUNE PROTECT

  1. Pre-Covid and post-Covid, our security posture has changed a lot The simple reason is during pre-covid, employees used to come to office. Now, it’s a hybrid environment.  People work remotely. The more you work remotely, the more the risk of exposure to hackers.

This conference has so far talked about how attackers can elevate access privileges and then take over. . When the workforce is hybrid, how do you ensure the security is consistent when people are working remotely or in the office?

So this is the biggest change I see.

Organisations also require more robust security solutions to be implemented to ensure infrastructure remain vigilant towards any possible threat due to the increase of remote connectivity into the infrastructure. (Failing to prepare will cause) a chain reaction that will impact the existing budget.

Dzulastra Latib, P&O

BYOD (bring your own device) policies were always there, but now employees are working remotely… so how do you ensure that they get similar kind of access (to company data), while also protecting the network?

They can work from anywhere now… from a Starbucks coffee shop, they can work from an airport terminal, they can work from any place… so how do you ensure security?

VPN (virtual private network) is always there but it also has its own loophole, and you have to make sure those solutions are suitable.

Servers and data centres, are evolving as always whether its pre-pandemic or post-pandemic. But the workforce is the biggest challenge I see.

There are a lot of question marks around cybersecurity…how secure are we? For me, what keeps me awake at night is whether we are secure enough or not?

We can never be secure enough, hackers are always a step ahead, so this conference gives me various angles. Because cybersecurity now has many postures and many dimensions to it.

 I mean, we are governed by Bank Negara, so we have to fulfill guidelines like RMiT which they provide. But, those are just ticking checkboxes, and are not enough.

So this (event) gives an opportunity for us to see what other areas we can address, and be more holistic in our approach, rather than having a one-sided view. So you cover your (app) development, you cover your network, storage, infrastructure… everything.

Cybersecurity has increased due to more board and regulatory pressure as well as the perimeter increasing with cloud, SaaS, and third-party risk.

James Mitchell, CTOS Digital

And specifically now, we are the first insurer to go to the cloud with our core system. So there is multi-cloud, then on-premise, and there is a hybrid environment which is a reality in today’s industry.

So, we have to be much more proactive in the cybersecurity space. Especially now when we are opening up (economic activities) after the lockdown.

2. I will say, we will take up (the challenge of defending)… if we are not perfectly ready to correct the course… ! And no one is perfect in cybersecurity, just look at Microsoft.

So, this event gives us an understanding of various dimensions of cybersecurity, and probably it keeps me thinking while I am budget planning for next year, about the areas that I want to improve.

JAMES MITCHELL, CTOS DIGITAL

  1. Cybersecurity has increased due to more board and regulatory pressure as well as the perimeter increasing with cloud, SaaS, and third-party risk.

2. This conference provides one direct contact with vendors and other CIOs to be able to understand the main issues we are facing.

MALIK MURAD ALI, MYDIN MOHAMED HOLDINGS (Chairman of PIKOM CIO CHAPTER)

  1. Cybersecurity has always been part of IT in one form or another. The pandemic was in a way a perfect storm that test out the readiness and resilience of the organisation’s cybersecurity posture. It provided an opportunity to clean up, improve, and fortify security across the board due to strong push to go digital during the lockdown.

Compared to before the pandemic, I’m sure now, those of us who are responsible for security are more vigilant and the organisation as a whole is more supportive towards the need to invest in cybersecurity.

2. It is a good opportunity to network, discuss and engage both the practitioners and also vendors in this field. I do feel if you want to trust someone with your security, you have to first start with a good relationship.

And platforms like the Firmus-PCC Cybersecurity conference is a perfect opportunity to both engage peers, and also build new relationships.

DAVID CHUI, MYNIC

I am looking forward to seeing new technologies in the cybersecurity space. (I will) also be looking to implement solutions around insider threats and more, to be able to embark upon further deployments.

NGOH CHEE HUNG, HELP UNIVERSITY (Deputy Chairman of PIKOM CIO CHAPTER)

  1. I think cybersecurity is always at the heart of every IT practice. But the pandemic disrupted and changed the weight of cybersecurity within the entire IT landscape.

Because it has become easier for hackers to attack, not to mention the desperation for financial gain has heightened.

Compared to before the pandemic, I’m sure now, those of us who are responsible for security are more vigilant and the organisation as a whole is more supportive towards the need to invest in cybersecurity.

Malik Murad Ali, Mydin

Because of the pandemic, the economy is disrupted. People are looking for ways to support themselves, either to survive or to gain better revenue.

Technology can give them this edge.

In our development of IT tools, it is never perfect… there are always loopholes and vulnerabilities that people can take advantage of. This has increased demand for cybersecurity.

(I will) also be looking to implement solutions around insider threats and more, to be able to embark upon further deployments.

David Chui, MYNIC

We have put everything online on the cloud, and these opens up opportunities for hackers to attack. Threat actors can find loopholes and vulnerabilities and gain advantage . So, we need to pay more attention to cybersecurity.

2. Most of the presenters at this conference are complementing each other. Each are basically covering one aspect, or one focus. When you complete the entire session for the day, you will get a very holistic view of what is currently in trend and the focus areas for the vendors of the day, for the industry.

Knowing how peers in the same country and industry do it gives us more confidence and assurance that what we are carrying out in our own premise is in the right direction.

Chin Kah Yi, Sabah Net.

Technology solutions can address any vulnerabilities created by IT tools. However, we have yet to address another weak point – humans – which no IT tools can help with.

A lot of cybersecurity attacks infiltrate into the environment via humans. So they actually launch an attack from within, not from outside. So, we need to pay attention to that area as well.

CHIN KAH YI, SABAH NET

  1. There is no change (in views and opinions and concerns) for me as a cybersecurity professional and one who is operating a GLC. But the views from company and government stakeholders have changed. The trust factor in the digital world has gone lower as the dependency on Internet for daily living has become more essential.

This event was very informative. It provides a platform to share experiences  amongst industry CIO/CISO and the latest security solutions from solutions partners.

Chong Fong Kong, BSN Gibraltar Life

2. This event is well thought-out with straight-to-the point messages for leaders, exposing us to the latest technologies, services and processes being developed in the global industry. It gives a glimpse how far the industry is driving the security landscape so we, as customer, know how far we can leverage on technologies and how much we have to do it ourselves.

Condensed into one day, there are a multitude of short sessions from top leaders and it is always a good way to give refresher and pointers to take home.

Personally, I feel that the threat landscape has never gone better. It won’t. It can only go innovatively complicated. Knowing how peers in the same country and industry do it gives more confidence and assurance that what we are carrying out in our own premise is in the right direction.

Technology solutions can address any vulnerabilities created by IT tools. However, we have yet to address another weak point – humans – which no IT tools can help with.

Ngoh Chee Hung, HELP University

Hackers collaborate to attack. We, the defenders, even more need to work together to protect our own asset. It’s another continuous conundrum – having to develop more cybersecurity professionals is getting more critical too.

CHONG FONG KONG, BSN GIBRALTAR LIFE

  1. The pandemic has resulted in increased number of employees working from home. It has also increased the exposure to cybersecurity risk. Cyber attackers are taking advantage of this to exploit vulnerabilities, hence it is important to improve security at the edge and identify access controls.

2. This event was very informative. It provides a platform to share experiences  amongst industry CIO/CISO and the latest security solutions from solutions partners. Some solutions complement each other, to improve overall security landscape.

This event allows attendees to catch up on the latest developments and trends in cybersecurity.

Steven Lam, Sedgwick Malaysia

MAZ MIRZA MOHD AMINURASHID, MASS RAPID TRANSIT CORPORATION

1. To me, the change (before and after pandemic) is more about cloud security as many systems and processes have to be moved to, or now rely largely on the cloud to enable remote working during the pandemic.

2. It is good to discover and understand the options and techniques to secure cloud deployments and how to have consolidated detection and response capabilities from endpoints, on-premise systems and the cloud-based systems.

STEVEN LAM, SEDGWICK MALAYSIA

  1. During the pandemic, our business has to adapt the way we operate by adjusting to compulsory work from home during the pandemic phase, to post-pandemic partial work from home and at office.

The IT team has been tasked to provision notebooks to all the colleagues to support work mobility as our business is very dependent on IT services to support operation.

This work mobility has created additional challenges to IT as we need to protect the data of those colleagues that are working from home.

Prior to pandemic, we have more desktop computers than notebooks so our effort is concentrating on securing the data within the organisation network.

During the pandemic, IT was also tasked to secure assets  (“data”) of organisation as assets have been expanded to cover endpoints of colleagues that work from home.

It is good to discover and understand the options and techniques to secure cloud deployments and how to have consolidated detection and response capabilities from endpoints, on-premise systems and the cloud-based systems.

Mirza, MRT Corp.

We have to request extra IT budget to upgrade many security tools like VPN to allow more colleagues to access to our network, we have to secure our endpoint with EDR solution like Carbon Black to protect data on endpoints and servers, deploy new patch management tools ie. “Datto” to ensure all the servers and endpoints are patch in timely manner, and leverage Microsoft Intune to secure data on mobile devices.

The challenges for IT is to ensure the data is safe inside the organisational network and and safe for Work From Home colleagues that are consuming mobile devices like smartphones and notebooks.

2. Due to work schedule, we do not allocate enough time to catch up or research on IT security trends which is constantly evolving.

This event allows attendees to catch up on the latest developments and trends in cybersecurity.

This  is important as in our line of business (Loss Adjusting and Third Party Administrator), data protection is critical part of our business; we have been entrusted by our management to protect data that belong to our customers.

Our business has very strict compliance to data protection (part of our business requirement) to ensure that we have taken all necessary measures to protect the customers’ data.

Some of the IT security product sessions conducted during this event by the security software/service principals help us to identify potential security gaps that we need to address with current IT system, or explore how it can allow us to incorporate these tools into our upcoming projects.