Company boards listen up! Cyber security is your issue too

By RAHIMI YUNUS / Pic By TMR File

Top management in the corporate world need to realise that cyber security is a concern that goes beyond their information and technology (IT) department.

CyberSecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab said the level of awareness about cyber security issues among the C-level executives in Malaysia is still low and a shift in mindset is critically needed.

“Cyber risks related to cyberattacks go beyond the IT department. It is a boardroom and CEO/MDs issue. They need to understand such risks involve operational, financial, brand reputation and even to a certain extent, regulatory risks,” Amirudin said at Microsoft’s global Security Intelligence Report (SIR) briefing in Kuala Lumpur yesterday.

He added that when companies are compromised by cyberattacks, they have to bear extra cost to recover.

“Instead of focusing on strategic and productivity matters, the companies then have to focus their resources, money, time and manpower to recover from the cyberattack,” he added.

Microsoft Malaysia national technology officer Dr Dzaharudin Mansor noted companies that lack strong cyber security measures face the challenge of data protection.

“Companies that do not have proper preventive measures in terms of securing the data may be caught off as breaching the Personal Data Protection Act 2010 (PDPA). Not only the PDPA, they may be fined under the new regulation in Europe called General Data Protection Regulation (GDPR),” Dzaharudin said.

According to Dzaharudin, Malaysian companies with an office in Europe and/or serve the European region face the risk of a fine up to 4% of global revenue in an event of data breach.

“The GDPR requires companies to lodge a report of any data breach within 72 hours and this is a challenge to those companies who do not automate their cyber security monitoring and control,” he added.

Amirudin said many CIOs faced challenges in trying to convince the top management to make cyber security budget allocations.

Last year, a cyber criminal gang known as the Lazarus group carried out a US$81 million (RM340.2 million) cyber heist in Bangladesh which led to the country’s central bank governor Atiur Rahman’s forced step down along with two deputies.

Earlier in 2014, Sony Corp faced tens of millions of dollars in cost after a massive computer hack that hobbled its operations and exposed sensitive data.

The WannaCry Ransomware attack hit nearly 20 Malaysian firms, ranging from a government-linked corporation and financial investment firm to a motor repair shop.

Last July, a group of hackers called “Armada Collective” initiated a Distributed Denial-of-Service attack on several investment banks and securities brokers in the country causing many online trading systems to be suspended.

The hackers demanded a payment of 10 bitcoins (RM110,500) or else the trading systems would be attacked again.

The Microsoft SIR noted 12.9% of computers running on Microsoft real-time security protocols reported a malware encounter in the first quarter of 2017. This is slightly higher than the global average of 9%.

According to the 2017 Unisys Security Index, Malaysia’s top security concerns in 2017 are bankcard fraud, followed by identity theft and virus hacking.

These top three concerns are all cyber-related, leaving behind concerns like financial obligations, natural disasters, war and terrorism at a lower rank.

As the business world, and in fact humankind, is embracing an interconnected world and Industry 4.0, the new risk is cyber threats.

Hence, organisations should not underestimate the risk and adopt cyber security best practices, the report noted.