With the growing threats of cybercrimes, it is critical for organisations to seek solutions beyond technology. In part two of this series, Accenture Cyber Security Leader and ASEAN managing director, Vinod Shankar shares more about methods to mitigate cyberthreats.
With cybercrimes becoming more prominent, the Sarawak Cyber Security Unit was formed to curb the rising numbers. During an event last year, Sarawak Media Authority (SMA) general manager, Datuk Dr Anderson Tiong, shared statistics obtained from the police’s Commercial Crime Investigation Department. A total of 1,901 online crime cases were recorded in Sarawak between January 1 and November 30, 2023.
Meanwhile, the data also showed an increase in the trend for cybercrime cases as compared to the same period in 2022 with 1,601 cases. In sharing these numbers, it is therefore vital to ensure significant steps in supporting Sarawak’s digital transition.
When the unit was established at the end of 2023, the cyber security team had organised several engagement sessions with key stakeholders to better understand their pain points and priorities.
These activities contributed to the development of the CyberSarawak Initiative. The CyberSarawak Initiative, with its 3S programmes — “Stay Safe”, “Stay Smart”, and “Stay Secure” — represents a comprehensive effort to strengthen Sarawak’s cyber security posture, fostering trust and encouraging greater participation in the digital economy.
The CyberSarawak Initiative, which was unveiled by Premier Datuk Patinggi Tan Sri Abang Johari Tun Openg during the recent International Digital Economy Conference Sarawak (IDECS), comprises the following programmes:
“Stay Safe” programme — The “Stay Safe” program prioritises immediate protection for the public and businesses in Sarawak. A key initiative under this programme is the CyberSarawak Helpdesk, which provides a vital platform for reporting cybersecurity incidents, offering expert guidance, and accessing essential support resources.
“Stay Smart” programme — The “Stay Smart” programme aims to raise cybersecurity awareness, particularly in underserved communities. To achieve this, SMA launched a Train-the-Trainer Ambassador programme, training 65 ambassadors from libraries and local councils to lead cyber awareness sessions, enhancing community engagement and education.
“Stay Secure” programme — The “Stay Secure” programme focuses on strengthening the cybersecurity posture of Sarawak’s critical information infrastructures (CII), including government agencies. To date, SMA has conducted thorough assessments of 47 agencies, statutory bodies, and Government-linked Corporations (GLCs), ensuring the resilience of essential services against cyber threats
Strengthening cybersecurity within organisations
Sharing on strengthening cybersecurity within organisations, Accenture Cyber Security Leader, Managing Director for ASEAN, Vinod Shankar, said that embedded cyber resilience is beyond an IT function.
“It should be an organisation-wide priority that establishes reporting and accountability. Organisations who can integrate cybersecurity as part of their business strategy have a competitive advantage.”
Offering several advices on how to develop a cybersecurity strategy, Vinod shared the following:
Emphasising the importance of cyber resilience as a business strategy from the start: Organisations can enhance their cybersecurity posture by treating it as a strategic enabler from the start, integrating it into executive performance metrics, continuously reviewing risks throughout critical initiatives, reducing organisational and technological complexity, and maintaining transparency with stakeholders about cyber threats and responses.
Establish shared cybersecurity accountability across the organisation: Cyber resilience starts with a security-oriented culture with awareness at the highest levels, which includes everyone in the organisation. CEOs should drive cybersecurity by fostering shared accountability across the C-suite, leading by example to instill a cybersecurity-first culture throughout the organisation. Investing in talent development and automation will help address the cybersecurity skills gap. Additionally, adopting Cybersecurity-as-a-Service (CaaS) can also streamline security operations, reduce costs, and enhance overall resilience.
Secure the digital core at the heart of the organisation: Organisations must proactively prepare for emerging threats, such as quantum computing, by integrating security from the start in digital projects and embracing a zero-trust framework to ensure robust defences. Prioritising digital trust through strong data governance and preparing for future technologies with quantum-resistant encryption is essential.
Additionally, increasing cybersecurity budgets and developing comprehensive security protocols for emerging technologies, including generative AI, will enhance resilience. Organisations should champion these measures to safeguard data and maintain a secure, competitive edge.
Extend cyber resilience beyond organisational boundaries and silos: Cyber resilience extends beyond merely enhancing information security functions; it involves aligning cybersecurity with overall business risks and strategies. Organisations should establish shared accountability for cybersecurity across the C-suite, prioritise cyber resilience in supply chain partnerships, and foster transparent collaboration to manage cyberattack surprises. Engaging with regulators and public-private partnerships is crucial for systemic resilience, while protecting cyber-physical systems and addressing vulnerabilities in environmental initiatives are essential. Additionally, leaders must evaluate cyber resilience in the context of broader business operations and integrate cybersecurity with enterprise risk management to enhance overall organisational defence and adaptability.
Embrace ongoing cyber resilience to stay ahead of the curve: Cyber-resilient organisations understand that cybersecurity requires continuous improvement and adaptation. They redefine risk profiles to stay ahead of evolving threats, seek independent reviews to enhance their security programmes, and develop comprehensive crisis response plans. By leveraging AI and machine learning for proactive threat detection and response, they can ensure their organisations are well-prepared and resilient against cyber threats.
Strategies to mitigate cyber threats
According to Vinod, to mitigate cyber threats, the key is to assume that you have already been breached and focus on building resilience across the end-to-end value chain.
To effectively combat the rising threat of ransomware, organisations should focus on several key strategies to enhance their resilience and response capabilities:
Strengthen Basic Security Practices: Maintain robust security hygiene by regularly updating software, applying patches, and enforcing strong access controls. Ensuring these fundamental measures are in place can significantly reduce vulnerability to ransomware attacks.
Prevent and Protect: Continuously test and validate your security defences through simulated attacks and regular assessments. This proactive approach helps identify weaknesses before they can be exploited by ransomware operators.
Understand Your Operations: Analyse how ransomware could impact your specific operations and value chain. By modelling potential threats, you can better prepare for and mitigate the effects of an attack.
Foster Team Collaboration: Develop and practice response plans involving all relevant stakeholders. Ensuring that everyone knows their role in the event of an attack can streamline your response and minimise disruption.
Commit to Ongoing Preparation: Regularly review and enhance your resilience strategies. Adapt your plans based on new threats and emerging best practices to stay ahead of evolving ransomware tactics.
Should an attack occur, organisations should take these steps:
Investigate the Incident: Understand the nature and impact of the attack by tracing how the intrusion occurred and its effects on your systems.
Collaborate and Report: Fulfil any legal obligations by reporting the incident to relevant authorities and work with external partners to manage the fallout.
Learn and Adapt: Evaluate the incident to identify lessons learned and refine your strategies. Ensure that the improvements align with the expectations of your leadership.
Update Risk Management Plans: Reassess your risk profile and enhance your mitigation strategies based on the insights gained from the attack.
Enhance Defensive Measures: Implement targeted changes to your cybersecurity practices to strengthen your defences and reduce the risk of future attacks.
As the country as a whole advances into the digital economy, a robust cybersecurity framework becomes increasingly essential. By embedding cybersecurity within organisations becoming a priority, Sarawak-Malaysia is poised to build a safer and more resilient digital landscape.