CTOs and Heads of IT from prominent firms in Kuala Lumpur gathered at the Seris Lunch to discuss and share experiences on the changing landscape of cybersecurity. The event was hosted by Palo Alto Networks, which as a network and enterprise security company understands the need for having an open discussion about the growing threat of cyber attacks.
With the ransomware market soaring 2,500% in 2017 as of early October, cybersecurity is not an issue that C-level executives can merely delegate to technicians. The overall cybercrime market is projected to reach $2 trillion by 2019, making this more profitable for mafias, for example than their traditional emphasis on crimes such as drug and arms trafficking. Over the Seris Lunch discussion, attendees discussed how the lack of awareness and regulation make companies vulnerable to cyberattacks.
Keeping up with Cybersecurity Threats
While we’ve seen technical expertise on cybersecurity grow over the past decade, we now face more threats than ever. Can we keep up with the forces driving this trend? To understand this issue we need to look at the financial and personal incentives that drive hackers.
Financially, the rewards are enormous and accessible. If the $2 trillion cybercrime market were a couch, hackers would make millions from the easily reachable pennies falling behind it. Traditionally, hackers look for targets such as individuals or small to medium-sized companies, given the expected lack of retaliation. The lack of regulation on the matter makes it hard for them to report incidents and for the government to respond. Left to their own devices, most victims give in and vow not to let it happen again. The victims often have an incentive to stay quiet, as Uber reportedly did last year. Companies are remaining silent about the ransomware market, seeking to maintain customers’ trust and loyalty. This perpetuates the lack of awareness on the matter and makes it hard for the government to fight it.
Companies should expect supply and demand to drive an increase in the number of hackers in the foreseeable future. The significant financial opportunities for hackers will increasingly attract younger coders. Seen as an anti-establishment activity, hacking has developed a culture of its own that lures people around the globe. As we continue to increase the provision of computer science education—an essential task for economic growth—we face the risk of losing coders to the black market of the Internet. Governments need to set a firm limit as to what is allowed and prosecute hackers who break the law. Companies, in turn, must find a way to attract talent. Hackers could do a lot of good if employed in legal projects in both the private and public sector.
Should cybersecurity even be a corporate discussion?
Sometimes talking about ransomware and cyber threats with board directors means convincing them of their existence. Even when technical solutions exist, lack of awareness among stakeholders at a company makes them inaccessible. We must, therefore, make them see the real benefits of prevention. This is as much of a challenge for Heads of IT as it is for CFOs. Quantifying the risks of cyberattacks and benefits of a prevention approach is a difficult task. But there’s still a lot of room for us to create consciousness across the organisation such that stakeholders know about the gravity of the situation and the existence readily available solutions.
Consciousness and awareness by themselves are not enough. Guests emphasised the previously mentioned point about public information disclosure. Society as a whole needs to make an effort to allow people and organisations to be more open about the issue of cyber threats. We should encourage financial institutions, for example, to make warnings and disclosures about their cybersecurity situation and the particular menaces clients face. Right now, they only do so to a limited extent because of the fear of losing value.
While external factors like government regulation and law enforcement in cybersecurity are beyond the control of companies, there are many measures they can undertake internally to promote a prevention approach to this issue. Working on internal awareness and encouraging full disclosure on the topic will facilitate the adoption of existent solutions and allows governments and organisations to identify areas where we need to improve.
CIO at Erama Creative
CIO at Gamuda
CIO at IJM Corporation
CIO for Malaysia and Global CIO Islamic Banking at Standard Chartered Bank
Co-Founder and CTO at iSentric
CTO at Fave Group
CTO at Mindvalley
CTO at MoneyLion Inc
CTO at Supahands
Head of Global IT Testing and Assurance at British American Tobacco
Head of IT – Global Business Services at British American Tobacco
Head of IT at Mass Rapid Transit Corporation
Head of IT Operations at AVEVA
Head of IT Strategy and Development at YTL
Head, Business IT at TGV Cinemas