WITH digital transformation and the rapid growth of digital economy and e-commerce, cybersecurity is a critical business factor.
Once a specialty only associated with government agencies and the defence industry, cybersecurity has now entered the mainstream.
According to the National ICT Association of Malaysia (Pikom), cybersecurity threats can cripple organisations, infrastructure and as well as “attack” countries. The impact can be devastating, such as financial and data loss and irreparable damage to reputation and credibility.
Pikom chairman Ganesh Kumar Bangah said: “If left unchecked, the potential fallout is huge, given the growing role of the digital economy and its rising contributions to the overall ICT industry and the Malaysian economy.”
The Malaysia Computer Emergency Response Team, a unit under CyberSecurity Malaysia (the national cybersecurity specialist agency under the purview of the Ministry of Science, Technology and Innovation), recorded 3,280 cyber incidents reported up to June 30 this year.
The incidents are fraud (2,158), intrusion (514), malicious code (192), cyber harassment (170), spam (103), intrusion attempt (77), vulnerabilities (40), content related (23) and denial of service attack (3).
Demand for specialists in the field of cybersecurity is high. Industries such as health care, finance, manufacturing and retail all hire cybersecurity professionals to protect valuable information from cyber breaches.
CyberSecurity Malaysia chief executive officer Datuk Dr Amirudin Abdul Wahab said the country does not have sufficient talent in cybersecurity.
“We have recorded some 7,866 cybersecurity knowledge workers in the country as of this month. Our target is at least 10,000 knowledge workers by 2020. The cybersecurity domain is not a new industry but due to rapid technology development including emerging technologies, there’s a huge shortage of skilled and qualified cybersecurity professionals,” he said.
QUALIFICATIONS
Pikom’s ICT Job Market Outlook in Malaysia 2018 report highlighted that cybersecurity positions are among the top-paying jobs in each of five position levels from fresh graduate to senior manager (see table).
A critical shortage of specialised cybersecurity professionals worldwide who are able to protect organisations from the adverse risks of the sophisticated online attacks is the reason for the attractive remuneration.
Most entry-level cybersecurity positions require a four-year bachelor’s degree in cybersecurity or in a related field such as information technology or computer science.
Some employers require an advanced qualification such as a master’s degree in cybersecurity. A master’s degree course takes an additional one to two years to complete after the bachelor’s degree programme and provides advanced instruction in protecting computer networks and electronic infrastructures from attack.
Cybersecurity professionals can also earn certification to boost their skills while working full-time to gain hands-on experience.
Professor Dr Mohamed Ridza Wahiddin, who is with the Kulliyyah of ICT at the International Islamic University Malaysia (IIUM), said a career path for cyber defenders normally starts with a diploma and progresses to an undergraduate programme in computer science or ICT. The high-level career requires an array of technical ICT skills and advanced analytical capabilities taught in continuing professional courses or postgraduate programmes.
“Important technical skills required of cyber defenders include a solid grounding in IT fundamentals (web applications, system administration), coding skills (C, C++, Java, PHP, Perl, Ruby, Python) and a good understanding of the architecture, administration and operating systems. However, to be successful, one needs to be well-equipped with both technical and soft skills such as teamwork, leadership and excellent oral and written communication,” he added.
Cyber defenders can also participate in professional training and be awarded international certifications such as the International Information System Security Certification Consortium Inc (ISC)2 Certified Information Systems Security Professional and Information Systems Audit and Control Association Certified Information Security Auditor and Certified Information Security Manager.
UNDERGRADUATE PROGRAMMES
IIUM’s Bachelor of Computer Science and Bachelor of Information Technology programmes cover cybersecurity.
“Principles of IT Security is a compulsory course for all Kulliyyah of ICT undergraduates to ensure they are exposed to issues and technology related to cybersecurity such as securing IT-related assets, social engineering, online attacks, securing software applications, encryption, hardening systems and network security,” said Mohamed Ridza.
IIUM computer science students also enrol in security-related courses such as Network Security, Digital Evidence Forensic, and Cryptography. Students are not only taught the theoretical aspects, but also hands-on exercises using Open Source or educational version tools.
IT (non-Computer Science) students are taught Information Systems Management Security which covers risk management, disaster recovery and related matters based on ISO 27000 series of standards. These students are further exposed to case studies as part of their learning modules.
Mohamed Ridza said job prospects are promising for students who have a good security course background especially when they are exposed to tools while having a good foundation in programming and exposure to various operating systems (Windows, Linux, Android, IoS) and networks.
Curtin University Malaysia (Curtin Malaysia) will see the first enrolments in its three-year Bachelor of Science (Computing) Cyber Security programme this month.
Department of Electrical and Computer Engineering head Dr Lenin Gopal said the programme is an excellent springboard to a successful career as a cybersecurity specialist in the rapidly evolving ICT industry.
The course focuses on key concepts and challenges in data and resource protection and computer software security. Students will examine the high level (cryptography theory, data access policy development and security programme management) and low level (computer forensics, network intrusion detection and incident handling) practical aspects of computer security.
“They will develop skills in identifying appropriate applications for specific scenarios, with an understanding of cultural and ethical issues related to protecting individual rights,” Lenin said.
“Experts in the field are needed to create more effective, innovative and competitive cybersecurity solutions and work towards a safer cyber community. With the continual adoption of new technology, innovation and business practices, the need for cybersecurity to protect networks, computers, programmes and data from attack, damage and unauthorised access will be even greater,” he added.
“Graduates can find employment as computer security experts such as cybersecurity analysts, forensic computer analysts, software developers, IT analysts and web application developers in many different organisations.”
Multimedia University offers the Bachelor of Information Technology (Honours) Security Technology course at its Faculty of Information Science and Technology for those pursuing a career in the security industry.
The dean, Associate Professor Dr Lau Siong Hoe, said the security technology programme is designed to develop knowledge and skills in security management and technologies necessary for employment in areas such as government and corporate security, strategic facilities security, private sector and retail security, and financial institutions and major security organisations.
“The course emphasises the functions and management of security technology in the protection of assets and is supported by appropriate studies in cyber law and ethics. Graduates of this course will be equipped for a career in the security industry. Potential career prospects include security auditor, security penetration tester, computer forensic investigator, software engineer, systems analyst and programmer.”
The three-year programme includes subjects such as Applied Cryptography, Information Theory, Password Authentication and Biometrics, Integrative Programming and Technologies, Ethical Hacking and Security Assessment, Malware and Intrusion Detection, and Digital Forensics.
“The majority of students at the faculty are enrolled in the Security Technology programme that provides a broad overview of the techniques of information security technology for safe communication and protection of data when storing or sending electronic data over the networked environment,” said Lau.
He highlighted that organisations are applying artificial intelligence (AI) to bolster cybersecurity and offer more protection against sophisticated hackers.
“In order to meet future industry demand, we are planning and integrating more AI-related subjects such as machine learning and deep learning to equip students with skills and knowledge to enhance conventional cybersecurity protocols.
“As the new generation of cyber attacks evolves over time and can be difficult to detect, cybersecurity solutions that apply AI approach by using data from prior cyber attacks to respond to newer but somewhat similar risk will help to remediate the situation.”