THE WannaCry ransomware outbreak last month saw many computers in the corporate environment held hostage — where a screen appeared demanding a certain amount of money be paid before the computer with data intact can be used again. This created a panic of sorts among businesses and individuals alike the world over.
But even before the global WannaCry attacks, ransomware has already been acknowledged as one of the fastest growing malware threats, targeting everyone from home users to corporate networks.
According to Fortinet Malaysia network and security strategist Gavin Chow, tracking analysis showed that an average of more than 4,000 ransomware attacks every day occurred since Jan 1 this year. The impact of Wannacry underscored how under-prepared global cybersecurity may be, exacerbated by careless adoption of new technologies by a growing number of organisations embracing the digital business model, the widening cybersecurity skills gap and the number of IoT (internet of things) devices online that simply cannot be patched.
Cybersecurity can no longer be ignored, he said.
“The WannaCry ransomware disrupted hundreds of organisations over many countries. In Malaysia, although the extent of the WannaCry attack was limited with few cases publicly reported, the impact of cyber-threats was far-reaching. WannaCry spawned fake news and resulted in panic among Malaysians with some rumours alleging that ransomware could spread through instant messaging app Whatsapp as well as e-banking platforms.
“Overall, Malaysian companies are still lagging behind and failing to implement end-to-end cybersecurity solutions with actionable threat intelligence capabilities to protect against today’s security threats. This is based on our 2016 Fortinet Global Security Survey which interviewed 1,399 qualified IT decision-makers across 13 countries, including Malaysia. The survey also revealed that 9 per cent of Malaysia’s respondents had no knowledge whether their organisation was breached over the past 12 months, as compared to 3 per cent for APAC region. The results point to increased security gaps and vulnerabilities in spite of widespread fear of security breaches,” said Chow.
With attacks such as ransomware and hacking, come problems like loss of intellectual property (IP) and trade secrets leading to bad reputation of corporates and companies, said CyberSecurity Malaysia chief executive officer Datuk Dr Amirudin Abdul Wahab.
“Corporate IT infrastructures including IoT devices might be used as the bot part of botnet that participate in DDoS (distributed denial of service) campaigns, be the platform for spam campaigns or as exploit kit/malware hosting. Corporates may face leak of personally identifiable information (PII) or sensitive personal information that may lead to lawsuits in some of countries,” he said.
The cybersecurity risk landscape is rapidly changing as more consumers and businesses are shopping and communicating online, storing and processing data in the cloud and embracing portable, smart and Internet connected devices to automate tasks and improve lives, said Amirudin.
“With the rising security threats and vulnerabilities as more data is proliferated, these portable and connected devices enter the consumer and commercial marketplace and user errors continue to be a major root cause of breach incidents.”
Malaysia, he stressed, needs more expertise to deal with the growing cyber threats that are affecting the country’s digital systems and
“There is no widely accepted definition of cyber security professionals. However, in principle, it should include skill-sets from both technical and soft-skill domains congruent with local and regional requirements while ensuring a consistent and high-quality service level at par with recognised international standards,” he said.
In relation to this, Amirudin highlighted, the service of cybersecurity professionals are required to cater for the security of increasing number of Internet users in Malaysia.
“They are capable in strategising, planning and executing cyber security initiatives, proficient in the operation and proficient in nurturing cybersecurity knowledge groups and/or individuals resilient to cybersecurity incidents. In addition, measures taken include predictive, preventive, detective, responsive and corrective actions.
“The cybersecurity profession will gain more visibility and importance in the coming years,” he said.
So, how does one become a cybersecurity personnel/professional here in Malaysia?
“To become a cybersecurity professional, foundation in IT knowledge is an important requirement. To achieve that end, an IT degree can be acquired from various academic institutions.
“In order to further enhance a person’s IT expertise, other skills are also needed such as report writing, analysis, critical thinking, communication, project management and presentation that can be gained through experience from time to time. Candidates may have to prepare themselves to take a specialised exam that provides a certification programme to prove their expertise,” he elaborated, adding that there are various certification programmes provided by industry such as Mobile Device Security and Ethical Hacking, Network Forensics and Analysis, Advanced Digital Forensics, Incident Response, and Threat Hunting, Defending Web Applications Security Essentials, Auditing & Monitoring Networks, and Perimeters & Systems.
Cybersecurity experts have a wide range of career options across a variety of industries. More importantly, industries such as banking, finance, healthcare, government, and retail which collect, retain and process consumer information have a pressing need for such experts.
“The cybersecurity field includes generalists and technical experts at many levels and is comprised of thought leaders and governance experts, executives and managers, consultants, technical product managers, network and cloud security experts, technical writers, vulnerability testers, white hat hackers, security architects, system security engineers and cryptographers to name a few. As in any other career, cybersecurity experts also need to have good interpersonal skills to communicate with peers, clients and employers,” Amirudin said.
Chow said cybersecurity jobs are in high demand in Malaysia. Experts in cybersecurity are among the most sought-after professionals in the tech sector with demand for workers in that field outpacing other IT jobs by a wide margin. “There is an acute shortage in the talent pool both locally and internationally.”
He noted that according to the largest survey of more than 19,000 cybersecurity professionals conducted by the Center for Cyber Safety and Education, the world will face a shortfall of 1.8 million cybersecurity workers by 2022. This is an increase of 20 per cent on the five-year projection made in 2015 by its bi-annual Global Information Security Workforce Study.
In Malaysia, the Science, Technology and Innovation Ministry aims to certify at least 10,000 elite cybersecurity professionals by 2020.