What keeps business owners up at night? While a few years ago it might have been business interruptions caused by network or server failures, but now, it’s cybersecurity. That was said by Mano Govindaraju, Managing Director of Tech Data, in his welcome speech at the Tech Data Cybersecurity Day 2018 held at the Saujana Hotel Kuala Lumpur.
Throughout the year Tech Data has organised similar roadshows in countries around the region, including Indonesia, Singapore and Vietnam, to spread awareness on the important issue that is cybersecurity. Digital transformation is definitely underway in Malaysia and with the recent launch of the Industry4WRD – the national policy which will aim to spur more companies to systematically and comprehensively embrace Industry 4.0 – we can expect organisations to further accelerate their digital transformation journey over the next few years.
Fittingly, the theme of the Malaysian leg of Tech Data’s event, supported by the Malaysia Digital Economy Corporation (MDEC) and KPMG, was “Securing Your Digital Transformation”. Invited speakers, including those from well-known IT and security vendors such as Arista, Citrix, Dell EMC, Entrust Datacard, IBM and Sophos, reminded attendees that security has to be the enabler and core principle of digital transformation, and how they can protect themselves in the face of escalating cybercrime.
As Mano put it, “Cybersecurity is becoming an enabler. Before we can migrate ourselves from where we are to the next level, we need to have a secure platform. And I think cybersecurity plays a big role in allowing that to happen.”
|Booths by cybersecurity experts such as Arista, Citrix, Dell EMC, Entrust Datacard, IBM and Sophos were set up to help answer any burning questions from attendees|
It has been a week filled with several high-profile cybersecurity incidents which inadvertently became major talking points throughout the one-day event: Cathay Pacific admitting that it has been facing intense, persistent cyber attacks for months as “sophisticated attackers” repeatedly targeted and breached its system; Pakistan's banking system, meanwhile, has been hit by what is called the “biggest cyber-attack in country's history”, with stolen customer data from almost all major Pakistani banks reportedly going on sale on the dark web.
Closer to home, word leaked out that Media Prima, one of Malaysia's largest media conglomerates, was hit by a crippling ransomware attack as hackers demanded 1,000 bitcoins in ransom to restore its systems. We may have thought ransomware was gone and forgotten, but the recent attack has proven that it still remains a dangerous threat to organisations.
To help companies deal with the growing threat, Tech Data itself has invested in establishing a specialised solutions unit which just takes care of cybersecurity areas. Mano explained, “We have started looking at solutions, products and we keep adding more solutions to our offerings as well. We wanted to be able to help our partners and customers to be able to take on those solutions to give them a peace of mind.”
Also present to give the morning keynote address was Dani Michaux, KPMG’s CIO and Head of IT Advisory, who spoke about what she called the “signals of change”, trends and evolution of the cyber landscape; and in terms of the cyber threats, she asked the question, “Is the worst yet to come?”
Bringing up results from the 2018 Global Risks Report by the World Economic Forum, Dani echoed Mano’s earlier statement. The rising frequency and sophistication of attacks have meant that cybersecurity now resides in the top three in terms of the biggest risks faced by today’s organisations.
“Interestingly, if you look at the report four or five years ago, cybersecurity risk used to be number seven, number ten. [Now,] we mean to say that it’s more likely to happen than illicit trade or man-made environment disasters, globally. In terms of impact to society, cybersecurity risk will have an impact equivalent to natural disasters or water crises/shortages,” she said referring to the report.
She also mentioned that business impacts include lost of revenue, operational disruption, remediation costs, claims and fines. “Cybercrime is no longer a kid’s game”, she said. It’s a lucrative business in a thriving industry. To put it all into perspective, she shared that the cybercrime economy, which currently stands at $600 billion USD in 2018, is expected to grow to $3 trillion USD by the year 2021 (which is the current ASEAN GDP). That means at the rate it is growing, cybercrime has the potential to wipe out the entire GDP of ASEAN.
What’s truly worrying about the reports of attacks over the past week or so is that these are huge organisations that have been successfully targeted and breached. In the case of Cathay Pacific, the airline had spent around $127 million US dollars on its IT infrastructure and security over the past 3 years, but that did little to mitigate the threat actors.
So is it all doom and gloom? Are we headed for a bleak, hopeless, cybercrime-riddled future? Dani certainly didn’t think so and said that “we don’t have to be a target”. It’s our responsibility to make it much harder, through technology implementation, for cybercriminals to make a quick profit. “Cybercriminals are businesspeople. They’re very persistent because that’s their business. I say the simplest thing you can do is increase the cost of a cyber-attack to the criminals.”
Nevertheless, it’s important for people to know what they’re capable of withstanding and what they’re not. Commodity crime, especially, is a type of threat that she thinks most organisations should be equipped to handle on their own. When it comes to more targeted, sophisticated attacks, they may need help from incident responders, security consultants or vendors. However, in cases of high-end attacks involving cyber espionage or cyber warfare by nation-funded groups, which are on the rise, Dani believes there’s not much choice for organisations to do but seek government intervention.
She ended by saying that companies shouldn’t be lulled into a false sense of confidence. “Most of the time, I find companies learning the hard way. True leadership is about realising that you’re never ready and every single cyber incident that you deal with is going to be different.”