CSA recently had an interesting chat with the Chief Technology Officer of Envy Formula Sdn Bhd, Capt. Muhammad Azmir Bin Muhammad Dan, who shared his views and experience on the local cybersecurity domain in Malaysia.
According to Capt. Azmir, Envy Formula is a company that specifically provides cybersecurity, big data solutions and consultancy services for Malaysian public and private organisations, with a mission to “proactively protect Malaysia’s interest in the information domain” and help organisations protect and secure their ICT assets. Founded in 2014, the company now employs over 60 members of staff with a wide range of skills and strengths in areas such as information security, big data analytics, project governance and service security.
“We specialise in cybersecurity services such as Vulnerability Assessment and Penetration Testing (VAPT), Security Incident Response (SIR) and Cyber Threat Intelligence (CTI). We are not only a solutions provider, but we also provide customers with a security transformation package,” Capt Azmir explained.
|Capt. Muhammad Azmir Bin Muhammad Dan|
In this security transformation, Envy Formula helps companies transition from operating the more traditional Security Operations Centre (SOC) to Advanced SOC (ASOC). The difference, he said, is that while SOC focuses on log analytics and network traffic analysis, ASOC adds new elements such as advanced threat detection, threat investigation and analysis, and preventive monitoring (as part of the CTI process) to provide organisations with broader visibility in order to make more accurate decisions and effectively curtail the impact of incoming cyber threats.
In terms of products, the company currently develops intelligent systems for big data analytics and visualisation as well as Secure Instant Messaging software for companies looking for a more secure and tailor-made communication platform.
Most Common Cybersecurity Pitfalls
Having had years of experience in the local cybersecurity scene, especially with his background serving the Royal Malaysian Air Force (RMAF) and Ministry of Defence (MinDef), we asked Capt. Azmir what he thought were some of the biggest missteps that organisations tend to make when it comes to cybersecurity. He listed several.
First of all, he said that while organisations purchase and implement new technologies and computing equipment on a regular basis, they are often lacking in terms of software patch management, which leaves them exposed to a slew of vulnerabilities threat actors can exploit.
On a related note, local companies, especially bigger ones, tend to have a large number of unidentified assets within their networks. That creates a huge problem because when companies do not have a full record of their inventory, protecting and patching their systems, keeping them up to date and free from vulnerabilities become a much bigger challenge, which will spell trouble for organisations in the long run.
Based on his experience, he also stated the lack of a “defence in depth” mechanism as a cause for concern. Capt Azmir explained further, “Many organisations have an open network structure. This will give an advantage to attackers once they succeed in breaching into your network security. Once they’re in, they will be able to perform lateral movement and have unrestricted access to all systems in the network.” Implementing a defence in depth approach can help organisations to build cyber resilience and mitigate some of the risks.
While helping companies with their IT security management, Envy Formula focuses on three domains; people, process and technology. Capt Azmir believes that the people part is often the one domain that is overlooked and targeted by cybercriminals hoping to breach corporate systems.
Thus, Envy Formula’s role does not end at delivering projects to its clients. The company also periodically shares the latest security alerts, vulnerabilities and trends, as well as conducts security training to educate further and boost user awareness.
In addition, when Envy Formula is tasked with helping companies undergo a security transformation, training is not only for staff within the security operations centre but the whole organisation. “It will include the infosec, audit, awareness, engineering and threat intelligence teams – basically everyone in the ecosystem so they will complement each other to ensure the ASOC is successfully delivered and functions in the organisation.”
Security Best Practices For Organisations Big and Small
Capt Azmir couldn’t stress enough the importance of cybersecurity awareness. He reiterated, “You may have good technology, good processes and sometimes good people, but if you lack the awareness of the ecosystem or environment, it will make things difficult. Threats that happen today are often contributed by human weakness, so awareness programs should be the priority to make sure all your staff are always aware of what they’re doing in an increasingly connected world.”
He then shared his experience of how increasingly sophisticated attacks have become. Even more frightening is the fact that attacks are no longer random. They are often highly targeted and aimed specifically at certain individuals or groups of people within an organisation, be it those in financial roles, C-level executives or heads of departments and ministries.
His advice is for organisations to start documenting their cybersecurity policies. “Each organisation should have its own User Acceptance Policy (UAP) – covering what users can and cannot do in the office.” He continued, “So, start from that policy and then you should have a policy for every department and every system. With a structured and policy or documentation, you can avoid getting breached.”
Since the use of mobile devices has become the inevitable norm, organisations must have control over the usage of BYOD by assigning network policies to “ensure that mobile devices are not used unwisely”.
Equally important, he said, is for companies to force users to frequently change their passwords and use multifactor authentication (MFA) to make it more difficult for attackers to compromise the network. “Also, make sure that endpoint protection is in place so that you can prevent the installation of malware into end-user devices and reduce malware activation activities,” added Capt Azmir.
But when all else fails and the threat somehow does get in, organisations must have a proper backup to fall back to as a last resort.
To end the interview, Capt Azmir gave the assurance that although the company is still relatively new, Envy Formula has over the years managed to gather and build the necessary cybersecurity knowledge and expertise with the support of their strategic partners who are also experts in cybersecurity. As such, he stated, “we will give 100% commitment to our clients to make sure that their cybersecurity environment, network and perimeter are safe from attacks.”
“With our experience in ASOC development, we are confident that we can help our Malaysian government, companies and any organisation in Malaysia, to protect and defend them from any cybersecurity issues.”