KUCHING: As Sarawak embarks on its digital economy transformation plan, it is timely for local small and medium enterprises (SMEs) to take steps to protect their business from cyber threats, says a cyber security expert.
Singapore-based consultancy iTGRC Asia founder and chief practice adviser Frank Chin (pic) said digital transformation was now a buzzword in the market and across industries, with SMEs facing uncertainties and the fear of security threats that came with it.
Citing the 2017 Microsoft Asia digital transformation survey, he said 80% of Malaysian business leaders believed they needed to change to a digital business for future growth.
However, the survey also showed that only 34% of business leaders had a full digital transformation strategy, 47% were in progress with specific initiatives for selected parts of their business, while 19% still had very limited or no strategy in place.
“For Sarawak in particular, the recent launch of the Sarawak Multimedia Authority and Digital Economy Strategy 2018-2022 are the founding pillars that will potentially help traditional business owners transform their business to the digital era.
“I also believe that private organisations in the cyber security sector can play an important role in helping SMEs kickstart their transformation journey.
“Nevertheless, it’s essential that SMEs today should prepare to acknowledge digital change and take a fundamental cyber hygiene approach to address human vulnerabilities, gradually moving towards their internal systems and processes and finally technology vulnerabilities to stay ahead of the curve,” he said in an interview.
With the move towards digitisation, Chin said it was imperative for SMEs to develop practices which covered risk and security assurance for their entire supply chain by leveraging on an international cyber hygiene security framework to identify, protect, detect, respond to and recover from security exposure.
He said this was because cyber attacks came in different forms and shapes and could be performed by amateurs, professionals or syndicates at unpredictable moments.
“As a matter of fact, vulnerabilities might have existed in your environment since day one, but they are unexploited and will remain vulnerable until an opportunity slips in, resulting in loss of data or compromised assets leading to breach of trust or reputational loss. One will never notice until it happens.
“It’s now at this critical juncture that SMEs, regardless of size and scale, are encouraged to seize opportunities and begin protection, starting with their existing business management systems,” he said.
Through risk assessment, Chin said, SMEs could learn about their security posture and risk profile.
As part of their digitisation journey, SMEs can also secure funding or set aside part of their corporate budget to collaborate with associations, government agencies and the commercial sector on a cyber hygiene scheme to reduce their risk of falling prey to cyber attacks.
“One can never stop external cyber threats, but it will be far from serving the purpose if SMEs react and rush an investment into a security solution without connecting the dots.
“In essence, a business or organisation should establish a robust capability of information technology governance, risk management and compliance to manage cyber incidents or even to deal with its consequences before it arrives,” he said.