AS the world battles with Covid-19 infections, a highly skilled group of people have to deal with a different kind of virus.
Computer viruses, that is, or malicious codes that can cripple an entire organisation’s system or just your handphone and its apps.
It has been reported that there has been a surge in Covid-themed cyberattacks, preying on our increased reliance on digital tools during the pandemic and the uncertainty of the crisis.
According to the AFP, the pandemic has created a “perfect storm for cyberattacks”, with millions of people working in unfamiliar, less secure environments and eager for information about the novel coronavirus and new organisational policies being implemented.
This opens up a new avenue for malicious actors using phishing emails or “social engineering” to gain access or steal sensitive information, it says.
Either way, Malaysia needs more cybersecurity knowledge workers and experts – the people with the right know-how to tackle rapidly evolving cyberattacks, risks and threats.
Their role has become increasingly important, with so much of our daily life depending on technology in this time of the pandemic – especially during the current Movement Control Order when many have to work from home using their devices.
However, we still do not have enough cybersecurity knowledge workers here.
In the near future, Malaysia needs about 40% more of these workers, estimates CyberSecurity Malaysia.
“There are currently 10,733 cybersecurity professionals nationwide, ” its chief executive officer Datuk Dr Amirudin Abdul Wahab tells Sunday Star.This means there is one of them for every 2,600 Internet users, he says.
“It is an improvement from 2015, when the ratio was 1:3,800”, Dr Amirudin adds.
But we require more to face the situation ahead.
In the industry, about 75% of chief information officers of companies here say there is a need to hire cybersecurity analysts, based on a survey by the National Tech Association of Malaysia (Pikom) last year.
“Although there are talents in cybersecurity and protection, there is still a shortage.
“It is an even bigger challenge to find these highly skilled talents when it comes to areas like incident response, forensics and assessment of security compromises, ” says Pikom chairman Danny Lee.
He points out that the shortage of talents is not just in Malaysia but globally.
“As we pursue the development of talent in advanced technology in the likes of data analytics, artificial intelligence and machine learning, we forget the other focus areas of handling security breaches.
“We are so focused on talent growth of the sector. But there must also be a need to look into the producing talents that manage the risks and threats that come along with it, ” Lee says.
Across countries, more organisations and businesses are ramping up efforts to guard against data breaches that could incur financial losses.
In a report by CNBC last year, it was reported that there were about 2.93 million cybersecurity positions left open and unfilled around the world.
This was based on findings by non-profit IT security organisation (ISC)².
In Malaysia, the role of such professionals is important in protecting the rising number of Internet users in the country, which has spiked by 19% from 24.1 million in 2015 to 28.7 million in 2018.
And if all things go according to plan, Malaysia is expected to roll out 5G technology in the third quarter of this year, based on reports.
The advent of the 5G network is said to see mobile Internet connectivity being about 10 times faster than current network speeds.
It is expected to pave the way for the usage of virtual reality, driverless cars and drones.
A lot at stake
However, Dr Amirudin warns that the size of our cybersecurity workforce is not sufficient if we were to compare it with the growth of users.
Threats are also increasing and becoming more sophisticated.
“Technology advancement towards the Fourth Industrial Revolution (IR4.0) and the adoption of 5G will enhance operating processes and the way we work.
“It will improve deliveries, effectiveness and efficiency.
“But alongside such improvements, more cyber risks will prevail, making it imperative for competent cybersecurity personnel to be integrated into all facets of operations, ” he explains.
Undeniably, industries are heavily relying on the Internet and technology, with cybersecurity incidents also affecting ordinary peoples such as issues related to spam, scams, intellectual properties and so on.
In 2019, a total of 10,772 cybersecurity cases were reported to CyberSecurity Malaysia.
The top five types of cases were online fraud, followed by intrusion, malicious codes, content-related incidents and denial of service attacks.
“In terms of content-related cases, fake news and incidents involving public sentiments are on the rise, especially in the midst of the Covid-19 outbreak and also the country’s political situation, ” Dr Amirudin says.
There have been economic, social, religious and racial sentiments on social media that the country needs to be wary of, as it could lead to instability and unrest.
“Other than that, the world, as well as Malaysia, cannot escape from being a victim of cyberattacks like Advanced Persistent Threats (unauthorised access to a computer network and remaining undetected), data breaches or data theft, phishing, ransomware and social engineering tactics, ” he adds.
Based on Microsoft Malaysia’s research, cybersecurity threats could cost organisations in Malaysia USD12.2 bil (RM53.8bil) in economic losses, says its national technology officer Dr Dzahar Mansor.
“This staggering sum shows that cybersecurity is no longer an option, but an operational imperative.
“At Microsoft, we devote over USD1bil (RM4.41bil) annually to fight cybercrime.
“We employ over 3,500 security experts to track threats and boost our data infrastructure.
“But we do believe that the rise in cybersecurity incidents necessitates more professionals in the industry, including in Malaysia, ” he says.
Even with the current Covid-19 pandemic, Dr Dzahar highlights the need to protect personal data in the healthcare sector.
“I urge our healthcare providers to be vigilant about the security of their patient data.
“Protecting such personal data is very important, especially when the healthcare system gets crowded in the midst of the outbreak.
“It is vital that the industry works closely with solution providers to ensure that their cybersecurity infrastructure is up to date and protected, ” he adds.
Building the cyber workforce
With an ever changing landscape in the cyberworld, today’s demand for the kinds of cyber protection may not be the same in the next few years, points out cybersecurity specialist Vincent Ho.
“This is further complicated by the fact that the demand for seasoned security professionals typically requires one to have at least five years working experience, ” he says.
They would also need to have a set of technical and non-technical skills under their belt.
A seasoned cybersecurity expert would have been in a network administration or a similar role for some time to have more theoretical and hands-on experience, he adds.
With the factors at hand, Malaysia needs to nurture cybersecurity knowledge workers collaboratively.
Dr Amirudin says it is essential to establish a single converging platform enabling cybersecurity workers, professionals and experts to share knowledge, expertise and skillsets.
“We realised the need for developing human capital by coming up with a holistic framework of cybersecurity professional certification known as the Global Accredited Cybersecurity Education (ACE) Certification.
“The Global ACE Certification defines the competencies expected of skilled personnel in cybersecurity.
“It describes the knowledge, skills and attitudes needed to perform in a particular occupation with emphasis on enhancing related skillsets, ” he says.
The certification supports the continuous development of individuals in mitigating cyber-related threats and builds effective cyber defenders within their social-economic sphere
On Jan 1,2019, CyberSecurity Malaysia was appointed by the Department of Skill Development under the Human Resources Ministry as the Industrial Lead Body to drive the development of occupational skills standards in the cybersecurity sector.
The Advanced Diploma in Penetration Testing and assessment was developed based on the Global ACE Certification syllabus to produce personnel with multiple cybersecurity skillsets who are capable of providing optimal cyber security solutions to the nation.