IoT is expected to offer advanced connectivity of devices, systems, and services that goes beyond machine-to-machine communications (M2M) such as interconnection of embedded devices (including smart objects).
According to market researcher Gartner, there will be nearly 26 billion devices connected to the Internet by 2020.
Another research company, IDC projects that the IoT market will explode to US$7.1tril (RM29.1tril) over the next six years.
IoT is slowly permeating every aspect of our everyday lives from smart home and office automation, security and surveillance, transportation and even healthcare through telemedicine and embedded devices.
As our work and life become more connected and intertwined, IoT will grow more entrenched. Industries as a whole will also benefit from the efficiencies of IoT — from more efficient supply chain management to real-time response to market intelligence.
While IoT is expected to usher in automation in unprecedented number of fields, the implications on cybersecurity are certainly many-fold. As it is, the transition from closed networks to enterprise IT networks to the public Internet is accelerating at an alarming rate.
Nearly all devices and their data will need to be secured as cybercriminals will target every device to hack into. Indeed, the security challenges for IoT are daunting.
Cyberattacks have increased dramatically over the last decade, exposing sensitive personal and business information, disrupting critical operations, and imposing high costs on the economy.
According to a recent estimate by the Centre for Strategic and International Studies, a global think-tank, the cost to the global economy of cybercrime and online industrial espionage stands at US$445bil (RM1.8tril) a year — about as much as the GDP of a country.
So how can we make Malaysia a safer place to do business in order to propel us to be a developed nation by 2020? Disruption to Malaysia’s Critical National Information Infrastructure (CNII), rising costs to business from cybercrime, theft of financial data and intellectual property will drive investment away from countries whose systems are seen to be insecure.
Cyberspace is critical to Malaysia’s economic prosperity and national security. For Malaysia to embrace the global digital revolution, it is imperative that we protect our cyberspace.
The role of cyber security is to secure the backbone of our country’s information and telecommunication infrastructures. As such, our National Cyber Security Policy (NCSP) seeks to address the risks to the CNII, which comprised the networked information systems of ten critical sectors: national defence and security, banking and finance, information and communications, energy, transportation, water, health, government, emergency services as well as food.
Nationwide cyber drill
CyberSecurity Malaysia has taken several initiatives to ensure our Internet infrastructure is resilient to cyber threats.
Over the past five years, the National Security Council (NSC) under the Prime Minister’s department has been organising a yearly National Cyber Crisis Exercise known as X-Maya.
This exercise is to address the emerging issue of cyber threats which poses serious challenges to the economic well-being and security of the nation. CyberSecurity Malaysia also maintains a CNII portal which the members of critical infrastructure work together by sharing information on security issues which affect critical infrastructure.
CyberSecurity Malaysia has taken crucial steps in establishing cross-border collaboration with regional cybersecurity agencies. A Memorandum of Understanding (MoU) was signed with National Forensic Service (NFS) of South Korea to strengthen cooperative assistance in the fields of capacity building and professional development in the area of digital forensic.
Another MoU was signed with Brunei’s IT Protective Security Services (ITPSS) to establish cooperation in the field of digital and cyber forensic research and collaboration on exchange of information.
Most recently, in conjunction with CSM-ACE 2015, CyberSecurity Malaysia was elected deputy chair of the Asia Pacific Computer Emergency Response Team (APCERT) in addition to being the permanent secretariat of the Organization of Islamic Cooperation- Computer Emergency Response.
Our increasing dependence on technology and connectivity makes the protection of connectivity a critical issue for all businesses. We need to look at organisation information security methodology from a holistic perspective and promote the adoption of Information Security Management Systems (ISMS), a systematic and structured approach to managing information so that it remains secure.
ISMS implementation includes policies, processes, procedures, organisational structures and software and hardware functions.
To prepare a new holistic cybersecurity mind set in the era of IoT, we must go back to the three basic elements of people, process and technology. At the end of the day, it’s the people that harness the power of technology so we must ensure Malaysians are ready and aware of the risks and implications of IT security.
Processes need to be constantly reviewed to take into account new security threats that develop every day. It is therefore crucial that as many Malaysian organisations look at adopting best practices such as ISMS.
Last but not least, we need to review our technology capabilities in order to have the most advance and innovative defence strategies ready in the event of a breach. Annual cyber-readiness exercise such as X-Maya will ensure Malaysia is prepared at all.
Cybersecurity is a shared responsibility and each of us — the public, private, non-profit sectors and the government — must all play a vital role in making sure our country’s cyberspace is safer, more secure and resilient.
New and changing threats will keep on coming. We must always be vigilant as cyberattacks can strike anytime. Securing cyberspace is not only a matter of national security, but it also defines Malaysia’s competitive advantage in the global economy.
Dr Amirudin Abdul Wahab is the chief executive officer of CyberSecurity Malaysia, the national specialist centre for cybersecurity.