KUALA LUMPUR, Nov 20 — A significant number of organisations in Malaysia today do not think they have the basics in order when it comes to cyberspace security, be it skilled cyber security personnel to properly detect, investigate and respond to threats, or a sufficient budget.

Citing the findings of a recent research undertaken by Sophos, a leading name in endpoint and network security, its senior director for Asean and Korea, Sumit Bansal said a majority of the survey respondents were also finding it highly challenging to stay up to date with cyber security technologies amid the constantly evolving nature of attacks.

The respondents comprised chief information security officers and chief executive officers of small and medium-sized companies and large organisations from the Asia Pacific Region.

Seventy-two per cent of Malaysian companies are struggling to recruit cyber security professionals and this is the case not only in Malaysia but elsewhere in the region as well, Sumit told Bernama in a recent online Zoom interview from Singapore.

Advertisement

Giving an example, he said a large corporation with over 8,000 users and 100 sites in the Philippines has only three cyber security personnel simply because of difficulty in recruiting cyber security experts.

The company had been searching for an additional cyber security professional the past few months but have yet to find a candidate.

This gap in expertise was exacerbated by the fact that only 88 people currently possessed CISSP (Certified Information Systems Security Professional) certification to serve the entire Philippines.

Advertisement

Sumit said the CISSP was an important qualification in the management of information security.

In Malaysia, the situation could possibly not be very different, he said.

Even if the number of holders with CISSP is doubled, there is still a big gap in cyber security expertise especially when considering Malaysia’s plans for digital transformation, he reasoned.

With education an obvious factor in bridging the gap, how does Sophos play its role in the area?

Apart from the regular education programmes for its customers and partners on cyber security, Sophos has an enabler programme in place including in Malaysia where it works with 350 partners in the area of training and certification.

It offers certification courses on its cyber security solutions covering three different levels comprising engineering, architect, and technician certification.

To keep it interesting and not “boring” as cyber security is sometimes perceived, Sumit said Sophos offers learning in a fun way including a hacking contest.

Here, cyber-attacks are simulated in a controlled environment and the engineers from its partner companies work together on ways of resolving the attacks and in the process also understand the kind of attacks that take place in the market.

An information security management company, the last few years has also seen Sophos adopting a synchronised security system and employing artificial intelligence (AI) to enhance its security solutions.

The Sophos centre’s cloud platform allows the management of all security solutions, view alerts and manage incidents from a single point, be it endpoint security, server security, firewall or mobile.

Its concept of synchronised security enables the sharing of threat intelligence information that offers a holistic security system. The adoption of AI has also enhanced security making processes faster, detection faster and accurate.

While cyber security can be enhanced with the employment of right measures, Sumit cautioned that it is an evolving science in the fight against threats that are being created on a daily basis.

With the “bad guys” also using AI for attacking information systems, the game has become even more complicated, he said, adding that as many as 32 per cent of the organisations surveyed had also admitted to having been breached in the past 12 months. This figure could actually be higher. — Bernama