Information Security – Current Challenges and Practices: Malaysia’s experience by Dato’ Dr. Haji Amirudin Abdul Wahab Chief Executive Officer CyberSecurity Malaysia 14 July 2017

Introduction Trends of Computing Mobile Devices Big Data INTRODUCTION: OUR DIGITAL ENVIRONMENT HAS VARIOUS TREND OF TECHNOLOGIES THAT MAKES OUR ENVIRONMENT COMPLEX

EMERGING CYBER THREATS IN DIGITAL ENVIRONMENT New technology introduces more devices with more vulnerabilities, hence more risks of cyber attacks Technology changes very fast. We already now that the world is moving towards Industry 4.0 in smart manufacturing environment. Industry 4.0 will utilizes various technologies i.e cloud computing, big data, IoT, etc therefore, the issues of cyber security will be the prime concern of industry in many more years to come. With more devices and connectivity we will expect more risks in our digital environment

MALAYSIA IS DRIVEN BY DIGITAL ECONOMY - Brought along new technologies that come with new security issues

12,744 Cyber Security Incidents Reported TREND OF MALAYSIA CYBER SECURITY THREATS IN 2016 - 2017 (AS OF 31 MAY 2017) MISUSE OF CYBER SPACE 12,744 Cyber Security Incidents Reported CYBER HARASSMENT 1,510,694 Spam Emails 4,594,705 Malware & Botnet Drones Infections Info: www.mycert.my 6 FRAUD!

Recent Global Cyber Threat Trends

GLOBAL COSTS OF CYBER CRIMES

Critical information infrastructure breakdown GLOBAL RISKS LANDSCAPE 2016 Cyberattacks Critical information infrastructure breakdown Terrorist attacks Data theft or fraud Source: Global Risks Perception Survey 2015

TOP FIVE GLOBAL BUSINESS RISKS Business Interruption & Supply Chain Risk 46% National Catastrophes 30% Fire/Explosion 27% Changes in Legislation & Regulation 18% Cyber crime, IT Failures, Espionage, Data Breaches 17% Business Interruption (Including supply chain disruption) 38% Market Developments (Volatility, intensified competition, market stagnation) 34% Cyber Incidents (Cybercrime, data breaches, IT failures) 28% Natural Catastrophes (Storm, flood, earthquake) 24% (Economic sanctions, protectionism) 2015 2016 Source: Allianz Risk Barometer 2015 & 2016 * Figures represent the number of responses as a percentage of total survey responses (1,146)

CYBER SECURITY IS THE BOARDROOM’S MATTERS - Cyber Attacks Are Damaging Brand impact Sensitive media scrutiny Customer churn Loss of business due to critical intellectual asset loss Financial impact Detection and escalation Notification Lost business Response costs Competitive disadvantage Regulatory impact Independent audits Regulatory fines Restriction on information sharing Implementation of comprehensive security solutions Operational impact Diversion of employees from strategic initiatives to work on damage control Average consolidated total cost of a data breach grew from $3.8 million to $4 million. Average cost incurred for each lost or stolen record containing sensitive and confidential information increased from $154 to $158. The cost to organizations comes at each stage of the incident response lifecycle — detection, notification, post-response, and the cost of lost business.

Adoption of holistic approach that identifies potential threats to Critical National Information Infrastructure (CNII) organization and impacts to the national security & public well-being AND; to develop the nation to become cyber resilience having the capability to safeguard the interests of its stakeholders, reputation, brand and value creating activities

NATIONAL CYBER SECURITY POLICY (NCSP) VISION NCSP OBJECTIVES Thrust 1: Effective Governance Thrust 5: R&D Towards Self Reliance “Malaysia’s CNII shall be secure, resilient and self-reliant. Infused with a culture of security it will promote stability, social well being and wealth creation” Address The Risks To The Critical National Information Infrastructure (CNII) Thrust 2: Legislative & Regulatory Framework Thrust 6: Compliance & Enforcement Government Service Energy Health Services Banking & Finance Ensure CNIIs are Protected Thrust 3: Cyber Security Technology Framework Thrust 7: Cyber Security Emergency Readiness Emergency Services Water Defense & Security Food & Agriculture Transportation Information & Communication Develop And Establish Comprehensive Program And Frameworks Thrust 4: Culture of Security & Capacity Building Thrust 8: International Cooperation Critical National Information Infrastructure (CNII)

LOCAL & INTERNATIONAL COLLABORATION - Regional And Global Level Strengthening Domestic Security Cooperation at the Regional & Global Level

ITU Global Cybersecurity Index (GCI) 2017 Top Ten Countries

CONCLUSION AND WAY FORWARD Malaysia’s approach is to adopt holistic approach in order stay ahead of cyber threats To effectively face the challenges require not only innovations, but also collaboration among each other, domestically and globally Strengthening Public-Private-Partnership - enhancing industrial research via collaboration Government-Industry-Academia Continuously and consistently enhancing initiatives under NCSP: Sharing of Information amongst relevant parties Cyber Incidents Response and Coordination Innovative & Collaborative Research Capacity Building Cyber Security Awareness and Education