PETALING JAYA: Malaysia needs to make an ecosystem-wide effort, through sharing information among stakeholders, to build up cyber resilience for the whole industry, said Cybersecurity World Economic Forum Centre head Akshay Joshi.
“We need to be sharing information among ourselves if we are to be able to enhance the cyber posture of the industry as a whole,” he said in an exclusive video interview at the recent Global Cybersecurity Forum held in Riyadh, Saudi Arabia.
He said that since adversaries are able to share information at scale in real time, legitimate businesses, especially financial institutions, should collaborate with each other in order to combat threats together.
“Adversaries do not have as many institutional barriers to collaboration as the good guys do. How can we tear down those barriers and then make sure that we are collaborating with each other? We (need to) understand the risks on the horizon and then we can address them collectively,” said Akshay.
He noted that the Malaysian government has invested significantly towards enhancing its cybersecurity capabilities and cited the Alliance for Financial Inclusion in Kuala Lumpur, which invested considerably in terms of capacity building efforts, among others .
In terms of users who suffered financial losses due to personal data breaches, Akshay said it is a complex issue as it intersects the private and public sectors and involves “mechanisms that can work”.
“For example, in the UK, if there is a victim, then invariably (there is) reimbursement but the burden of that is shared both by the bank where the transaction was initiated and the bank where the transaction was received.
“This is a complex issue that needs great public and private cooperation in order to put in place the mechanisms,” Akshay said.
He added that a lot more needs to be done to address consumer awareness and behaviour online.
“As people are embracing technologies, are they aware of the checks and balances as well ... as the necessary hygiene that needs to be in place to ensure that they are operating safely within cyberspace?” he questioned.
On the role of artificial intelligence (AI) in cybersecurity, Akshay said the technology is utilised by defenders and attackers.
He observed that attackers or adversaries have begun to use AI as a way to fine tune their scams to further convince potential victims. For example, previously, spam mails were easily identified due to misspelling and grammatical errors. However through generative AI, attackers are able to create compelling text and articulate arguments to victims.
“Having said that, there is a lot that AI can do, in terms of equipping defenders in defending better. As we understand the technology, we start to integrate it within our enterprises and, more so, the security organisations.
“In the short term, we might find that attackers just by virtue of the pace at which they operate, might leap frog a bit, but over the long term, I’m very optimistic that these technologies are going to provide a balance in the favour of defenders,” said Akshay.
He stressed that cybersecurity should be a priority at board level for all organisations and should be treated as a business risk.
“Cybersecurity needs to be a board-level agenda for all organisations ... and no longer (just handled) at the technical level,” he added.
