Dato’ Ts. Dr. Haji Amirudin Bin Abdul Wahab, CyberSecurity Malaysia, ETCIO SEA
Dato’ Ts. Dr. Haji Amirudin Bin Abdul Wahab is the Chief Executive Officer of CyberSecurity Malaysia, a cybersecurity specialist and technical agency that monitors e-sovereignty of the country. He has more than 30 years of ICT working experience in telecom and IT sector in both public and private sectors. Under his leadership in CyberSecurity Malaysia, Dato’ Dr Amirudin has contributed to various Malaysia’s achievements and was appointed as Chairperson to various local and international platforms.
In an exclusive interaction with us, Dato’ Ts. Dr. Amir shares his thoughts on his priorities as CEO at CyberSecurity Malaysia and the biggest challenges that businesses face when they think about being cyber resilient.
What’s your biggest priority as CEO at CyberSecurity Malaysia?
It is important for the CEO to empower and invest in our people to fortify our nation’s cybersecurity defences. Our team is the backbone of our organisation, and fostering a culture of continuous learning and professional development in cybersecurity is crucial. By equipping our workforce with the latest skills and knowledge in threat intelligence, incident response, and emerging technologies, we can proactively address and mitigate evolving cyber threats.
Furthermore, effective CEO leadership requires balancing short-term success with compelling long-term vision. Efficiently coordinate the work of their teams towards shared objectives by clarifying a common vision that provides the team’s direction and a sense of purpose.
Additionally, I am committed to promoting a collaborative and inclusive work environment where every individual feels valued and motivated to contribute to our mission of securing Malaysia’s digital landscape. Prioritising our people ensures that we not only attract and retain top talent but also drive excellence and innovation in safeguarding our nation’s critical information infrastructure.
Other than that, the organisation needs to enhance our nation’s cyber resilience through strategic initiatives and robust partnerships. This involves implementing cutting-edge technologies and innovative solutions to proactively detect and mitigate cyber threats. Strengthening collaboration with local, regional, and international stakeholders, including government agencies, the industry, and also academic institutions, is crucial to creating a unified front against cyber adversaries. Additionally, the organisation will assist the government and relevant stakeholders in developing comprehensive cybersecurity policies and frameworks will ensure that our digital infrastructure is resilient and capable of withstanding evolving cyber challenges. By prioritising these areas, we can effectively safeguard Malaysia’s digital landscape and foster a secure environment for economic growth and innovation.
What does cyber resilience mean to you in one sentence?
An organisation’s ability to continuously deliver its products and services despite any adverse cyber events by actively protecting against known or potential threats; planning for the recoverability of application and data; adapting to changing threat landscapes; effectively training personnel about the existing threats; and ensuring that response plan is maintained and exercised. In short, responding and protecting after the event. The ability to swiftly detect, respond and recover from cyber events that may or may not disrupt operations.
What is one security measure that organisations should implement this year to enhance their overall security?
One security measure is not enough. I’d like to focus on the top three and they are:
Zero Trust Model: The evolving landscape of cybersecurity dictates that inherent trust in systems and processes must be abandoned. Organisations must maintain a mindset that assumes adversaries may already have a foothold within their infrastructure, and thus, nothing should be blindly trusted. Continuous verification is essential, necessitating the implementation of the Zero Trust model. This model centres on rigorous user authentication and authorization for every connection, ensuring that trust is not assumed but actively verified.
Artificial intelligence (AI) and machine learning (ML) technologies are becoming integral components of cybersecurity solutions, augmenting threat detection, response, and automation capabilities. These algorithms can analyse extensive datasets, discern patterns, and promptly identify anomalies indicative of malicious behaviour with a level of precision and speed surpassing traditional methodologies. This burgeoning trend stems from the escalating volume and intricacy of cyber threats, compounded by a shortage of proficient cybersecurity practitioners. Through the strategic adoption of AI and ML technologies, organisations can bolster their capacity to promptly detect and mitigate cyber threats in real-time, fortifying their overarching security posture.
Security by Design and DevSecOps is important. We need to integrate security practices into the DevOps (Development and Operations) process, enabling security to be built into applications and infrastructure from the outset rather than being added as an afterthought. This is for organisations to accelerate the delivery of software and services while maintaining security and compliance requirements. Security practices also help organisations achieve this by fostering collaboration between development, operations, and security teams, automating security testing and compliance checks, and implementing security controls as code. By embedding security into the development process, organisations can reduce the risk of vulnerabilities and security breaches in their applications and infrastructure.
Best piece of advice you have received when it comes to enterprise security?
It is important to implement a defence-in-depth approach in regard to enterprise security. The defence-in-depth approach leverages multiple security measures to protect an organisation’s data and assets. The thinking is that if one line of defence is compromised, additional layers exist as a backup to ensure that threats are stopped along the way.
Other than that, it is important to foster a cybersecurity culture in an organisation. It’s important to have a good attitude, knowledge, assumptions, norms, and values of the workforce of an organisation with respect to cyber security. These are shaped by the goals, structure, policies, processes, and leadership of the organisation. It also must start from the top. To encourage a security-first mindset among employees, C-suite executives need to lead by example and set the tone for awareness throughout the organisation. Executives cannot expect their employees to heed cybersecurity concerns if it is not a key priority for the management team.
To foster a culture of cybersecurity, it is essential to deliver clear and comprehensible information to all employees, emphasising the importance of safe online behaviour. Effective communication tailored to the employees’ level of understanding is key to ensuring that objectives are clear and achievable. Strategic messaging is critical for building engagement and cultivating a robust cybersecurity mindset across the organisation.
What’s the biggest challenge that businesses face when they think about being cyber resilient?
Executing robust cybersecurity while having a cyber-resilient strategy is challenging for many businesses. Most businesses lack in-house cybersecurity experts, and resources, especially for small and medium-sized enterprises (SMEs). These organisations lack the motivation, budget, personnel, and technical know-how to implement the necessary controls and incident response plans.
This also includes the complexity of integrating cybersecurity into existing business operations and legacy systems. Retrofitting cyber resilience into complex, intricately networked IT environments can be expensive and time-consuming. Additionally, many organisations struggle to match their cybersecurity initiatives with more general business goals and priorities, making it challenging to get the support and funding needed from upper management.
What is one advice you would like to give CIOs/CTOs when it comes to 2024?
Adaptability and being flexible; today’s world is evolving faster, and technology shows no sign of slowing down. CIOs and CTOs must cultivate a culture of agility and responsiveness within their organisations. The ability to embrace an experimental approach to technology implementation, constantly evaluating and adapting strategies based on real results. Encourage their teams to be proactive problem-solvers, stay curious, learn new skills, and think creatively about how technology can be utilised to move the organisation forward.
Organisations need to see the importance of adopting a zero-trust strategy, where every entity, both inside and outside the organisation, is rigorously verified. Organisations must also address the industry’s acute skills shortage. In addition, organisations must offer flexible working conditions and explore external sourcing of cyber talent. Moreover, harnessing AI and automation can revolutionise cybersecurity practices, enhancing efficiency and easing the burden on professionals.
Information sharing and also collaboration between organisations is also crucial in order to have a robust defence. By sharing tactics, techniques, procedures and insights, businesses can collectively strengthen their cybersecurity measures. Finally, cultivating a security-conscious culture at every organisational level is paramount. When every employee understands and embraces their role in maintaining security, the risk of breaches can be significantly diminished.