Cybersecurity threats can start from within.

admin Avatar

Blog

Recently, I came across a report indicating that 69% of Malaysian companies are expected to feel the effects of cybersecurity talent shortages within the next five years, as outlined in The Hays Global Security Report 2024 and published in Focus Malaysia. The concern arises as security leaders are apprehension about retaining their current cybersecurity resources amidst the anticipation of an increase in AI adoption within their organizations.

That reminds me of years ago while supporting a global financial institution, stringent regulations demanded constant readiness for frequent regulatory audits. I recall a constant reminder from my former colleague, who led governance and regulatory audits, emphasizing the criticality of security controls. He continuously stressed that many cybersecurity intrusions originate internally.

One prevalent breach pattern we observed was the inadvertent exposure of passwords. It was not uncommon to find passwords written on sticky notes within cubicles or placed openly on desks, easily accessible to anyone passing by. Such practices posed significant risks to our cybersecurity identity, underscoring the importance of internal vigilance and adherence to security protocols.

How many of us still overlook this fundamental risks today? It’s crucial to recognize that cybersecurity threats often originate from within our own actions. Whether it’s neglecting basic security practices or failing to understand the implications of our daily activities, we inadvertently create opportunities for cybercrime to thrive. It’s imperative to acknowledge that the smallest oversight can lead to significant consequences, underscoring the importance of vigilance and awareness in combating cybersecurity threats.

Are we able overcome these cybersecurity resources issues the next 5 years?

Perhaps, let me share three (3) key critical issues that will impact the organization as how more cybersecurity resources are needed to overcome these cybersecurity incidences.

First, many Malaysian companies are still facing difficulties in adopting digitalization and AI in their business operations. However, the question is, are we truly prepared for it? In my opinion, we will never be ready unless we properly educate the organization about the policies that govern these technologies in companies. Breaches and security issues will continue to rise as it only takes one small spark to cause major problems or incidences.

Secondly, when companies adopt new technologies without updating their security policies and controls accordingly, they can inadvertently introduce vulnerabilities into their systems. This misalignment between technology and security practices can provide opportunities for breaches. New technologies often come with new types of risks or require different security considerations. If these aren’t addressed in a company’s security policies and controls, it can lead to gaps in the security posture, making it easier for cyber attackers to exploit these weaknesses. Regularly updating security policies and controls to reflect the adoption of new technologies is crucial in maintaining a robust defense against cyber threats.

Thirdly, as organizations increase their hiring of cybersecurity professionals to address the escalating demand for robust cybersecurity measures, it’s crucial to consider the financial impact of such decisions. Investing in cybersecurity resources is vital for controlling, managing, and mitigating risks to business operations. However, it’s important to note that these investments introduce additional operational costs, including recurring expenses. While these expenditures are essential for safeguarding businesses against technological risks, strategically allocating resources to them can inevitably increase the operational budget.

What should we do?

I am not here to undermine that companies should not hire cybersecurity resources but I believe that organizations should also focus on balancing these costs with the level of security needed, based on the organization’s risk assessment and business needs. The first thing we must understand that, security risk starts from within. Therefore, it is important for organization to

  • Continuously conduct Employee Awareness as we must know that employees are often the weakest link in cybersecurity. Hence, continuous training and educating employees about the organization’s policies and best practices are essential to strengthen the internal defense of the organization.
  • Secuirty Policies and Procedures: Many organizations may already have their security policies establish however, how ofthen do the organization enforce the security policy and procedure.
  • Access Controls: do limit access to sensitive data and systems to only authorized personnel. This will help to prevent insider threats and unauthorized access. Implementing strong authentication mechanisms and regularly reviewing access privileges are key aspects of the internal cybersecurity process.
  • Regular Audits and Monitoring: conduct regular audits and monitoring activities not only the organization’s network and systems but the organization itself too. This proactive approach can prevent potential breaches or mitigate their impact.
  • Advocate Security Culture: fostering security adherence and culture within the organization. However, this has to start from the leadership team and they need to advocate and integrate this governance as part of their management controls. This will encourage all employees to take responsibility for protecting their and the company’s information and assets.
  • Outsourcing: this is a common method being used by many companies today as these experts are generally more suited for organization looking for comprehensive, and ongoing cybersecurity management.
  • Engage Professional Gig Practitioners on project basis as this offer the companies to be flexible to conduct and address specific issues or needs without long-term commitments. However, do note that hiring gig workers need to be stringently evaluated with rigorous evaluation process as this is imperative to mitigate the risks as you are entrusting external indiviudals with sensitive cybersecurity tasks.

In essence, while external cybersecurity measures are important, do focus on internal aspects by creating continuous employee awareness, stringently updating the security policies, access controls, monitoring, and cultivating a culture of security in the organization.

Explore COURSES

GAIN INSIGHTS TO NIST Maturity Framework

An opportunity for aspiring Cybersecurity Practitioners to learn from experienced trainers and gain insights and understanding of the NIST Cybersecurity Maturity Framework.

CYBERSECURITY PRACTITIONER 101 COURSE
admin Avatar

semuagig.com

Elevates Your Visibility

Welcome to a collaborative platform that elevates your visibility.

Latest Posts

Categories