Bridging the Digitization and Cybersecurity Gap
Nasrin Omar, Head of Cyber Security, Tenaga Nasional Berhad
Nasrin Omar, Head of Cyber Security, Tenaga Nasional Berhad
Rapid digitalisation initiatives and aggressive cloud implementation has increased cyber security risks to a greater height.
With new cutting edge technologies being adopted and new enterprise wide systems being implemented, new integrations, more connections and more endpoints resulting to higher exposure to cyber security risks.
Digitalisation is about people. It is more inclusive than ever, more new technologies, more stakeholders involved, more line of businesses (business analyst and end users), more system development (system architect, system designer and developer), additional new infrastructure (infra architect, database team, network team, operating system team and application team) and lastly more 3rd party partners or vendors. New technology is complex and people is the weakest link, hence, having bigger community involved with new technology means higher risk of cyber security to the organization. Cyber-attack can penetrate at any layer of the technology, at any person involved and at any point of time (from the beginning of the project till the system retire).
In short, cyber security risk is at its peak as digitalization initiatives currently on going aggressively in organizations globally.
Another point worth mentioning is talent scarcity/crisis/shortages. Cyber security skillsets and talents are very much needed as organizations are putting more emphasis in protecting their assets from cyber threats.
2. What keeps you up at night when it comes to some of the major predicaments in the Cyber Security space?
With digital initiative going on rate that you could ever imagine, collaboration is key to a successful digital program in any organization.
As close-knit collaboration brings a lot of values and positive outcome to organizations, at the same time, it also possess new cyber security risks that can lead to catastrophic event. Supply chain attack and 3rd party risk are of the main concerns for sleepless night.
Number of supply chain attack has increased with real cases impacting big organisations in huge sum of monetary value and reputation as well. This has raised real concerns at all level.
3. Can you tell us about the latest project that you have been working on and what are some of the technological and process elements that you leveraged to make the project successful?
With digital initiative going on rate that you could ever imagine, collaboration is key to a successful digital program in any organisation
We have implemented a continuous assessment tool on an enterprise system that allows us to observe new threats, new vulnerabilities and new compliance in almost real-time. It is beneficial to us when it is integrated to a centralized monitoring system with teams to monitor and act on alerts immediately. Time to respond is critical to cyber security incidents and to have the ability to minimize impact.
4. Which are some of the technological trends which excite you for the future of the Cyber Security space?
Artificial Intelligence (AI) and machine learning are among other technologies that will be able to bring cyber security to a new level. With the right tools, process and people, AI would definitely help in better and faster prediction, detection, prevention and decision making.
AI with self-learning capability and sophisticated algorithm will be able to run pattern recognition and use behavioural analysis to detect malicious activities on top of the current signature based detection. This ability is key differentiator where speed of detection is the essence to prevent malicious intent and attacks that can lead to a catastrophic event.
On the other hand, AI is a double-edged sword, being adopted in both world, cyber defence and cyber-attack. I hope that the adoption rate and successful usage of AI in cyber defence grow significantly in years ahead, ensuring AI is more beneficial to us as an organisation in defending from cyber-attack, rather than it being more useful to the threat actors.
5. How can budding and evolving companies reach you for suggestions to streamline their business?
All of us are in this together, working together in this war is important and has been successful thus far. We are open for information sharing, suggestion and ideas, be it a simple or even a leapfrogging ones. Different organisations have different requirements. Meeting the match between offerings and requirements is important. Collaboration is key to mitigate cyber security risks.
