I have been highlighting in a few of my articles before, how the threat landscape is growing every day and the threat actors are getting more creative in finding ways to penetrate your organisations. Believe it or not, these people have their own circle and trusted sources where they could obtain the resources they need to carry out their scheme. The Dark Web is one example where they could find any cyber-attack tools they could purchase at a very good price. They can even hire the attackers via the “Cyber Attack-as-a-Service” concept which is very advanced and commercial.

How about us? Here we are going into the battlefield alone with our team, and everybody is carrying their own organisation’s flag. Every man for himself. If you succeed, then you will live to fight another day, but if you fail, you will go down on your own. Why can’t we have an alliance on our own and have each other’s back? Today we are going to explore this possibility of an alliance and acknowledge the potential roadblocks that may get in the way. The alliance, should it happen, would be able to function beyond cyber-security and even protect the national interest.

Streamline all the CIOs and IT Heads

Have you ever read a novel from Mark Twain with the title, “The Prince and The Pauper”? This was one of my favourite childhood novels. It was about a Prince and a poor boy who were born on the same day but to a different caste of the family. Both, if given a fair chance, would have shown the same potential and qualities. The same goes to the CIOs and the IT Heads, putting your ego aside, there are just other sides of the same coin. 

My friend Eugene had elaborated this at length in his article on the difference between a CIO and IT Head. Nevertheless, in today’s world, the grey line that differentiates both are getting thinner and almost not visible. This is because most companies just considered it a plain title, whilst the job scope is the same for both IT titles. More IT Heads are carrying out the CIO roles in their organisation, but their title stays the same. In some organisations, the CIOs are only doing IT Manager roles (Operations), but the titles were chosen to boost the company’s image. 

This situation has created a fraction between the two, which the potential alliance may have not been possible. CIOs were viewed as elitists and only confined within their own circle, whilst the IT Heads were sometimes viewed as a second-class citizen in the IT world. Little that they know, most IT Heads have more experience handling hands-on cyber-attacks incidents and triumphs! Unlike the elitists who have the big budget for them to acquire any tools money can buy, the IT Heads are combating these cyber-attacks with limited resources and equipped with the lessons learned from the previous attacks.

Big or small, I truly believe that every person has something unique to put on the table. These differences of exposures and experiences should be put together to create an alliance where everybody will get the benefits and help each other. We are not alone in the cyber world. Whatever cyber-attack that hits other companies may end up jeopardising you and your company. Start treating your colleagues in the industry as equal and you would be surprised of what you will gain from this powerful alliance.

United Voices of the IT Industry

How many organisations in your country are supposedly representing IT? Most of these organisations only focus on the benefits of their members alone and none is really going the extra mile to be the champion of the industry. While sadly, some are also being manipulated for the interest of the few, be it for power, for business gain or even for fame. How do I gain market outreach and sell my products to these IT decision makers and influencers? That was among the questions and personal interests that held back the organisation from performing its required function to the industry.

The ideal IT Affiliation Organisation in my opinion, should be bold enough to come forward to champion IT related issues and voice out the concern of their members, especially towards new Policies or issues that may impact the industry. The ideal IT Affiliation Organisation also should be dominant enough that the Government would seek advisory and expertise before coming out with IT Strategic Plans for the country. 

I am not patronising all the efforts being put up to date and all the activities being implemented to develop the IT Affiliation Organisation’s members. Nevertheless, I think it is such a waste that an IT Affiliation Organisation with a lot of IT Professionals and Subject Matter Experts as members are doing nothing and not reacting to what is happening in the country. We should utilise all these great minds to help the country grow in terms of technology and not to be left behind by the neighbouring countries. 

I am sure that you have the same complaints as I am, but simply talking among ourselves would not have our voices heard. That is the purpose of having such an organisation where we can voice out as one, leveraging on the strong numbers we have as a group. Where do we stand and how are we going to solve the brain drain when all our expertise and IT professionals are leaving the country? Where do we stand when the country misses out on a lot of good technology investments due to outdated policies or misguided lobbying? Do we have any proposals to future proof the country’s infrastructure from cyber-attacks or future proofing technology for businesses to move forward? Everybody needs to play their part, especially if we are an IT Affiliation Organisation that carries the voices of thousands IT Professionals as our members. It is a ready IT alliance that needs to be steered to the right directions.

Putting National Interest as Priority

In Malaysia, we have agencies like Cyber Security Malaysia (CSM) and National Cyber Security Agency (NACSA) to handle any IT Security incidents such as cyber-attacks. Having the right agencies to champion this effort is good, but we need to have the cooperation from every single organisation to make sure we can combat any nation-state attacks. Even nation-state attacks most of the time are targeted to the Government agencies and related Government-linked agencies, the impact would be worse and shall impact everyone should the attackers succeed.

I am not that concerned when it comes to the regulated industries. For these regulated industries, i.e.: Financial Services and Baking industry, they have a very tight guideline for the organisations to follow and standardised reporting flow should any of the attacks occur. Majlis Keselamatan Negara (MKN) or National Security Council used to organise this X-Maya Cyber Drill for all the Critical National Information Infrastructure (CNII) including all the government agencies and regulated companies. The Cyber Drill aimed to test all organisations’ incident readiness and the effectiveness of reporting escalation during a crisis. The Sector Leads would make sure that all the agencies under their purview respond as per required protocol. I must admit, being involved myself in the in X-Maya IV (Y2011) and X-Maya V (Y2015), it really tested our skills when ‘live’ malwares were injected in the X-Maya Virtual Environment, and we need to crack our heads to rectify while keeping a constant communication with our Sector Lead, Bank Negara Malaysia (BNM).

The above is true for the regulated industries. How about the rest? Which organisation in their right mind would come forward to report that their organisation has been hacked or infected by Ransomware? This is the awareness that we would need to nurture all the organisations doing business in Malaysia. Some chose to bite the bullet to save the company’s reputation. For us to come out with a prevention plan or proactive measures, we need to have the data and we need to see the trend. Sometimes the attacks came in waves or stages, and that is why we need all organisations to put their priority to the nation first, above everything else. When an organisation comes forward to report an attack, it would help other companies to be on alert as well. This is already a true form of nationwide alliances should it be able to be materialised.