I have been highlighting in a few of my articles before, how the threat landscape is growing every day and the threat actors are getting more creative in finding ways to penetrate your organisations. Believe it or not, these people have their own circle and trusted sources where they could obtain the resources they need to carry out their scheme. The Dark Web is one example where they could find any cyber-attack tools they could purchase at a very good price. They can even hire the attackers via the “Cyber Attack-as-a-Service” concept which is very advanced and commercial.
How about us? Here we are going into the battlefield alone with our team, and everybody is carrying their own organisation’s flag. Every man for himself. If you succeed, then you will live to fight another day, but if you fail, you will go down on your own. Why can’t we have an alliance on our own and have each other’s back? Today we are going to explore this possibility of an alliance and acknowledge the potential roadblocks that may get in the way. The alliance, should it happen, would be able to function beyond cyber-security and even protect the national interest.
Streamline all the CIOs and IT Heads
Have you ever read a novel from Mark Twain with the title, “The Prince and The Pauper”? This was one of my favourite childhood novels. It was about a Prince and a poor boy who were born on the same day but to a different caste of the family. Both, if given a fair chance, would have shown the same potential and qualities. The same goes to the CIOs and the IT Heads, putting your ego aside, there are just other sides of the same coin.
My friend Eugene had elaborated this at length in his article on the difference between a CIO and IT Head. Nevertheless, in today’s world, the grey line that differentiates both are getting thinner and almost not visible. This is because most companies just considered it a plain title, whilst the job scope is the same for both IT titles. More IT Heads are carrying out the CIO roles in their organisation, but their title stays the same. In some organisations, the CIOs are only doing IT Manager roles (Operations), but the titles were chosen to boost the company’s image.
This situation has created a fraction between the two, which the potential alliance may have not been possible. CIOs were viewed as elitists and only confined within their own circle, whilst the IT Heads were sometimes viewed as a second-class citizen in the IT world. Little that they know, most IT Heads have more experience handling hands-on cyber-attacks incidents and triumphs! Unlike the elitists who have the big budget for them to acquire any tools money can buy, the IT Heads are combating these cyber-attacks with limited resources and equipped with the lessons learned from the previous attacks.
Big or small, I truly believe that every person has something unique to put on the table. These differences of exposures and experiences should be put together to create an alliance where everybody will get the benefits and help each other. We are not alone in the cyber world. Whatever cyber-attack that hits other companies may end up jeopardising you and your company. Start treating your colleagues in the industry as equal and you would be surprised of what you will gain from this powerful alliance.
United Voices of the IT Industry
How many organisations in your country are supposedly representing IT? Most of these organisations only focus on the benefits of their members alone and none is really going the extra mile to be the champion of the industry. While sadly, some are also being manipulated for the interest of the few, be it for power, for business gain or even for fame. How do I gain market outreach and sell my products to these IT decision makers and influencers? That was among the questions and personal interests that held back the organisation from performing its required function to the industry.
The ideal IT Affiliation Organisation in my opinion, should be bold enough to come forward to champion IT related issues and voice out the concern of their members, especially towards new Policies or issues that may impact the industry. The ideal IT Affiliation Organisation also should be dominant enough that the Government would seek advisory and expertise before coming out with IT Strategic Plans for the country.
I am not patronising all the efforts being put up to date and all the activities being implemented to develop the IT Affiliation Organisation’s members. Nevertheless, I think it is such a waste that an IT Affiliation Organisation with a lot of IT Professionals and Subject Matter Experts as members are doing nothing and not reacting to what is happening in the country. We should utilise all these great minds to help the country grow in terms of technology and not to be left behind by the neighbouring countries.
I am sure that you have the same complaints as I am, but simply talking among ourselves would not have our voices heard. That is the purpose of having such an organisation where we can voice out as one, leveraging on the strong numbers we have as a group. Where do we stand and how are we going to solve the brain drain when all our expertise and IT professionals are leaving the country? Where do we stand when the country misses out on a lot of good technology investments due to outdated policies or misguided lobbying? Do we have any proposals to future proof the country’s infrastructure from cyber-attacks or future proofing technology for businesses to move forward? Everybody needs to play their part, especially if we are an IT Affiliation Organisation that carries the voices of thousands IT Professionals as our members. It is a ready IT alliance that needs to be steered to the right directions.
Putting National Interest as Priority
In Malaysia, we have agencies like Cyber Security Malaysia (CSM) and National Cyber Security Agency (NACSA) to handle any IT Security incidents such as cyber-attacks. Having the right agencies to champion this effort is good, but we need to have the cooperation from every single organisation to make sure we can combat any nation-state attacks. Even nation-state attacks most of the time are targeted to the Government agencies and related Government-linked agencies, the impact would be worse and shall impact everyone should the attackers succeed.
I am not that concerned when it comes to the regulated industries. For these regulated industries, i.e.: Financial Services and Baking industry, they have a very tight guideline for the organisations to follow and standardised reporting flow should any of the attacks occur. Majlis Keselamatan Negara (MKN) or National Security Council used to organise this X-Maya Cyber Drill for all the Critical National Information Infrastructure (CNII) including all the government agencies and regulated companies. The Cyber Drill aimed to test all organisations’ incident readiness and the effectiveness of reporting escalation during a crisis. The Sector Leads would make sure that all the agencies under their purview respond as per required protocol. I must admit, being involved myself in the in X-Maya IV (Y2011) and X-Maya V (Y2015), it really tested our skills when ‘live’ malwares were injected in the X-Maya Virtual Environment, and we need to crack our heads to rectify while keeping a constant communication with our Sector Lead, Bank Negara Malaysia (BNM).
The above is true for the regulated industries. How about the rest? Which organisation in their right mind would come forward to report that their organisation has been hacked or infected by Ransomware? This is the awareness that we would need to nurture all the organisations doing business in Malaysia. Some chose to bite the bullet to save the company’s reputation. For us to come out with a prevention plan or proactive measures, we need to have the data and we need to see the trend. Sometimes the attacks came in waves or stages, and that is why we need all organisations to put their priority to the nation first, above everything else. When an organisation comes forward to report an attack, it would help other companies to be on alert as well. This is already a true form of nationwide alliances should it be able to be materialised.
Leveraging Cross-Border Networking
One precious thing I learned during the Pandemic was that we are living in a borderless world. I can stay in Malaysia while participating as a Panel Speaker in the Kingdom of Saudi Arabia (KSA), Bahrain, India, Philippines, Indonesia or even Singapore. All the fellow Speakers, IT experts and the Gurus that I had the opportunity to connect with, have now grown into my frequent contacts and trusted counterparts from another country. Most of these people I have never even met in person, but that is not an issue at all. The mutual respect and the brotherhood of people from the same field has made this possible.
The same concept may apply for us to leverage this cross-border networking into a strong alliance where we can share threat intelligence, best practices, good governance, crisis management, new technology trends, etc. We could have the opportunity to get first-hand information on the latest threats or attacks that may have impacted some other countries. Not only are we able to protect our organisation with such information, but we could also raise a national-level alert for the coming type of attacks.
Somebody needs to take the first step to initiate this. I am sure we have already had some country-to-country connections between all these IT Affiliation Organisations. Despite having normal meetings just to say hi, why not bring this existing cooperation to the next level. Create an alliance that would benefit both IT Affiliation Organisations and countries. It may be tough because some would not be comfortable sharing our information, but we need to start somewhere to get the ball rolling.
United We Stand, Divided We Fall
IT is not a big world, and we would end up meeting the same people repeatedly. Hence, we need to have a mutual respect for each other for us to forge the trust, and subsequently realising the alliance. If we successfully take this small step, then moving forward for bigger and international alliances would just be within our grasp. Our unity would become our best defence against all these malicious attacks.
Catch When Expert Meets Expert by Ts. Saiful Bakhtiar Osman articles every bi-weekly Tuesday. Don’t forget to subscribe to stay connected. You are also encouraged to ask questions and seek advice from him.
Share this post
- 07 Nov 2022
- By:Eugene Chung
- Category: When Experts Meet Experts (WEME)
How do Cybersecurity sales convince prospects to trust their services and/or products? Learn more about it from ArmourZero’s mentor and expert Eugene Chung.