THE push for digitalisation has enabled the enterprise and government sectors to expand their reach and improve efficiency. But with more transactions done online, the risk of cybersecurity breaches has also risen.

Every year, millions of new security threats are created, which have cost businesses more than US$1tril in 2020 alone.

These incidents of breach not only expose organisations to data leaks and fraud attacks, they also erode brand value and could potentially damage customer trust, according to Dr Saiyid Abdallah Syahir al-Edrus, general manager of cybersecurity services at TM One.

Unfortunately, awareness on the importance of cybersecurity and the impact of breaches to organisations remains low.

Cybersecurity threats to organisations have been growing over the years from both external and internal sources and these attacks have also become more sophisticated over time.

“External attacks can happen on your information communication technology (ICT) infrastructure, Internet of Things (IoT) or operational technology (OT) devices, your cloud environment, remote service, your supply chain infrastructure, or even as part of social engineering whereby your employee is targeted and lured to divulge sensitive information.

“Sometimes, disgruntled employees can also be a threat,” he added.

The importance of investing in well-rounded cybersecurity controls can’t be emphasised more, Saiyid noted.

Implementing a good combination of network and endpoint security controls such as a data leakage prevention system can help mitigate the situation. This includes regularly updating your software, improving detection capabilities, and reviewing your processes to respond to these attacks.

Educating employees in the proper use of IT facilities will also help.

Predictive advantage

As perpetrators become more advanced in their attacks, organisations will have to ensure that their security systems are 10 steps ahead.

One of the elements that TM One sees as increasingly crucial to deploying a robust cybersecurity system is the inclusion of artificial intelligence (AI) or machine learning, which allows enterprises and the government sector to become more accurate when predicting threats.

According to Saiyid, some organisations would typically sift through 50 to 100 security alerts in a day. Having machine learning capabilities or the right predictive tools will enable them to filter through these alerts quicker and identify true security threats more precisely.

“Before the use of machine learning, we needed human intelligence to do all the analysis to identify whether the alerts we get are a true positive or false positive. With machine learning, it helps us sift through hundreds of events and collect the data we need to confirm it as a true positive and to register that a true security incident is happening.

“But that doesn’t mean we should eliminate human intelligence from the process altogether, as we still need human intelligence to validate the outcome churned out by machine learning,” Saiyid explained.

Having predictive tools also helps organisations enhance their security operation centres (SOC) with better mitigation and analytical abilities. This goes a long way in improving their productivity and efficiency when it comes to operations.

Customers, no doubt, have been favourable to integrating AI into their cybersecurity framework. The challenge, said Saiyid, is the availability of funds to invest in the technology.

“At TM One, we provide advisory services whereby we address the security controls they need to help them improve and defend their infrastructure.

“Via a consultative approach, we bring them through the journey of maturity.

“We understand that customers are at different maturity levels, so our approach is customised for each. It’s really about working with the customer and being able to help them find the best solution for their organisation.

“You can start small and build as you mature, and understand the value of cybersecurity and how it helps you defend your brand value and critical assets. You may not see your data as critical assets but they are,” he said.

Threading carefullyNotably, as with all forms of technology, there are risks in using AI. Even machine learning tools or AI platforms are susceptible to attacks or compromise.

“It really depends on how robust and secure your infrastructure is,” said Saiyid.

If an organisation’s security infrastructure is not robust, there may be a possibility of a system manipulation or “data poisoning”. As machine learning relies on large data sets for analysis to determine accurate outcomes, organisations need to ensure the integrity and reliability of their data sets to avoid false predictions by the system.

Saiyid also urged enterprises and the government sector to consider multiple layers of check-and-balance cybersecurity mechanisms to ensure a resilient cybersecurity system and reduce over-reliance on AI only.

“Sometimes, the intention of data poisoning is to derail the focus of the system analysis to get the true positive incident or anomaly.

“By diverting attention to somewhere else, the hacker is able to use loopholes to enter your system.”

Ahead of the curve

While machine learning is fairly new in Malaysia, the integration of AI in cybersecurity has advanced and this trend can help organisations in Malaysia.

“We started to develop services that leverage predictive technology as part of threat hunting, and other technologies that combine predictive tools and a bit of automation to respond to repetitive security incidents,” said Saiyid.

TM One is also deploying cybersecurity with machine learning enabled in the IoT and OT security monitoring space.

To know more about TM One Cyber Defense Centre (CYDEC), scan QR code or go to www.tmone.com.my/solutions/cybersecurity-services