How to keep safe from cyber-attacks amidst the rising use and

importance of digitalisation?

Accommodating the changes in lieu of the pandemic has fundamentally altered the landscape of the
organisational culture. With the rising number of people working from home, the prevention of cyber
security threats has never been more important. Certain industries are more vulnerable to these
changes than the others, given the social zeitgeist of the century. For example, the movement towards a
cashless society, the growth in digital payment transaction value increases. This translates to a growing
opportunity for cybercriminals to conduct offences, especially towards the FSI.

Earlier this year, Microsoft CEO, Satya Nadella announced that the security operations had reached $10
billion in annual revenue and was “up more than 40%” year over year, outpacing any other product or
service offered. With such large investments and growth scales, Azure’s capabilities are excelling more
than ever, even within shifts to more cloud-based digital services. Owing to the ‘Zero-trust’ principles
such as privileged access, explicit verification and assume breach, Azure is able to adapt to the
complexity of the modern environment and protects people, devices, apps, and data wherever they’re
located.

Financial Industry in Focus

The finance sector has been ranked number one as the most cyber-attacked industry. Some of the major
security threats facing the fintech industry, in particular, are cloud computing security issues, malware
attacks, application breaches, scalability issues, and unique challenges of IoT devices. In the last year,
the Malaysian government has compiled a total of 10K reported cases, covering a host of issues such as
fraud, intrusion, cyber harassment, and malicious codes.
Not to mention, the government equally issued the country's first five digital banking licences on Friday,
three of which were won by consortiums of Axiata’s Boost Holding, RHB Bank, Grab Singtel’s GXS Bank
and others. As people go cashless, more and more activities or transactions are done online. People use
their digital money like credit cards and debit cards for transactions which require to be protected under
Cybersecurity. Cybercrimes in digital banking not only affects the customer, but it also affects the banks
while they attempt to recover the data. The banks may require spending a considerable amount of
money to recover the data or information making Cybersecurity a must for banks as data breaches may
make it tough to trust financial institutions.

Even with increased research input and stronger technology, there is still a knowledge gap within a few
regarding how to prevent cyber security threats due to negligence. Another challenge is the financial
costs related to the implementation of systems to prevent such threats. Present legacy security systems
are not equipped to provide an end to end visibility to threats and vulnerability because of the disparate
systems. Furthermore, these issues present a financial risk to the business as well e.g. if there is a
customer PII data breach, a regulated industry like FSI will be penalised by Central Bank

Therefore, in this article, I have explored how tech can be integrated into our system to build resilience,
foster client/customer relationships, incentivize business growth, and save costs in the long run.

Embracing the ‘Cloud’:

Cloud computing is known to offer more security than local servers. A report states that it increases
security by 79%. One does not have to worry about local server meltdown or any physical damage.
However, the cloud is not completely invincible. And here are some of the steps that are usually taken
to ensure safety.

Encryption in the Cloud

Encryption translates the company’s data into code that requires a ‘key’ to unlock, meaning that only
people with credentials can have access to the information. The encryption code shields your data
during usage and the rest period, and from unauthorised or malicious users, as it becomes unreadable.

Automated Backup and Restore Services

Automatic backup services are usually provided by SaaS (Software as a Service), which essentially
requires little or no human intervention. Through this service, the data at a designated time (or interval),
and at a folder of choice gets backed up automatically and regularly ensuring no data loss. This service
extends to the idea of restoration, in case of potential security threats. The latest version of the data can
be restored.

Data Strongly Connected with One Another

Data from the different branches of the financial institution and data of the clients is strongly connected
to the network infrastructure of the company, which allows easy accessibility, higher collaboration, and
scalability to the organisation.

The Malaysian government has also shown a lot of interest and has planned to move to the cloud by the
year 2022. The use of IoT, AI, and other applications was discussed to improve the services of the
government. Furthermore, to ensure greater compliance, the government has also put in place new
licence requirements for the cyber service providers.

AI and Machine Learning

AI and machine learning (ML) have become crucial technologies to aid companies to stay ahead of cyber
security threats, as they are able to quickly analyse millions of events in one go.

Breach Reach Prediction

AI-based systems can predict how and where you are most likely to be breached so that you can plan for
resource allocation towards areas most exposed to threats. For the fintech industry, this feature has
been used to identify suspicious patterns and anomalies, increasing the diagnostic capabilities of the
businesses.

Incident Response
AI-powered systems allow for quick alerts when there is a security breach within the company and
provides information of which area of security has

been violated. The 2021 Modern Bank Heists 4.0 survey, stated the most common data attacks to be
server attacks, data theft, and ransomware cases. Incident response, which helps contextualise the
threat therefore makes one of the best practises against cyber threats. Research has shown that
integrating ISM and IR functions can create learning opportunities for the organization, resulting in
increased awareness, removal of flaws, and enhanced response.

Endpoint Protection
Through this method, AI can flag anything out of the ordinary and take action by sending a notification
to the staff in charge or reverting to a safe state by

itself. Furthermore, with the rollout of 5G, the telecom sector would immensely benefit from the
endpoint and network security offered by most AI services. AI Security allows real-time response based
on normal device behaviour.

Methods Other Than Technology

Strategies should also include the administrative and environmental factors that will allow a safer
experience for the consumers of any of the industries, be it fintech, telecom, or manufacturing. Other
than employing the latest technology, these include:

Training for Employees

Continuous rather than one-off training is provided to the employees to prevent any sort of security
breaches. This training should go hand-in-hand with continuously evolving security protocols and tech.
The training should enable the employees to have safe practices, and how to detect security threats.
This should include the ability to verify, ignore, and be suspicious of the incoming data. This is a good
step for the industries such as transportation which are often breached through phishing emails.

Securing Accounts
Other techniques can include adopting a two-factor authentication system, using a password manager,
and using the principle of least privilege (dictates that information should only be accessible to people
who require it for their jobs).

Dedicated Security Team

Hire a team that would work around the clock to specifically make sure there to stop attacks. If not,
appoint an external company to make sure there are no attacks. This is especially a must for companies
in the Financial Services

Industry. Evidence from research shows key initiatives such as identifying cyber security behaviours,
developing a brand for the cyber team, and building a cyber security hub help exceed minimal standard
compliance, thus helping the training process as well.

Conclusion
The key threats of cybersecurity today are the remote connection between staff, IoT and cloud
vulnerabilities, and credential stuffing. While some industry-specific threats include trader surveillance
interruption, cryptocurrency-related risks (crypto crime), lack of awareness.

To combat these issues one should take focus on automating incident response, develop a concept for
privileged identity and access management, pursue a risk-based approach to vulnerability management,
and focus on end-end security monitoring. It is also equally important to inform, educate, and train your
employees and establish a cybersecurity team.

References
1. https://bluedog-security.com/2021/03/top-10-cyber-security-challenges-for-fintech-companies-
in-2021/
2. https://www.mycert.org.my/portal/statistics-content?menu=b75e037d-6ee3-4d11-8169-
66677d694932&id=77be547e-7a17-444b-9698-8c267427936c
3. https://www.cybertalk.org/2021/07/28/ransomware-attacks-on-the-transportation-industry-
2021/
4. https://rewind.com/blog/automatic-backup-software-what-is-it-and-how-it-works/
5. https://www.ideagen.com/thought-leadership/blog/5-benefits-of-cloud-computing-in-finance
6. https://www.nst.com.my/news/nation/2021/04/681640/pm-launches-cyber-security-and-
cloud-services
7. https://www.globalcompliancenews.com/2021/11/19/malaysia-cloud-services-to-be-licensed-
from-1-january-2022-08112021/
8. http://bwdisrupt.businessworld.in/article/How-Has-The-Fintech-Sector-Been-Impacted-By-AI-
And-Cybersecurity/14-12-2021-414732/
9. https://www.globenewswire.com/news-release/2021/12/14/2351816/0/en/Aunalytics-Cites-
Cybersecurity-Best-Practices-for-Financial-Services-as-Attacks-Rise-118-in-2021.html
10. https://asistdl.onlinelibrary.wiley.com/doi/abs/10.1002/asi.24311?casa_token=tOSPlMlavGgAA
AAA:5icQ1g9rBRlH06RDFr4thKz1e4FjuAMsSi9Slvk0nyikucWIVBrm_PML0sPGE16EzW5r_1OLOoQ
XIP-K
11. https://www.pwc.com.tr/ceo-survey-telecommunication
12. https://terranovasecurity.com/security-awareness-training-logistics-transportation-industries/
13. https://www.sciencedirect.com/science/article/pii/S0167404820302765?casa_token=V3pcEWy
TMgkAAAAA:t0xrCJigCHWcFIaoXFnJijYIWecFmXr1Mw7S3kqxoQ12ckGGAe0vanDTX-7wtiq-
rzg3PZKShwY
14. https://www2.deloitte.com/content/dam/Deloitte/dk/Documents/finance/FSI_cyber.pdf
15. https://www.cnbc.com/2022/04/26/microsoft-15-billion-security-unit-gives-investors-reason-
for-hope.html