Computerworld Malaysia got a real scoop this evening and kudos to author, award winning IT journalist / screenwriter & reformed consultant Avanti Kumar for his pursuit of one of Malaysia’s most low profile ethical hacker to get his story.
In an exclusive interview with LE Global Services (LGMS) executive director and senior IT security consultant Fong Choong Fook, ComputerWorld Malaysia found out that majority of hackers today are attracted by discovered vulnerabilities in an organisation’s networks rather the value of any data assets held.
Companies are potential targets irrespective of the industry they are in, said Fong. “Many companies, feel secure in not being in ‘lucrative’ fields such as finance or banking, and they feel content to put in place basic ground-level defences and hope to get by. That alone is not enough.”
Citing a Gartner report, Fong said that 75 percent of attacks today occur at the application level. “Despite the common use of defences such as web application firewalls and intrusion prevention and detection systems, hackers still pose a serious liability and not often stopped or detected.”
“Take for example the healthcare industry, one of the most rapidly developing sectors within Malaysia,” said Fong. “According to Trend Micro, the problem of cyber security vulnerabilities within the healthcare sector are pervasive, impacting health care providers of all sizes and types. During 2015 alone more than 120 million health care records were breached globally, a number that is going nowhere but up.”
“Cybersecurity is one of the fields that most businesses have a love-hate relationship with,” he continued. “Businesses know that to prevent cyber-intrusion is very necessary, but is an almost insurmountable task if they were to try and cope with it themselves.”
“It is the ones who do not lie awake at night worrying that are truly in danger,” said Fong, adding that LGMS was established in Malaysia in 2005 to help companies cope with information security issues.
“From a business owner standpoint, those who are aware of the threats could very well lie awake many nights, thinking that at any moment, someone could be probing, poking, and prodding relentlessly at the cyber defences protecting their business,” he said.
“Cybersecurity is an ongoing process of exercising due care and due diligence to protect information and information systems,” he said.
“This [process] can be from unauthorised access, use, disclosure, destruction, modification, or disruption. The ongoing process of cybersecurity involves training, assessment, protection, monitoring and detection, incident response and repair, documentation, and review at many levels,” Fong said.
He said in his experience with LGMS, securing organisations needed the knowledge, expertise and dedication to carry out the implementation of security measures at multiple levels, such as penetration testing, security assessment, application security assessment among other procedures.
“Since inception, LGMS has maintained a laser-focus on delivering services that assess client security requirements, reduce risk and provide operational efficiency,” said Fong.
“LGMS is the only information security services company that integrates the best practices of ISO quality management systems into their entire portfolio of services, resulting in measurable performance increases for customers,” he said, adding that the company’s core clients are from the banking and financial services industry.
Looking ahead, Fong said that with the “computing world progressively embracing the Internet of Things (IoT), cybersecurity will become more critical than ever with more devices being connected online every day.”