Fortinet SecOps: Enduring the Evolving Cyber Attacks

The numbers of cyber attacks continue to rise and become more prevalent, driven by accelerated digital transformation. The situation becomes even more pressing when threat actors adopt new technologies that enable them to move vertically undetected.

To elucidate on the matter, Fortinet organised a SecOps media briefing at St. Regis, Kuala Lumpur, led by distinguished speakers: Dickson Woo (Fortinet Malaysia Country Manager), Wallace Yaw (Fortinet Business Development Manager, Security Fabric for Southeast Asia, and Hong Kong), and Rashish Pandey (Fortinet Vice President, Marketing & Communication, for Asia and ANZ).

The media briefing began with Woo discussing the current state of cybersecurity, encompassing the evolving threat landscape and talent gap issue. According to Woo, one of the contributing factors to the increased prevalence of cyber attacks is the rise of Ransomware-as-a-Service (RaaS), a cybercrime business that distributes pre-packaged malicious software developed by unscrupulous operators.

Consequently, ransomware has become easily accessible to the public, including individuals and organisations, leading to a surge in cyber attack rates. RaaS doesn’t require extensive skills or knowledge for swift configurations and operation. This plug-and-play approach has significantly incentivised threat actors to launch attacks with greater frequency.

The heightened frequency of cyber attacks amid a cybersecurity talent gap has become a very challenging situation to address. Woo explained, albeit indirectly, that the ongoing economic downturn is forcing many companies to reduce their budget, leading to a scenario where talents are pressured to do more with fewer resources.

However, Woo articulated that Fortinet is currently making an effort to tackle the talent issue:

“Currently, Fortinet is actively collaborating with both public and private universities in designing courses to impart skills, awareness, and knowledge about cybersecurity. Our end goal is to increase the number of certified cybersecurity professionals in Malaysia. So that we can eventually bridge the cybersecurity talent gap.”

Woo added that, in addition to educating the younger generation about cybersecurity awareness, Fortinet is currently advocating for a platform that enables them to manage all cybersecurity elements in one place. This approach aims to enhance efficiency in detecting and combating cyber attacks.

Following Woo’s opening presentation, Rashish Pandey, Fortinet Vice President, Marketing & Communication for Asia and ANZ at Fortinet, proceeded to share some of the results from Malaysia’s SecOps Survey.

Pandey highlighted that the most prevalent cybercrime in Malaysia is phishing, which has subsequently become a primary concern for business organisations in the country. Phishing exploits vulnerabilities and can escalate into a ransomware attack that could lead to significant losses such as data extraction and control override. He also echoed Woo’s statement that the rising frequency of cyber attacks can be attributed to RaaS, which appears to be proliferating in Malaysia. However, even though cyber attacks are perpetrated by external actors, it is essential to consider insider risks as well. According to several surveys, insider risks constitute one of the fastest-growing cybersecurity risk categories across organisations today.

When discussing the best course of action to mitigate insider risks, Woo recommended organisations educate themselves, particularly the board members. Once they comprehend the dangers posed by insider risks, they will not only gain awareness but also allocate resources and attention to minimise these risks.

Pandey suggested organisations engage cybersecurity consultants and arrange bi-weekly training sessions to familiarise employees with insider risks and the most effective ways to counter them. Through regular training and refreshers, employees will gradually become adept at implementing cybersecurity best practices without disrupting their day-to-day work. In addition to regular cybersecurity training, fostering transparent communication among teams in an organisation will ensure every employee will be informed and up to date regarding ongoing cyber attack attempts. This will equip employees with the awareness of what to click and what to avoid, enhancing their ability to navigate potential threats.

Concluding the afternoon media briefing, Wallace Yaw, Fortinet’s Business Development Manager for Security Fabric in Southeast Asia, and Hong Kong, stepped forward to elucidate how Fortinet’s Fabric Security Solution can assist organisations in tackling cyber threats and challenges faced by organisations. According to Yaw, Fortinet Fabric Security Solution is a comprehensive and integrated cybersecurity solution that offers a broad range of sensors that utilise AI and other advanced analytics capabilities to consistently protect devices, users, networks, applications and even cloud platforms from attempted cyber attacks.