Westcon-Comstor Tech Summit 2024 Charts Malaysia’s Course to Withstand Future Cyber Threats
Cybersecurity Asia (CSA) recently had the privilege of being invited to the Cybersecurity Resilience Panel Forum at the Westcon Tech Summit 2024, held at the Connexion Conference & Event Centre in Bangsar, Malaysia.
The Westcon Tech Summit 2024 gathered industry leaders, experts, and tech enthusiasts to explore the latest advancements in technology and cybersecurity. A highlight of the event was the Cybersecurity Resilience Panel Forum, which featured an engaging discussion on strengthening cybersecurity frameworks in the face of evolving threats.
The session covered critical agendas, including proactive threat detection, response strategies, and the integration of AI into cybersecurity measures. Esteemed speakers included Patrick Billings, Partner Solutions Architect, Global Partner at Zscaler; Rodney Lee, Chief Executive Officer of Cybots; Malik Murad Ali, Director of IT, Digital, HR, and LPS at Mydin Mohamed Holdings Berhad; and Hitesh Behl, Sr. Solutions Architect at Nokia.
Kicking off the Cybersecurity Resilience Panel Forum, the experts provided an in-depth analysis of how the cybersecurity threat landscape has evolved in recent years, highlighting significant challenges organisations face in building cyber resilience. As the discussions went on, the forum addressed the growing concern of supply chain attacks, exploring strategies for organisations to ensure the resilience of their supply chains and mitigate the risk of third-party compromises. Incident response was another critical topic, with panellists emphasising the importance of proactive measures to strengthen incident response capabilities and minimise the impact of cyber incidents.
Cyber resilience has undoubtedly been a hot topic in recent years, yet achieving it remains a significant hurdle for many organisations. As companies increasingly depend on technology and interconnected ecosystems, the session highlighted the necessity of third-party risk management in such ecosystems, outlining steps organisations should take to effectively assess and mitigate the risks that may arise from working with external vendors and partners. Additionally, the panel tackled the question of whether using FIPS, NIAP, or CC-certified products for network solutions guarantees quantum safety, providing insights into the complexities of securing networks against future quantum threats.
All in all, the discussions revealed that while organisations face numerous cybersecurity challenges today, anticipating future trends and fostering collaboration are crucial for resilience. With threats likely to escalate rather than subside, these strategies will definitely be crucial for enduring security.
Malaysia’s Cybersecurity Landscape: A Promising Future with Challenges
At the Tech Summit, CSA was also given the opportunity to speak with Wilson Ho, Asia Managing Director of Westcon-Comstor, who graciously shared his extensive experience and insights into the current state and future trajectory of cybersecurity in Malaysia.
Ho describes Malaysia as a growing market with a promising future, particularly following recent political stability. The Malaysian government plays a pivotal role in setting the tone for cybersecurity, with many enterprises and telcos following suit. The introduction of a new cybersecurity bill marks a significant step forward, akin to what Singapore implanted years ago. This legislation aims to strengthen the nation’s cyber defences and ensure a coordinated response to cyber threats.
The Cyber Security Bill 2024, approved by the Malaysian Parliament on 27 March 2024, marks a significant step in enhancing Malaysia’s cybersecurity framework. It establishes a comprehensive regulatory framework for the eleven National Critical Information Infrastructure (NCII) sectors, mandating that designated entities within these sectors adhere to specific standards and procedures for managing cybersecurity incidents. The Bill empowers sector leads to designate entities as NCII entities and requires these entities to comply with various obligations, including:
- Mandatory Reporting: Organisations are required to report cyber incidents within a specified timeframe, ensuring timely response and mitigation.
- Critical Infrastructure Protection: Enhanced measures are mandated to protect critical infrastructure sectors, such as finance, energy and telecommunications.
- Compliance Requirements: Businesses must adhere to stringent cybersecurity standards and practices, subject to regular audits and penalties for non-compliance.
- Personal Data Protection: The bill reinforces existing PDPA laws, holding companies personally liable for data breaches and mishandling of personal information.
However, the state of IT and cybersecurity in Malaysia is somewhat mixed. While some organisations are ahead due to forward-thinking CIOs who prioritise cybersecurity, many are still lagging. Ho noted, “Some organisations are ahead because they have forward-thinking leaders in this department who understand the need for cybersecurity and invest accordingly to achieve needed advancement in cyber resilience. Unfortunately, many organisations still lag due to a lack of investment and awareness.”
Revisiting Essential Security Fundamentals
Ho emphasises that preparation is key to tackling cyber threats. Businesses must plan not only to prevent breaches but also to respond effectively when they occur. This involves having a robust backup system and a well-thought-out recovery plan. Ho believes Malaysia is on a positive trajectory, with increased investments in data centres and a more educated population enhancing cybersecurity awareness.
One of the most effective cybersecurity defence strategies, according to Ho, lies in focusing on the basics. “Large organisations like telcos, financial institutions, and government agencies have the budget to invest in modern technologies and continuous education. However, many SMEs think it won’t happen to them and allocate their limited budget to other operations, which some throw in the least necessary ones. They often underestimate the importance of data security,” he said. This mindset needs to change, and the government can play a role by providing funding or laws to encourage SMEs to invest in cybersecurity.
In fact, a recent report by CyberSecurity Malaysia revealed that the country experienced a 30% increase in ransomware attacks in the first half of 2024 compared to the previous year. This surge in cyber threats highlights the necessity for both large corporations and SMBs to prioritise cybersecurity. The government’s role in providing financial incentives and implementing policies to support cybersecurity investments is crucial in mitigating these risks.
Westcon-Comstor’s Role in Bridging the Cybersecurity Gap
On the investment front, Westcon-Comstor’s goal as a specialist distributor of business technology is to bridge the gap between advanced cybersecurity solutions and end users. Ho strongly believes that their portfolio which includes leading security vendors such as Palo Alto Networks, Zscaler, CrowdStrike, and Symantec under Broadcom ensures a wide range of solutions to address various security needs. Additionally, they collaborate with specialised vendors like Tenable for vulnerability assessments, Gigamon for network visibility, and BeyondTrust for privileged access management.
Ho also emphasised that Westcon-Comstor’s strategic alignment with industry leaders enables them to deliver high-value, technically deep customer solutions. By focusing on rigorous technical training and expertise, they ensure their engineers are well-equipped to implement and support these security measures. This approach helps in closing the gap between cutting-edge technology and practical application, as well as ensuring organisations or businesses are well-prepared to tackle evolving cyber threats with robust prevention, detection and response capabilities.
But while technology is undeniably important, a crucial element in building cyber resilience is the human factor. Education, training and shortage of skilled cybersecurity professionals are issues that remain ongoing in Malaysia’s current state of IT. Many organisations outsource to Managed Security Service Providers (MSSPs) initially, but as they grow, they should build in-house capabilities to manage their specific needs effectively.
Ho stresses that balancing prevention, detection and response capabilities are crucial. “Prevention is better than cure,” he said. “Many of our vendors focus on Intrusion prevention systems with behavioural analytics and machine learning. We select vendors who are forward-looking and invest heavily in R&D. However, organisations must also prepare for breaches with robust business continuity plans and quick recovery strategies.
The goal is to balance preventive measures with a solid response plan to minimise damage when a breach occurs.
The Road Ahead
Malaysia’s cybersecurity landscape is at a critical juncture. While progress is being made, there is still much work to be done. Organisations must invest in both preventive measures and robust response plans to tackle the growing threat of cybercrimes effectively. Education, awareness, and government support are vital components in building a resilient cybersecurity infrastructure. Wilson Ho’s insights have shown that it is crucial for all IT leaders of the nation to collaborate either within or abroad, in order to instil a consistent innovation towards Malaysia’s digital resilience.