Malaysian IT security leaders have been urged to remember the situational awareness key in security risk management planning by network security specialist Fortinet.
Michelle Ong (pic below), who is Malaysia country manager for Fortinet, explained that "human beings are continually looking for knowledge or information to improve the situations they are in. If we live in a crowded city, for example, we want to know which routes are best to avoid getting stuck in traffic. When we enter a restaurant or cinema, we look for the exits. And when a suspicious looking person enters the room, part of our mind automatically keeps track of him."
"This behaviour is known as situational awareness, and it is second nature to most of us," said Ong.
"When people use IT, however, this behaviour surprisingly does not carry over," she continued. "They click on dubious links without a second thought, open files they do not recognize, and connect to wireless networks they are unfamiliar with."
"If people could become more situationally aware in their handling of computing devices, they - and the organisations they work for - would be victimized by cyber threats much less often," said Ong.
She went on to say that "situation awareness in enterprise IT environments starts with understanding the organisations business priorities, risks and threats."
"IT leaders must be able to frame the issues they are dealing with within short and long-term business objectives, have clear line-of-sight across the organisation and technologies, and be able to establish policy and governance for everyone who touches the firm's data," said Ong.
To achieve cyber situational awareness, she advised IT leaders in Malaysia to focus on four key thrusts:
1. Business Mission and Goals. Understand the organisation's business mission, and then align it to those processes and resources that exist to enable that mission. Companies must understand the type of data it uses and generates, and how much the processes that use this data overlap with those of other teams as they learn about and document these processes.
2. Cyber Assets. Understand and catalogue all the assets on the organization's network, along with any vulnerability they may have. Get to know their profiles, such as what OS and version is installed, what applications reside on those devices, and what data they hold.
3. Network Infrastructure. All devices are connected, which means we need to understand how they are connected, and to what. A single vulnerable device may not matter much, but if it is connected to something critical, the risk level can become very different.
4. Cyber Threats. Understand the capabilities and tactics of threat actors targeting your organisation. Threat actors can include government sponsored cyber espionage, organised crime, hacktivists, insider threats, opportunistic hackers and internal user errors. Organisations need to know which of these threat actors are most likely to be focused on stealing the data that resides in the network.
For some recent local security news, see:
Ransom DDOS attacks hit Malaysian financial firms: Experts advise action plan for IT
WannaCry attacks: Former Malaysian hacker predicted healthcare target
Global ransomware attacks prompt national 'WannaCry' alert from CyberSecurity Malaysia
Crash Override, Industroyer malware: CyberSecurity Malaysia calls for critical infrastructure checks
In Malaysia, worries about cyber threats overtake physical concerns for the first time: Unisys Index
The latest edition of this article lives at Computerworld Malaysia.
Sign up for Computerworld eNewsletters.