Many firms fall short in cyber hygiene practices, warns SC
KUALA LUMPUR: The Securities Commission (SC) is preparing the industry to address challenges stemming from technological advancements through initiatives such as the Capital Market Cyber Simulation (CMCS) and the Guidelines on Technology Risk Management (GTRM).
Chairman Datuk Seri Dr Awang Adek Hussin said the rapid evolution of technology, both domestically and globally, had led to a growing reliance on external service providers, particularly in areas such as artificial intelligence and cloud computing.
However, these advancements came with inherent risks, from cybersecurity vulnerabilities to regulatory compliance concerns, he added.
“I have been informed that many industry players still fall short in their cyber hygiene practices, even in terms of basic controls for critical systems,” he said in his welcoming remarks at the “CEO Engagement SCxSC: C-Suite” forum on managing technology and cyber risks.
“This is highly concerning because such basic hygiene is fundamental to an organisation’s ability to defend itself, and our analysis suggests that inadequacies lead to cyberattacks, ransomware and even data loss.
“Many organisations are also not keeping up with key security practices like penetration testing, vulnerability assessment, hardening practice, privileged access management, and regular review of user ID, to name a few.
“This is alarming, especially with cyber incidents such as ransomware and data breaches becoming more common.”
According to him, the use of third-party services, such as cloud services, was becoming increasingly more prevalent. “We find that organisations can do better at managing risks related to third-party service providers by putting into place proper frameworks,” he said.
The implementation of the GTRM is set for Aug 1, with the objective of aiding market participants in developing robust technology risk governance and oversight structures.
Companies are mandated to submit a declaration of compliance with the GTRM to the SC by the first quarter of 2025.
“The CMCS serves as a testament to the SC’s proactive approach to preparing the industry for cyber incidents.
“By simulating real-world scenarios, organisations can test their response and recovery strategies, thereby strengthening their resilience against potential cyber threats,” he added.