Exclusive! The Power of Zero Trust and AI: Strengthening Malaysia’s Security Posture

Getting your Trinity Audio player ready...

Malaysia’s cybersecurity landscape stands at a critical juncture, marked by both challenges and advancements. As a nation rapidly embracing digital transformation across sectors, including financial services, healthcare, and government services, Malaysia faces escalating cyber threats ranging from ransomware attacks to intrusions.

To counter these threats, the Malaysian government has been actively bolstering its cybersecurity posture through initiatives such as the National Cyber Security Policy and the establishment of CyberSecurity Malaysia, a key agency tasked with coordinating cybersecurity efforts nationwide. Despite these efforts, ongoing vigilance and continuous adaptation to evolving cyber threats remain imperative to safeguard Malaysia’s digital assets and sustain its economic growth trajectory in the digital age.

A prominent strategy for enhancing security involves implementing Zero Trust. According to Zscaler, a top provider of cloud security solutions, over 90% of IT executives who have initiated their transition to the cloud have either adopted, are in the process of adopting, or are considering adopting a Zero Trust security framework.

The Zero Trust approach revolutionises traditional security paradigms by advocating for the constant verification of every user and device attempting to access an organisation’s network resources, irrespective of their location or perceived trustworthiness. By eliminating the inherent trust previously granted to users and devices within the network perimeter, Zero Trust models significantly reduce the attack surface and mitigate the risk of lateral movement by malicious actors.

More importantly, Zero Trust aligns closely with Malaysia’s cybersecurity strategy. This approach resonates with Malaysia’s emphasis on proactive risk mitigation and real-time threat detection, as outlined in its National Cyber Security Policy, thus enabling the nation to better protect its critical infrastructure and digital assets in the face of evolving cyber challenges. Furthermore, organisations in Malaysia can greatly leverage artificial intelligence (AI) capabilities to mitigate security risks further.

Utilising AI, organisations can streamline their security measures by automatically identifying application segments. This reduces internal attack surfaces and enables the creation of tailored Zero Trust access policies to mitigate security risks. Moreover, AI facilitates prompt data protection through ML-based automatic data classification, allowing organisations to expedite their data protection initiatives.

Adopting Zero Trust and AI to ensure robust security can often be complex. The intricacy of implementing Zero Trust architectures and AI, especially in large, interconnected networks, can be daunting, requiring careful planning and coordination across multiple teams and departments.

In addition, integrating these principles into existing legacy systems and infrastructure poses a significant challenge, as they may need more capabilities and compatibility with modern security technologies, necessitating careful consideration and potentially extensive upgrades or replacements.

The modern Zero Trust architecture offers a robust framework for securing cloud workloads by rigorously verifying all users and devices accessing resources, regardless of location or trust level. Through strict access controls, encryption, and continuous monitoring, organisations can protect cloud environments against cyber threats, ensuring data confidentiality, integrity, and availability.

AI decreases internal attack areas by automatically identifying application segments, enabling the formulation of custom Zero Trust access policies to minimise security risks. It also offers immediate data protection through ML-based automatic data classification, requiring no setup and accelerating data protection efforts.

The 9th Annual Malaysia OpenGov Leadership Forum, held at Sofitel Kuala Lumpur Damansara on 10 July 2024, explored these ways to strengthen Malaysia’s defences. It brought together key stakeholders from various sectors to discuss and share insights on the latest developments in cybersecurity, including the implementation of Zero Trust and AI in enhancing Malaysia’s cybersecurity landscape.

The forum featured keynote speeches, panel discussions, and interactive sessions on strategic policies, technological advancements and case studies. Attendees networked and fostered collaborations crucial for advancing Malaysia’s cybersecurity agenda, leaving with a deeper understanding of the importance of innovative security frameworks and technologies in protecting digital infrastructures and supporting the country’s digital transformation.

This collective effort underscores the importance of continuous vigilance, adaptation, and collaboration in the ever-evolving field of cybersecurity, ensuring Malaysia remains resilient against emerging threats and well-positioned to thrive in the digital age.

Opening Remarks

Mohit Sagar, CEO and Editor-in-Chief at OpenGov Asia, observes that Malaysia’s cybersecurity landscape is at a critical juncture, marked by a blend of challenges and advancements. As the country rapidly embraces digital transformation across various sectors, it faces escalating cyber threats ranging from ransomware attacks to sophisticated intrusions. This environment underscores the urgent need for robust cybersecurity measures.

Mohit notes that the Global Digital Trust Insights 2024 survey, which polled 3,876 business and technology executives including participants from Malaysia, indicates significant room for improvement in cybersecurity practices.

Key findings from the survey highlight the urgency and areas of focus for Malaysian businesses. Notably, 69% of business executives in Malaysia emphasise the necessity of investing in cybersecurity through technological modernisation. Additionally, 67% express concern about hack-and-leak incidents as the primary cyber risk while 83% plan to deploy generative AI for cyber defence within the coming year.

“In 2023, CyberSecurity Malaysia documented 5,917 cyber incidents, and in the last quarter of 2022, the nation experienced nearly 84 million daily cyberattacks,” Mohit reveals. “With the frequency of cyberattacks expected to rise in 2024, particularly affecting the financial and telecommunications sectors that handle sensitive personal data, these figures highlight a troubling trend.”

In response to these threats, the Malaysian government has launched several initiatives to bolster cybersecurity resilience. The National Cyber Security Policy reflects its commitment to safeguarding the nation’s cyber infrastructure while the establishment of CyberSecurity shows its dedication to coordinating national cybersecurity efforts. Another significant step is the Cyber Security Bill 2024, which was passed by the Dewan Rakyat in March this year marking a crucial legislative move towards strengthening cybersecurity measures in the country.

Another key move in Malaysia’s cybersecurity strategy is the adoption of Zero Trust security frameworks. As reported by Zscaler, over 90% of IT executives who have started their transition to the cloud have either adopted, are in the process of adopting, or are considering adopting a Zero Trust security approach. This shift is driven by escalating cyber threats and the need for a more robust security model.

Mohit likens data to the lifeblood of modern organisations. With data flowing across and residing across the system, it energises operations and decision-making. The loss or compromise of this data can cause significant disruptions and damage an organisation’s reputation and operations. This underscores the critical importance of adopting a Zero Trust approach in cybersecurity.

Zero Trust principles advocate for continuous verification and strict access controls, regardless of whether the access request originates from within or outside the organisation’s network perimeter.

“The Zero Trust security model represents a fundamental departure from traditional security paradigms,” Mohit adds. “Unlike conventional models that trust entities within the corporate network by default, Zero Trust operates on the principle that no entity, whether inside or outside the network, should be trusted automatically. This fundamental shift fosters a more cautious and proactive security stance.”

Mohit explains that the key elements of Zero Trust include:

1. Assumption Reversal: Traditional security models assume that everything inside the network is trustworthy. Zero trust, however, assumes no entity should be trusted by default, ensuring a more vigilant and proactive security approach.
2. Continuous Authentication: Rather than relying on static credentials like usernames and passwords, Zero Trust advocates for continuous authentication, dynamically adjusting access privileges based on a user’s changing risk posture throughout a session.
3. Visibility and Monitoring: Zero trust emphasises comprehensive visibility and continuous monitoring of network traffic, user activities, and device behaviours. This real-time oversight enables more effective detection of anomalies and potential threats.
4. Adaptability to Modern Work Environments: With the rise of remote work and cloud computing, Zero Trust provides secure access to resources regardless of the user’s location or device, maintaining strong security controls while embracing remote work initiatives.

As cyber threats continue to evolve, organisations are under increasing pressure to modernise their security measures by adopting advanced technologies such as Zero Trust and AI. The absence of these approaches leaves several critical aspects vulnerable, including vulnerability to advanced threats, ineffective threat detection, limited visibility and control, compliance and regulatory risks, and business continuity and resilience.

Mohit reiterated that Malaysia’s cybersecurity environment is at a pivotal point, with the need for enhanced measures becoming increasingly apparent. He believes that adopting advanced security strategies, including Zero Trust and AI, is crucial for mitigating risks and ensuring the security and resilience of Malaysia’s digital infrastructure.

Welcome Address

Karen Chong, the Regional Vice President for ASEAN & GCR at Zscaler, emphasises the critical importance of cybersecurity in today’s rapidly evolving digital landscape. She acknowledges Malaysia’s pivotal moment in its cybersecurity journey, advocating for organisations and agencies to adopt a proactive and comprehensive approach to security.

Referencing the key findings from the 2024 Global Digital Trust Insights survey, she stresses the urgent need for organisations to modernise their security measures to effectively combat the increasing complexity of cyber threats.

While cloud security ranked as the top cyber risk concern for nearly half of global respondents (47%), it was ranked fourth (at 30%) for Malaysian respondents. This suggests that while cloud technology may not be the foremost priority for Malaysian organisations, its importance is growing.

The demand for cloud services surged during the pandemic as both the public and private sectors prioritised continuity, safety and effectiveness. As early as February 2021, the Malaysian government approved the construction of new data centres, in line with its cloud-first strategy and the Malaysia Digital Economy Blueprint. Furthermore, the government maintains a robust posture

Karen acknowledges the government’s commitment to addressing cybersecurity threats, stating, “The government is deeply concerned about cybersecurity threats, and we are actively supporting efforts to enhance and expedite the readiness, capability, and efficiency of cybersecurity in Malaysia.”

From her experience in the field, Karen knows the pivotal advanced technologies such as Zero Trust and AI play in strengthening cybersecurity posture and protecting against sophisticated attacks.

“Cyber attacks are among the most pressing issues facing organisations today,” Karen emphasises. “It is imperative that we take proactive steps to protect our digital assets and ensure the continuity of our operations.”

As a leader in cloud security, Zscaler is dedicated to helping organisations navigate cybersecurity challenges in the digital age. Their innovative solutions harness the cloud’s power to provide comprehensive security without compromising performance or user experience. With Zscalr, organisations can achieve cybersecurity goals and proactively address evolving threats, strengthening their overall posture and mitigating cyber risks effectively.

Karen highlights that Zscaler’s cloud-based platform can help Malaysian companies navigate these challenges by offering sophisticated security solutions that are adaptable, scalable, and easy to implement. She encourages participants to explore how Zscaler can support their cybersecurity strategies and empower them to manage the ever-evolving threat landscape effectively.

Technology Insight

Heng Mok, Chief Information Security Officer for the Asia-Pacific and Japan (APJ) region at Zscaler, emphasises the importance of Zero Trust in modern cybersecurity frameworks. This approach is particularly relevant for Malaysia as it aligns closely with its National Cyber Security Policy, emphasising proactive risk mitigation and real-time threat detection.

Zero-trust security operates on the principle of “never trust, always verify”, demanding continuous verification of every user and device attempting to access an organisation’s network resources. Unlike traditional security models that rely on a trusted network perimeter, Zero Trust eliminates the inherent trust previously granted to internal users and devices.

This approach significantly reduces the attack surface and minimises the risk of lateral movement by malicious actors within the network by having several essential components of Zero-Trust, including:

Continuous Verification: Every user and device must be authenticated and authorised before accessing network resources, regardless of location or prior access.

Least Privilege Access: Users and devices are granted the minimum level of access necessary to perform their tasks, reducing potential entry points for attackers.

Micro-Segmentation: The network is divided into smaller, isolated segments to contain breaches and prevent attackers from moving laterally.

Real-Time Monitoring and Analytics: Continuous monitoring of network activities helps detect and respond to threats in real-time.

Heng acknowledges that Malaysia’s National Cyber Security Policy underscores the importance of protecting the nation’s critical infrastructure and digital assets. This protection is achieved through proactive risk mitigation strategies and real-time threat detection measures designed to ensure the security and resilience of Malaysia’s digital landscape against various cyber threats and vulnerabilities.

These proactive and real-time approaches are integral to maintaining the integrity and functionality of essential services and digital operations within the country. The Zero Trust model aligns seamlessly with these objectives, offering a robust framework to enhance Malaysia’s cybersecurity posture.

1. Proactive Risk Mitigation: Zero-trust significantly reduces the likelihood of successful cyberattacks by eliminating implicit trust and continuously verifying all access attempts. This proactive stance is critical for safeguarding Malaysia’s digital infrastructure.
2. Real-Time Threat Detection: The continuous monitoring and real-time analytics inherent in Zero Trust provide early detection of suspicious activities. This capability is crucial for responding swiftly to cyber threats and mitigating potential damage.
3. Protection of Critical Infrastructure: Malaysia’s emphasis on securing critical infrastructure, such as financial systems, energy grids, and communication networks, is well-supported by the Zero Trust By ensuring that only verified users and devices can access these vital systems, the nation can better defend against targeted attacks.

While the benefits of Zero Trust are clear, implementing this model can pose challenges. Organisations may face legacy systems, integration complexities, and cultural resistance to change. However, these challenges can be overcome with strategic planning and phased implementation.

1. Legacy System Integration: Gradually integrating Zero Trust principles into existing systems can help manage the transition without disrupting operations.
2. Cultural Change Management: Educating stakeholders about Zero Trust benefits and fostering a security-first mindset can facilitate acceptance and cooperation across the organisation.
3. Technology Investment: Investing in advanced security technologies, such as identity and access management (IAM) solutions, micro-segmentation tools, and continuous monitoring systems, is essential for a successful Zero Trust implementation.

The Zero Trust approach revolutionises traditional security paradigms by advocating for constant verification and eliminating inherent trust within network perimeters.

“This model aligns closely with Malaysia’s national cybersecurity objectives, offering a robust framework for proactive risk mitigation and real-time threat detection,” Heng reiterates. “By embracing Zero Trust, Malaysia can enhance its cybersecurity posture, better protect its critical infrastructure, and confidently navigate the evolving cyber threat landscape.”

Power Talk

Heng Mok, Chief Information Security Officer, APJ at Zscaler, is confident that Zero Trust and AI can revolutionise security postures by fundamentally altering the approach to network security and threat mitigation. The model mandates that every user and device, regardless of location or perceived trustworthiness, undergo rigorous verification before accessing network resources. This continuous validation process significantly reduces the attack surface and prevents lateral movement by malicious actors, thereby enhancing the overall security framework.

Recent research underscores a growing concern among organisations regarding Generative AI (Gen AI) as a potential security risk. According to the latest findings, 89% of surveyed organisations perceive Gen AI tools as posing significant security risks. This perception stems from several factors inherent in the technology itself.

One primary concern is the potential misuse of Generative AI for creating sophisticated deepfakes or misleading content that could be used for malicious purposes, such as misinformation campaigns or impersonation attacks.

Moreover, nearly half of the surveyed organisations (48%), view Gen AI tools more as a threat than an opportunity. This apprehension reflects broader anxieties about the unintended consequences and vulnerabilities of deploying AI systems capable of autonomously generating content.

On the other hand, AI also plays a crucial role in enhancing advanced threat detection and response capabilities. Through machine learning algorithms, AI can identify and respond to abnormal behaviour patterns in real-time, automate threat mitigation processes, and improve incident response times. This combination of Zero Trust and AI creates a dynamic, adaptive security environment capable of addressing the sophisticated and evolving nature of cyber threats.

As organisations in Malaysia embark on their digital transformation journeys, it becomes vital that they integrate robust security frameworks such as Zero Trust and AI into their digital strategies.

Initially, organisations should conduct comprehensive security assessments to identify vulnerabilities within their existing infrastructure. They can develop a strategic roadmap for Zero Trust implementation, encompassing policy formulation, user and device verification processes, and continuous monitoring mechanisms.

“Concurrently, investing in AI technologies for security can enhance these efforts by enabling real-time threat detection and automated response capabilities,” he says. “Training and upskilling the workforce to handle advanced security tools and frameworks is also essential.”

By adopting a proactive and strategic approach, Malaysian organisations can ensure their digital transformation is secure, resilient, and capable of withstanding the complexities of the modern cyber threat landscape.

To achieve a future where efficiency and resilience are driven by intelligent automation, Heng believes that organisations must strategically integrate automation technologies into their operational workflows. This involves leveraging Gen-AI and machine learning to automate routine tasks, streamline processes, and enhance decision-making capabilities. Proactively, this can be achieved by investing in advanced analytics platforms that provide real-time insights and predictive analytics to foresee and mitigate potential disruptions.

Implementing effective security strategies like Zero Trust and AI simultaneously ensures that as automation scales, security remains uncompromised. “Building a culture of innovation, continuous learning, and security awareness among employees further supports this transition, ensuring that the workforce is equipped to handle the demands of a highly automated and secure operational environment.”

Dominic Yew, CISO & Head of Information Security and Digital Risk Management at OCBC Bank (Malaysia) Berhad, echoes Heng’s viewpoint. However, the adoption of AI-driven security solutions within organisations in Malaysia presents both significant challenges and compelling opportunities.

One of the primary challenges is the integration of these advanced technologies into existing legacy systems, which often lack the compatibility and flexibility to support AI functionalities.

Additionally, there is often a skills gap in the workforce, as many professionals may not yet be equipped with the expertise required to manage and optimise AI-driven security tools effectively.

Moreover, the regulatory environment in Malaysia, with its specific data protection laws and cybersecurity regulations, can pose compliance challenges for organisations seeking to implement AI solutions.

Nevertheless, the opportunities are equally significant. AI-driven security solutions can greatly improve threat detection and response times by providing real-time insights and automating routine security tasks. This allows valuable resources to be redirected towards more strategic initiatives. Furthermore, these solutions can be tailored to address Malaysia’s specific security landscape by integrating local threat intelligence and compliance requirements.

Customising AI algorithms to understand and mitigate region-specific threats, such as those prevalent in the financial and governmental sectors, can significantly bolster security measures. Moreover, collaboration between the public and private sectors to develop frameworks and best practices for AI adoption can streamline the integration process and ensure compliance with regulatory standards. By addressing these challenges and capitalising on the opportunities, organisations in Malaysia can leverage AI to create a more robust and responsive cybersecurity posture.

“Implementing Zero Trust architecture can substantially enhance cybersecurity resilience within Malaysian organisations, particularly given the evolving threat landscape and the diversity of technological infrastructures,” Dominic states emphatically. “It operates on the principle of ‘never trust, always verify,’ ensuring that every user and device attempting to access the network is continuously authenticated and authorised.

This approach significantly reduces the risk of unauthorised access and lateral movement within the network, making it harder for attackers to exploit vulnerabilities. In the context of Malaysia, where organisations may operate across a range of sectors with varying levels of technological sophistication, Dominic believes that Zero Trust provides a unified security framework that can be adapted to different environments.

For instance, in sectors like finance and healthcare, where sensitive data protection is paramount, Zero Trust can enforce strict access controls and continuous monitoring to safeguard critical information. In more traditional industries with legacy systems, it can help bridge security gaps by applying rigorous verification processes even to internal network traffic.

Additionally, as cyber threats become more sophisticated and persistent, the adaptability of Zero Trust allows organisations to remain resilient against new attack vectors and techniques. By fostering a culture of security awareness and continuous improvement and by leveraging the advanced capabilities of Zero Trust architecture, Malaysian organisations can fortify their defences and ensure sustained cybersecurity resilience in an increasingly digital world.

William Song, Group Chief Information Security Officer at Alliance Bank Malaysia Berhad, concurs that Zero Trust and AI can significantly transform security postures by addressing modern cybersecurity challenges with a proactive and dynamic approach.

Zero Trust eliminates the traditional reliance on network perimeters by requiring continuous verification of every user and device attempting to access resources, irrespective of their location or assumed trustworthiness. This model reduces the attack surface and limits the potential for unauthorised horizontal movement within the network. AI complements this by offering advanced threat detection and response capabilities.

Through machine learning algorithms, AI can analyse vast amounts of data to identify unusual patterns and behaviours indicative of potential threats. This enables real-time threat detection and automated response, enhancing the agility and effectiveness of security operations. Together, Zero Trust and AI create a robust, adaptive security framework capable of addressing the sophisticated and ever-evolving nature of cyber threats.

As organisations in Malaysia embark on their digital transformation journeys, the subsequent steps should focus on integrating advanced security frameworks and technologies to ensure robust protection. The initial step involves conducting a thorough assessment of the existing security posture to identify vulnerabilities and areas for improvement.

Organisations should create a strategic roadmap for implementing Zero Trust, focusing on clear policies for user and device verification, continuous monitoring, and strict access controls. At the same time, investing in AI-driven security solutions can boost threat detection and response capabilities. Additionally, it is crucial to prioritise workforce development by training and upskilling employees to effectively manage and optimise these advanced security tools.

By adopting a proactive and strategic approach, Malaysian organisations can secure their digital transformation efforts, ensuring resilience and continuity in the face of evolving cyber threats.

Achieving a future where efficiency and resilience are driven by intelligent automation requires a strategic integration of automation technologies into organisational workflows. Organisations must leverage AI and machine learning to automate repetitive tasks, streamline processes, and enhance decision-making capabilities.

One being asked about cybersecurity posture, William clarifies that adopting a proactive platform helps avoid potential threats rather than reacting to them. These platforms provide real-time insights and predictive analytics, enabling organisations to anticipate and effectively mitigate potential disruptions before they escalate.

Robust security measures, such as the Zero Trust approach, complement safety amid ongoing integration, automation or expansion activity. This preemptive approach enhances security posture, minimises downtime, and protects critical assets from emerging cyber threats.

William believes that building a culture of innovation, continuous learning, and security awareness among employees supports this transition, ensuring that the workforce is equipped to handle the demands of a highly automated and secure operational environment. By embracing intelligent automation and robust security measures, organisations can enhance their operational efficiency and resilience in an increasingly digital world.

Closing Remarks

In bringing the forum to a close, Heng Mok agrees that Malaysia must capitalise on collaborative initiatives, like the OpenGov Leadership Forum, to expedite its technological progress and foster innovation. The forum’s profound insights and meaningful discussions will help catalyse Malaysia’s technology transformation.

Positioned as a rapidly advancing country in the digital era, cyber resilience will be vital to its progress, enhancing the nation’s digital infrastructure, and fostering an ecosystem that securely supports innovation and growth in the technology sector.

Heng Mok reiterated the findings from Zscaler indicating that over 90% of IT executives involved in cloud migration have either adopted, are in the process of adopting, or are considering a Zero Trust security framework. This strategy, founded on the principle of ‘never trust, always verify,’ requires thorough verification for every individual and device attempting to access resources within a private network, irrespective of their proximity to the network perimeter.

By treating each access attempt as potentially hazardous, Zero Trust significantly reduces vulnerabilities and enhances the security posture comprehensively. This approach underscores a shift towards robust security measures that prioritise stringent verification protocols. It not only safeguards against unauthorised access but also bolsters defences against evolving cyber threats, positioning organisations more securely in the digital landscape.

Heng Mok urged the delegates to continue collaborating and sharing their experiences to collectively advance the nation towards a secure and inclusive future. Together, through shared knowledge and concerted effort, Malaysia can build resilience and prosperity for all its citizens.

Mohit believes that the 9th Malaysia OpenGov Leadership Forum paves the way for a more digitally advanced and secure Malaysia by addressing these multifaceted challenges and opportunities. The collaborative efforts of government, industry, and academia are vital in creating a robust digital ecosystem that supports sustainable growth and innovation.

As Malaysia advances its digital infrastructure and accelerates digital transformation, cybersecurity must remain a top priority, Mohit notes. Moving forward, the critical role of strong security measures cannot be overstated in safeguarding the resilience and reliability of digital services and platforms.

“Cybersecurity is no longer just an option but a necessity. As we transition more services to the cloud and digital platforms, protecting our data and systems from cyber threats becomes paramount,” says Mohit. “The adoption of Zero Trust security frameworks is a significant step towards achieving this goal.”

CEOs across the world rely heavily on data to drive their business strategies and decisions. Whether analysing customer behaviour, optimising supply chains, or forecasting market trends, data is the foundation for informed decision-making at the highest levels of corporate leadership.

Data-driven leadership isn’t just about leveraging information for strategic advantage; it’s also about ensuring its confidentiality, integrity, and availability through rigorous cybersecurity practices. This holistic approach fortifies organisational defences and reinforces the foundation upon which future growth and success are built.

Confident that the knowledge shared and best practices discussed will drive better-informed action, Mohit encouraged the delegates to implement the insights gained and drive forward the nation’s digital agenda.

“If it retains its strong emphasis on safety and cutting-edge technologies, Malaysia is strategically positioned to navigate the challenges of the digital era and establish itself as a frontrunner in the global technology arena,” Mohit concludes. “By cultivating a culture of cybersecurity awareness and readiness, together we can effectively safeguard the nation’s digital economy and uphold the confidence of both its citizens and global allies.”