The pace of technological advancement, both globally and locally is unprecedented. Cloud computing, big data, blockchain and artificial intelligence (AI) offer opportunities to redefine our market and optimise operations like never before.
Speaking at the CEO Engagement SCxSC: C-Suite Forum on Managing Technology and Cyber Risks session today (May 10), Securities Commission Malaysia (SC) Chairman Dato’ Seri Dr. Awang Adek Hussin said they observed a growing reliance on third-party service providers, particularly in areas like Cloud Services and artificial intelligence, among others.
“With every advancement, there are inherent risks – from cybersecurity vulnerabilities to regulatory compliance concerns. We need effective leadership to navigate the complexities of technological advancements. Effective leadership sets the tone on technology governance and cybersecurity culture which would also bridge conversations between business, IT, and security functions and ensure organisational alignment and adaptability.
He said the SC’s commitment to driving fintech development through upcoming initiatives like the Innopolicy Roundtables, Pitch and Match sessions, and the SCxSC Fintech Summit underscores the importance of collaboration between regulators and industry stakeholders in addressing emerging challenges.
Similarly, this event aims to keep the industry abreast with the latest technology trends and shed light on prevalent industry technology audit findings and incidents that may impact business operations. The SC would also like to align leadership role expectations, reinforcing what is expected of the top brass regarding managing technology risk.
“I have been informed that many industry players still fall short in their cyber hygiene practices even in terms of basic controls to critical systems. This is highly concerning because such basic hygiene is fundamental to an organisation’s ability to defend itself and our analysis suggests that inadequacies lead to cyber-attacks, ransomware, and even data loss.
“Many organisations also are not keeping up with key security practices like penetration testing, vulnerability assessment, hardening practice, privileged access management and regular review on user ID, to name a few. This is alarming especially with cyber incidents, such as ransomware and data breaches becoming more common. It is important to ensure a comprehensive technology risk management framework is in place,” the SC Chairman said.
He explained that through initiatives like the Guidelines on Technology Risk Management (GTRM) and the Capital Market Cyber Simulation (CMCS), the SC is preparing the industry to face any challenges that arise.
Awang Adek announced that the Guidelines on Technology Risk Management will take effect on 1 August 2024. It is designed to guide the market participants to establish a sound and robust technology risk governance and oversight.
“In addition, entities are expected to submit a declaration of compliance to the GTRM to the SC by quarter 1, 2025. More information regarding this will follow closer to the Guidelines taking effect.”
Meanwhile, the Capital Market Cyber Simulation serves as a testament to the SC’s proactive approach in preparing the industry for cyber incidents. By simulating real world scenarios, organisations can test their response and recovery strategies, thereby strengthening their resilience against potential cyber threats.