Recent developments on the cybersecurity legislation front, sees the industry stirring with interest and aligning with region-level ambition for a thriving digital economy. Will all these amount to finally embedding security into supply chains and cybersecurity being done differently from how it used to be?

During a fireside chat session with Blackberry’s VP of Product Security, Christine Gadsby at Blackberry’s CCoE, the cybersecurity chapter President of ASEAN’s CIO Association (ACIOA) Dr. Carrine Teoh observed how the recent NACSA Cybersecurity Summit generated significant interest and collaboration within the industry, indicating the growing vibrancy of the cybersecurity field in Malaysia.

This is largely seen as due to the progress Malaysia has made with regards to the Cybersecurity Act 2024, which aims to strengthen cybersecurity policy in the region to better protect critical infrastructure and national security. This aligns with the progress that ASEAN countries like Brunei, Singapore, and Thailand have made respectively by introducing cybersecurity policies as well.

She observed, “This ties back very well with the whole ASEAN cybersecurity cooperation strategy which is basically a lot of strengthening of coordination at policy level with ASEAN. Because one of the key things that this whole region wants to harness, and take advantage of, is the digital economy.”

“Security is great to do, but you have to do security to actually be secure, and sometimes we lose sight of that as an ecosystem. We look at a product and we write a check for it, but we don’t really understand the supply chain it is going into.”

These observations were layered on by Blackberry Security’s recent research findings that 81% of Malaysian companies discovered insights they didn’t know about in their supply chain. This is potentially risky because without the much-needed visibility of an environment, companies would not know what or how to protect it.

What was worrying for Christine as well, was the nearly 80% of companies that had discovered a security vulnerability in their supply chain.

Fifty-eight percent also responded that there is a lack of technical understanding. While tooling and automation is important, people have a crucial role as well. Christine pointed out, “If you don’t have the people that understand how it’s embedded into your technical system, and how it maps to things like the Cybersecurity Act 2024, then how are you going to use (tools and automation) to actually be more secure?”

Christine expressed, “Security is great to do, but you have to do security to actually be secure, and sometimes we lose sight of that as an ecosystem. We look at a product and we write a check for it, but we don’t really understand the supply chain it is going into.”

In summary, Christine wanted to share how for Malaysia, as it has been for the U.S. and then for Europe in recent years, policy is now defining the criteria for security, rather than just vendors selling products. She emphasized that the ecosystem needs to focus on operationalizing security and avoiding disasters, rather than just purchasing security products.