This is story about Malaysia’s newly announced budget plan, ChatGPT, and what a room full of IT industry veterans can bring to the conversation; something which any amount of AI currently, cannot.
It all started with reactions towards the budget allocation of RM10 million towards combatting scams. The cybersecurity podcast team I work with has a lot to say about this.
In fact, many had something to say about the RM10 billion allocation for the NSRC or National Scam Response Centre.
The gist of it is this: if that budget is meant to go towards responding to incidents AFTER they happen, then what is going towards addressing the root cause and nipping the problem at the bud?
To effectively fight scamming activity, what is required is a long, hard, and thorough look at the whole lifecycle of scams, from root cause all the way to putting scammers behind bars and shutting down their servers.
Hence, that budget amount is not only “tak cukup”, its scope is also too narrow.
“TAK CUKUP” AND TOO NARROW
One particular industry veteran pointed out, “If you notice, all efforts being done are to get some protection, but still nothing is being done to catch scammers!”
He also opined, “Those financial institutions are the biggest culprits! They are just not doing anything unless they are forced to.
“The RM10m should be towards initiatives to NAB scammers….,” he added, stating that ultimately, “We need to hear about scammers being nabbed based on tracing of the links and phone numbers!”
KILLSWITCH – ONUS ON THE USER
EITN editor Charles Moreira also very accurately pointed out, “RM10 million is so token. And putting the onus of the kill switch on end users absolves the banks from that responsibility.”
He was referring to the Bank Negara policy for all banking institutions to enable users to immediately freeze their accounts in the event of any suspicious activity. But how adept are users at recognizing suspicious activity? Awareness and education is low among bank users to detect if they are being scammed, or if any fraud or withdrawal activity is happening.
There is a reason that these sectors are highly regulated, so why not fortify what is pre-existing for example policies, regulations, and yes.. controls and enforcement?
WHAT CHATGPT SAYS:
When asked about the budget allocation for Malaysia’s cybersecurity industry, the ever-optimistic AI was hopeful that the budget would be used for 6 initiatives which “could help improve Malaysia’s cybersecurity posture and readiness and address the specific needs and challenges the country faces.”
This response is ideal for a college-level essay about cybersecurity for a nation. But it neglects and overlooks the hard, cold realities of the industry, and the painstaking work that goes into operationalizing cybersecurity at an organization or nation-level, and the equally painstaking work that goes into ensuring sustainability of skills, resources, and more, for a resilient cybersecurity posture.
This article was originally posted on EITN.