KUALA LUMPUR, May 10 — Leaders of organisations must ensure a comprehensive technology risk management framework is in place as it guides organisations to identify key risks and put the right controls in place, the Securities Commission Malaysia (SC) said.
Its chairman Datuk Seri Dr Awang Adek Hussin said through initiatives like the Guidelines on Technology Risk Management (GTRM) and the Capital Market Cyber Simulation (CMCS), the SC is preparing the industry to face any challenges that arise.
“In today’s business landscape, the use of third-party services such as cloud services is increasingly predominant. We find that organisations can do better in managing risks related to third-party service providers by putting proper frameworks in place,” he said in his welcoming remarks at the CEO Engagement SCxSC: C-Suite Forum on Managing Technology and Cyber Risks.
Awang Adek also notes that the GTRM, which is designed to guide the market participants to establish a sound and robust technology risk governance and oversight, will take effect on Aug 1, 2024.
In addition, he said entities are expected to submit a declaration of compliance to the GTRM to the SC by the first quarter of 2025, while more information regarding this will follow closer to the guidelines taking effect.
He said the SC’s commitment to driving fintech development through upcoming initiatives like the Innopolicy Roundtables, Pitch and Match sessions, and the SCxSC Fintech Summit underscores the importance of collaboration between regulators and industry stakeholders in addressing emerging challenges.
Similarly, Awang Adek said this event aims to keep the industry abreast with the latest technology trends and shed light on prevalent industry technology audit findings and incidents that may impact business operations. He added that the SC would also like to align leadership role expectations, reinforcing what is expected of the top brass regarding managing technology risk.
“I have been informed that many industry players still fall short in their cyber hygiene practices, even in terms of basic controls to critical systems. This is highly concerning because such basic hygiene is fundamental to an organisation’s ability to defend itself, and our analysis suggests that inadequacies lead to cyber-attacks, ransomware, and even data loss,” he said.
According to Awang Adek, many organisations also are not keeping up with key security practices like penetration testing, vulnerability assessment, hardening practice, privileged access management and regular review of user ID, to name a few.
He said this is alarming, especially as cyber incidents such as ransomware and data breaches become more common.
“The CMCS serves as a testament to the SC’s proactive approach to preparing the industry for cyber incidents. By simulating real-world scenarios, organisations can test their response and recovery strategies, thereby strengthening their resilience against potential cyber threats,” he said.
— Bernama
