TM One highlights inclusion of machine learning and predictive technology to sift out cyber threats
THE push for digitalisation has enabled the Enterprise and Government sectors to expand their reach and improve efficiency. But with more transactions done online, the risk of cybersecurity breaches has also risen.
Every year, millions of new security threats are created, which have cost businesses more than US$1tril in 2020 alone.
These incidents of breach not only expose organisations to data leaks and fraud attacks, they also erode brand value and could potentially damage customer trust, according to Dr Saiyid Abdallah Syahir al-Edrus, General Manager of Cybersecurity Services at TM One.
Unfortunately, awareness on the importance of cybersecurity and the impact of breaches to organisations remains low.
Cybersecurity threats to organisations have been growing over the years from both external and internal sources and these attacks have also become more sophisticated over time.
“External attacks can happen on your Information Communication Technology infrastructure, Internet of Things (IoT) or operational technology (OT) devices, your cloud environment, remote service attacks, your supply chain infrastructure, or even as part of social engineering whereby your employee is targeted and lured to divulge sensitive information.
“Sometimes, disgruntled employees can also be a threat,” he added.
The importance of investing in well-rounded cybersecurity controls can’t be emphasised more, Saiyid noted.
Implementing a good combination of network and endpoint security controls such as a data leakage prevention system can help mitigate the situation. This includes regularly updating your software, improving detection capabilities, and reviewing your processes to respond to these attacks.
Educating employees in the proper use of IT facilities will also help.
As perpetrators become more advanced in their attacks, organisations will have to ensure that their security systems are 10 steps ahead.
One of the elements that TM One sees as increasingly crucial to deploying a robust cybersecurity system is the inclusion of artificial intelligence (AI) or machine learning, which allows enterprises and the government sector to become more accurate when predicting threats.
According to Saiyid, some organisations would typically sift through 50 to 100 security alerts in a day. Having machine learning capabilities or the right predictive tools will enable them to filter through these alerts quicker and identify true security threats more precisely.
“Before the use of machine learning, we needed human intelligence to do all the analysis to identify whether the alerts we get are a true positive or false positive. With machine learning, it helps us sift through hundreds of events and collect the data we need to confirm it as a true positive and to register that a true security incident is happening.
“But that doesn’t mean we should eliminate human intelligence from the process altogether, as we still need human intelligence to validate the outcome churned out by machine learning,” Saiyid explained.
Having predictive tools also helps organisations enhance their Security Operation Centres (SOC) with better mitigation and analytical abilities. This goes a long way in improving their productivity and efficiency when it comes to operations.
Customers, no doubt, have been favourable to integrating AI into their cybersecurity framework. The challenge, said Saiyid, is the availability of funds to invest in the technology.
"At TM One, we provide advisory services when we address the security controls they need to help them improve and defend their infrastructure. Via a consultative approach, we bring them through the journey of maturity. We understand that customers are at different maturity levels, so our approach is customised for each. It’s really about working with the customer and being able to help them find the best solution for their organization."
"You can start small and build as you mature, and understand the value of cybersecurity and how it helps you defend your brand value and critical assets. You may not see your data as critical assets but they are,” he said.
Notably, as with all forms of technology, there are risks in using AI. Even machine learning tools or AI platforms are susceptible to attacks or compromise.
"It really depends on how robust and secure your infrastructure is," said Saiyid.
"It really depends on how robust and secure your infrastructure is," said Dr. Saiyid Abdallah Syahir al-Edrus, General Manager of Cybersecurity Services at TM One.
If an organisation's security infrastructure is not robust, there may be a possibility of a system manipulation or "data poisoning". As machine learning relies on large data sets for analysis to determine accurate outcomes, organisations need to ensure the integrity and reliability of their data sets to avoid false predictions by the system.
Saiyid also urged enterprises and the government sector to consider multiple layers of check-and-balance cybersecurity mechanisms to ensure a resilient cybersecurity system and reduce over-reliance on AI only.
"Sometimes, the intention of data poisoning is to derail the focus of the system analysis to get the true positive incident or anomaly."
"By diverting attention to somewhere else, the hacker is able to use loopholes to enter your system.”
While machine learning is fairly new in Malaysia, the integration of AI in cybersecurity has advanced and this trend can help organisations in Malaysia.
"We started to develop services that leverage predictive technology as part of threat hunting, and others technologies that combine predictive tools and a bit of automation to respond to repetitive security incidents."
TM One is also deploying cybersecurity with machine learning enabled in the IoT and OT security monitoring space.
To find out how TM One can help you achieve cost effective world class cybersecurity, visit www.tmone.com.my
This article was first published in The Star
The pandemic accelerated digitalisation to levels never before seen, forcing the financial sector to evolve quickly or risk being left behind. In addition to pivoting to a remote workforce, financial sector also embraced digital banking and open application programming interfaces (API) in a race to compete with upstart fintechs.
TM One, the enterprise and government sector arm of Telekom Malaysia Berhad (TM), was on hand to help its clients in the financial sector using their Zero Trust Network Access (ZTNA) concept – which TM One calls Secure Access Service Edge, (SASE) or pronounced "sassy", to quickly secure their clients’ business environments while still achieving optimal speed-to-market for their digital banking products.
When the pandemic hit, many major financial institutions had to quickly pivot to enable their people to work remotely, securely. TM One responded with its SASE offerings for two main components: Internet Access and Organisation Assets.
Ts. (Technologist) Dr. Saiyid Syahir Al-Edrus, General Manager of Cybersecurity Services at TM One and his team are overseeing TM One’s efforts in real-time.
Saiyid explains, “Firstly, employees need secure internet access. Typically, when users browse the internet they are exposed to threat vectors. A cybersecurity solution protects employees by connecting all user traffic via a micro tunnel that goes into the SASE enforcement node or cloud proxy. Secondly, we secured employee access while using organisation assets such as SAP, Salesforce, and emails via secure remote access.
“Our cybersecurity solutions deployment is often quicker than other providers, because TM One does not need to deploy devices. All we need to do is push an agent into the customers’ laptops. The agent forwards traffic to the closest edge services, connecting users to the internet, a SaaS application, or an internal application through the appropriate zero trust service.
“This agent is also intelligent enough to determine when a user wants to access any cloud application for instance. So it will route users automatically based on that HTTP request. All IT activities are secured via a secure tunnel, which is encrypted and encapsulated,” he said.
Financial institutions are now launching a myriad of mobile apps dedicated to stock broking, wealth management, insurance services and other financial services to capture new markets and revenue. Their security practices, need to evolve quickly enough with these new digital offerings. Observed gap is mainly due to the lack of security planning at the development stage, said Saiyid. Too often, security comes as an afterthought, or is the last piece to the product puzzle pre-launch.
TM One is on a mission to educate more clients on the need to involve security right from the beginning of the product development process with DevSecOps.
“DevSecOps oversees security measures and how clients should secure all their applications or any new digital development. From the start of the app development process, DevSecOps will look at multiple security perspectives: What sort of app are we launching? Will it be hosted in the cloud or on premise? And, once released to market, how should the app be secured from being tampered?”
“Typically, you download an app from a marketplace, not the developer's website. However, when an app or a patch is still pending launch from the official source, a malicious attacker can hijack the app by releasing a fraudulent version first. Anyone visiting the app marketplace will mistake the fake app for the real thing.”
“Even after the app has already been released by the official source, it can still be tampered with using malicious code. This code or virus capable of stealing user data or hijack the data that users key in.”
“Typically, a financial services app cannot be published if you do not remediate any non-compliance findings or gaps. This will further delay the release of the app or product. This creates a bit of friction between a business's market growth aspirations and compliance with certain regulations. If clients only try to secure the environment at the end of the production process, it will just delay their launch further,” Saiyid remarked.
TM One provides Professional Services who consult and advise financial institutions about DevSecOps throughout the product development process. This includes conducting Vulnerability Assessment and Penetration Testing (VAPT) and security code assessments through which the cybersecurity team roots out bugs and corrects the app syntax that can unwittingly enable errors or bugs which are then taken advantage of by hackers.
“We’ve seen instances where the app works fine, but certain non-best practices in the code stream open it up to abuse or breach and increase product susceptibility to hacking and SQL injections,” Saiyid warned.
Besides that, TM One also secures the app infrastructure through cloud-hosted apps, with one of TM One’s solutions including the setting up Web Application Firewalls (WAF) either as a dedicated solution or WAF as a Service.
Due to massive monetary and brand value, financial institutions are among the most-targeted groups by Advanced Persistent Threats (APTs), which are groups of hackers that have been backed up by certain organisations that keep on attacking certain entities or certain individuals.
TM One is committed to protecting its clients both before and after APT attacks.
“TM One’s Digital Risk Protection services (DRP) include threat intelligence. We scour the public web, the deep web, and the dark web for certain keywords such as the company or brand name or even the name of key personnel linked to a financial institution. If there is chatter about organising an attack, we can quickly inform the customer to backup and monitor certain assets. If a client already outsources monitoring to TM One, we will do it ourselves. That’s the prevention part.
“However, despite an enterprise’s best efforts, APTs can still breach their environment. That’s why our DRP services also include mitigation or takedown services. If client data has been breached or shared in the internet, we initiate a takedown service by collaborating with our international pool of partners to reach out to the malicious attacker or whoever has shared the sensitive data. We force them to take down the sensitive data from being published, on threat of legal action. That’s the mitigation part,” Saiyid explained.
For financial institutions, brand value lies chiefly in customer trust in their services. Securing those services requires both proactive and reactive cybersecurity measures. At TM One, cybersecurity is a continuous, evolving effort that is both proactive against possible threats and reactive with quick-acting and widespread mitigation efforts.
This article was first published in Fintech News
In the digital age and Industrial Revolution 4.0, the agriculture sector is undergoing a massive change by leveraging on digital technologies, especially the Internet of Things (IoT), to create a smarter agriculture.
With the help of robots, drones, remote sensors, and computer imaging combined with continuously progressing machine learning and analytical tools, farmers are monitoring crops, surveying and mapping the fields and using data-driven insights to enjoy higher productivity, saving time, and optimising resources and efforts.
One of the systems that is increasing in popularity and creating smarter agriculture is the Smart Farming system. Smart Farming makes extensive use of sensors (light, humidity, temperature, soil moisture, crop health, etc.) to monitor farm and crop conditions, and automating the irrigation and/or fertigation system. IoT enables devices embedded with sensors to connect and interact via the internet. These devices can be anything from pumps and tractors to weather stations and computers. Smart Farming allows farmers to monitor the field conditions from anywhere, at any time, in real time. Using the combined power of IoT with Big Data and Cloud, a successful communication, connection and transference of data between devices, are done most effectively and efficiently. Digital Connectivity and Cloud Computing are the essential enabler for Smart Farming. Digital connectivity is the foundation without which none of the Smart Agriculture solutions can take place. It is the necessary pre-condition that allows communication between devices and access by stakeholders. Meanwhile, cloud computing enables the hosting platform for IoT and Big Data as well as powers up the data analytics and visualisation.
The value of smart agriculture solutions lies in its promising ability to address some of the longstanding industry challenges – both at the macro and micro level:
With the use of IoT in agriculture, farmers are reaping the benefits from increased agility and data-driven farming. Thanks to real-time monitoring and prediction systems, farmers can quickly respond to any significant changes in weather, humidity, air quality as well as the health of each crop or soil in the field.
With TM One’s comprehensive and fit-for-purpose digital solutions, from connectivity right down to the digital and smart systems and applications, combined with the technical experts who are ready to guide our customers throughout their digitalisation journey, players in the agriculture sector can be assured of a smooth and seamless path to the Next Future of Agriculture.
To know more about TM One’s smart agriculture solution, visit https://www.tmone.com.my/solutions/smart-services/smart-agriculture/
“TM One is the main agency pioneering the foundation of our nation’s digital infrastructure. Through this strategic collaboration, it greatly helps Ipoh City Council in managing the city more efficiently and in an orderly manner,” - Dato’ Rumaizi bin Baharin, Ipoh Mayor.
With the blend of heritage, food and great scenery, the Lonely Planet ranked Ipoh as one of the best cities in Asia to visit. As a hotspot for tourism, the bustling city provides abundant business opportunities. The city has harnessed this potential by increasing the readiness of its digital infrastructure for mobile and fixed broadband internet.
Keeping this in mind, Ipoh envisions becoming one of the first smart cities in Malaysia by 2030. The Smart City 2030 action plan targets seven domains - Smart Living, Smart Environment, Smart Governance, Smart People, Smart Digital Infrastructure, Smart Economy and Smart Mobility – to effectively address urbanisation challenges faced by the people of Ipoh and to realise Ipoh as a Green and Low Carbon City by 2030. We are embarking on a journey to prepare for a digital future, with TM One acting as the digital enabler and provider to assist the city in its transformation.
In conjunction with the City Leap Summit 2022, a Memorandum of Understanding (MoU) was established between The Ipoh City Council and TM One. The strategic collaboration includes several initiatives that are planned and will be implemented:
One of the most remarkable achievements is the implementation of smart traffic lights. TM One’s STARS leverages AI-enabled sensors at intersections to measure the average waiting time and identify vehicle motions, thereby adjusting green light duration based on real-time congestion, and improve the journey time. This solution also help to reduce the carbon emitted by the vehicle that is using the junction and this is in line with Ipoh Green City Vision to achieve low carbon city. Additional to the benefits, STARS is a single monitoring platform that provides relevant personnel with a centralised viewing of road conditions and equipped with real-time fault notification that triggers alarms through the Telegram chat application. This will allow the relevant personnel to take swift actions and dispatching manpower on-site when needed.
As a result, the smart traffic light solution has improved traffic flow in one of the busiest streets, Jalan Sultan Idris, by 51%. This solution also has led to a 7,500 kg decrease in carbon dioxide emissions in a month – in line with Ipoh’s goal to be a Low Carbon City by 2030.
FORCE satisfies the need for a fluid system to connect the call centre agents, dispatchers and service technicians to attend to citizens’ complaints and inquiries for better communication and coordination. It allows the teams to promptly respond to public complaints and emergencies by accessing real-time ticket statuses. Also, the all-in-one platform automates task scheduling and team management, tracks real-time progress of on-site maintenance and provides access to customer profiles on the go – modernizing the city’s field service solution. FORCE is envisioned to be the system support for MBI’s existing myAduan@MBI citizen app to improve its customer experience, better cost management, and internal resource management.
The Ipoh City Council aspires to establish its first digital call centre via outsourcing. The digital call centre aims to solve the challenges of handling multilingual support requests and reduce abandoned call rates, while elevating critical issues to relevant parties when necessary. Consequently, the city can free up resources and optimise costs, while ensuring the best customer service for the people of Ipoh.
TM One Business Services (BPO) with more than 15 years of contact centre experience in Malaysia, leveraging on our Center of Expertise will be sharing the best practice; which aligned to the Industry Standards and Best Practices to help Ipoh City Council to establish the citizen engagement centre and ultimately elevate the citizen experience to the higher level.
Ipoh aims to be one of the first cities in Malaysia to enable 5G, and TM One plans to support this vision with the provision of free 5G wifi in selected areas. Additionally, a digital fibre connectivity superhighway and smart surveillance systems is being planned for Ipoh citizens.
Smart technologies help Ipoh save cost, shorten commutes, reduce carbon emission rates, and most importantly boost the quality of life for the people of Ipoh. In the long term, smart cities will spur higher citizen and government engagement as they begin to remove the communication barriers and increase the trust between citizens and officials. With the great synergy between both parties, Dato’ Rumaizi aspires to achieve more milestones in collaboration with TM One.
“My hope is that together with TM One, we will explore even more opportunities and smart technologies towards enhancing lives for the people of Ipoh.” - Dato’ Rumaizi bin Baharin, Ipoh Mayor.
Smart cities are like the humans who live in them, behaving like complex creatures, constantly collecting and transporting information to make better sense of the world. In other words, they are alive.
And like all living things, smart cities possess DNA. In its conventional definition, DNA is biological, but in this context, the DNA of a smart city is entirely different. The engine that drives the ideal smart city lies in its’ usage of technology, designed to support and enhance the lives of the human beings living in them. Each city requires a unique arsenal of technological solutions, chosen to fulfil the specific needs of its citizens, economy and environment that contributes to the success of each smart city
While certain cities thrive on an abundance of Internet-of-Things (IoT) devices, intelligent kiosks and computers, others may prefer more minimalistic, hardware-lite designs. For devices to deliver life-improving benefits for their citizens, smart cities must have high-speed connectivity and IoT networks with sufficient coverage to penetrate all parts of the cities, including in-building areas. Also, successful smart cities usually have a platform and application layer that can conduct analytics to transform data into meaningful information, viewed in a command centre.
Similar to how human abilities can be enhanced through natural growth, self-actualisation or technological aids, smart cities have ways to boost their capabilities as well. Here are a few good places to start:
A hyper connected systems need to be in place for a smart city to meet efficiency, sustainability, productivity, and safety objectives. Reliable, high coverage, high speed and low latency connectivity networks form the foundation for almost all smart city systems and are things all smart cities need.
For example, a smart city should have a tech-based delivery infrastructure for public utilities such as water, electricity, waste, sanitation, sewerage and government services built on real-time connectivity. Connected technologies and IoT solutions that can constantly match the changing supply-demand gaps can rapidly improve living standards when integrated with existing infrastructure.
Local councils need to identify and prioritise the fundamental locations, facilities and infrastructure where they would deploy the millions of sensors and IoT devices and solutions in phases towards developing and building an action focused infrastructure framework masterplan or blueprint that would yield meaningful life impacting living and social environment to the towns and cities.
As digital and physical infrastructures increasingly converge, integrate, and interoperate, smart cities must embed the proper cybersecurity and privacy measures in each stage of development. Local councils must also sync cybersecurity strategies across smart city networks and design appropriate security and governance structures to protect their citizens.
The thousands of smart devices are double-edged swords. While they collect and feed helpful information into smart applications, they open up vulnerabilities in the more extensive IoT network. Physical tampering with smart devices can lead to backdoors and malicious implants that can potentially give unauthorised access to black-hat hackers and cyber terrorists.
In short, smart cities that thrive on the abundance of data collected by the network of sensors need to be mindful of data security. While it helps authorities monitor the health of its city, the possibility of a data breach needs mitigation to avoid crippling of city operations. Therefore, robust security policies and management is needed to ensure that governance over sensitive and personal data is practised and automatically managed across the digital, smart services and IoT solutions and systems deployed.
Even though data can be tough to handle, smart cities are valuable reservoirs of data. Effective data sharing and access to this data can unleash new opportunities to innovate and generate social and economic benefits. This practice is estimated to create the above benefits worth between 0.1% to 4.0% of GDP.
All data from devices, people, systems, and the environment go through a transformation process involving data management, integration, machine learning, and advanced analytics to become information that addresses real-time incidents and assists city planning.
One key area that benefits data analytics is the smart government component. For example, conventional government censuses are expensive to implement and often collect inaccurate data, leading to the low effectiveness of newly designed policies and initiatives. With accurate and reliable data, governments can better understand the problems, and improve policy-making abilities by solving the root causes.
Other areas of benefit include financial health, improved outcomes, operational efficiency, public engagement, crisis management and others.
Artificial intelligence (AI) is the piece of the puzzle that puts the word ‘smart’ into smart cities. By combining modern machine-learning, natural language processing (NLP), and computer vision with huge data lakes, AI is primed to drive efficiency and solve most problems local councils face.
As AI systems are fed with tons of data, the technology can identify areas of improvement and recommend an effective solution. For instance, AI-intelligent surveillance systems can provide continuous protection for citizens and effective system operations of the cities. This system uses facial and object recognition, behavioural and movement analysis algorithms and objective-detection programs to analyse live video feeds and identify potential risks or threats.
Therefore, gaining extra insights into niche aspects of a city by using AI is the natural step in the evolution of modern-day smart cities.
In Malaysia, many States have already started implementing smart city projects with the federal guidelines of Malaysia Smart City Framework, MSCF. These plans mainly revolve around transportation and cashless payments - two crucial focus in society.
Moving forward, smart city planners must adopt a systems approach, meaning that authorities need to compartmentalise the goals of adopting a smart city.
At TM One we applaud the commitments and efforts of various local smart city initiatives and we understands the enormous tasks and planning required. Our talents, partners and solutions are ready to help local governments turn their blueprints into citizen-focused action plans that will move the needle in terms of turning Malaysia into a digital-first, smart-city nation.
Five years ago, the conversation surrounding smart cities was in its infancy, with most topics revolving around demystifying the technology behind them. Today, cities around the world have moved past demystification and are taking great strides in implementation. Globally, there are several shining examples we can turn to for inspiration;
While we are witnessing the transformation of several cities worldwide, what are the required factors that make a city ‘smart’?
Developing a smart city is not a task that can be sustained with an ad-hoc approach. Instead, a holistic vision is required to steer decision-making and guide action plans toward implementing realistic solutions that deliver tangible results that can enhance the lifestyles and living quality of all citizens within the city.
The Malaysia Smart City Framework (MSCF) has offered several initiatives such as MyDigital, GTMP and JENDELA as official ‘textbook approaches’ or suggested priorities. Local councils or Pihak Berkuasa Tempatan (PBTs) can refer to these initiatives in developing the smart city vision that best fits their cities.
Behind the development of a successful smart city, lies an excellent core vision that is developed based on the citizens’ real-life experiences. The application of technology is moot if it does not bring tangible benefit to its end users.
The common occurrence of pilot projects being abandoned, with selected technologies being seriously under-utilised, is a result of decision-making without a clear understanding of the real-life pain points experienced by the end-user, the citizens themselves. For a smart city to truly elevate our lifestyles and quality of living, the solutions we choose must be people-centric and based on actual needs.
Critically, PBTs will require sufficient funding to set the ‘smart city’ ball rolling smoothly. However, based on a survey conducted during the previous TM One City Leap Summit 2020, only 2.6% of PBTs surveyed indicated that they have sufficient funds, while 42% of them responded that they required funding assistance.
While procuring sufficient funds may be an issue, we can look to Indonesia to overcome the same challenge. Under West Java’s Digital Villages Theme, the West Java Provincial Government started their digital transformation of rural fisheries by installing basic smart auto-feeders in 4289 ponds across West Java. Instead of immediately using high-end tech solutions, the deployment of basic technology allowed the fishermen to empower their own productivity, resulting in a 30 to 100% increase in earnings and effectively generating their own initial capital for more cutting-edge solutions. On top of that, there was the added benefit of increasing digital literacy among the fishermen to be more receptive to newer technological solutions.
With a vision outlined and action plans identified against the available funding, the next key factor in creating a successful smart city lies in the capabilities of the project management office to turn the vision into reality. Key traits of a great project management office are:
It takes more than a day and more than just a single person to build a smart city. In fact, stakeholder management is critical in garnering support and alignment toward the outlined vision of smart city development. Effective stakeholder management requires a deep understanding of all parties who will benefit from implementing smart cities. These benefits include more efficient public services for citizens, data-driven disaster mitigation strategies for local governments, and more diverse revenue streams for investors.
Communication and outreach are vital in building the required understanding among stakeholders. Examples of campaigns designed to encourage stakeholder involvement include PLANMalaysia’s Libat Urus Pemegang Taruh involving government agencies, stakeholders and research teams for cities such as Ipoh, Johor Bahru and the Federal Territories.
Learning from our Indonesian neighbours again, the West Java Provincial Government has taken on a ‘Pentahelix Collaboration’ model, with initiatives geared towards encouraging collaboration and participation from authoritative bodies, media bodies, businesses, academics and local communities.
Good governance is the final thread capable of tying all of the above factors together. Implementing strong top-down leadership and transparent policies can crystallise each PBTs smart city vision. Good governance can also help develop sustainable funding schemes according to each PBTs needs while delivering the talent required to project management offices. It will also support communications campaigns to encourage the stakeholder buy-in needed for successful execution.
After several years of conversation, the time is ripe for Malaysia to transform its cities. The rakyat already stands to gain much more from a smart city transformation. With the effects of climate change already rearing its ugly head at our mobility, agricultural production and air quality, Malaysia is ready to accept solutions that promise to solve day-to-day difficulties. However, the advancement of smart city technologies stands to take us even further beyond problem-fixing – smart city technology now can elevate Malaysia towards a cleaner, safer, more sustainable, higher-quality way of living.
