Managing In-House Cybersecurity Responsibilities

The recent news about DBKL systems allegedly being hacked with a ransom demand of RM236 million is deeply alarming. As someone who’s been in the IT and business development space, this incident is a wake-up call for all government agencies, GLCs, and even private corporations in Malaysia. Cybersecurity is no longer just an IT department's responsibility. It is an organisation-wide priority. This kind of attack doesn’t just risk sensitive data. It shakes public trust, disrupts services, and drains financial resources that could have been used for development. So how do we prevent this? ❗️1. Basic Cyber Hygiene Must Be Enforced Strong passwords, multi-factor authentication (MFA), timely system updates, and regular patching are not optional anymore. Many breaches happen simply due to outdated software or poor access control. ❗️2. Educate Everyone From top management to front liners, everyone needs cybersecurity awareness training. Social engineering, phishing, and impersonation attacks are getting smarter. A single unaware staff can become the weakest link. ❗️3. Conduct Regular Penetration Tests and Audits We need to stop treating cybersecurity audits as a compliance checklist. Continuous monitoring, external penetration tests, and simulated phishing campaigns must be conducted regularly. ❗️4. Invest in Threat Detection and Response By the time hackers ask for ransom, it is already too late. Organisations need to implement real-time threat detection, SIEM systems, and endpoint detection and response (EDR) tools to spot and neutralise threats early. ❗️5. Backup. Backup. Backup. Critical systems and data must be backed up securely and regularly, both online and offline. In the event of an attack, recovery should be possible without paying a ransom. ❗️6. Appoint a CISO and Form an Incident Response Team (Male for corporate smartness, Female for detailed work) Leadership matters. Cyber resilience must be driven from the top. An empowered Chief Information Security Officer (CISO) and a dedicated Cybersecurity Incident Response Team (CSIRT) should be standard in every major organisation. This DBKL case is not just about one agency. It is a national issue. We must stop being reactive and start building cybersecurity into the DNA of how we operate. #CyberSecurity #Malaysia #DBKL #DigitalResilience #ITGovernance #CyberAwareness #PublicSector #Infosec #Ransomware #CISO #PenTest #IncidentResponse #MFA #MalaysianGovTech #BusinessContinuity #CyberSecurityMalaysia

The "set it and forget it" approach to cybersecurity is a ticking time bomb. Why? Because cybersecurity isn't a one-and-done deal.  It's an ongoing battle that requires constant vigilance and adaptability. Threat actors are often relentless, constantly sharpening their skills and finding new ways to infiltrate your defenses.  If you're not doing the same, you're leaving the front door open for them to enter and wreak havoc on your business. What can you do to stay ahead of the game?  1. Treat cybersecurity like a subscription, not a one-time purchase. Stay on top of software updates and patches like your life depends on it (because, let's be real, your business does). 2. Continuously educate your team on the latest threats and best practices. Cybersecurity isn't just an IT problem; it's an everyone problem. 3. Regularly review and update your security policies and procedures. The cybersecurity landscape is constantly shifting, and your strategies need to keep up. 4. Conduct regular risk assessments and penetration testing. Identify vulnerabilities before the bad guys do, and plug those holes faster than lightning. 5. Create a culture of cyber resilience. Encourage your team to be proactive, curious, and unafraid to question the status quo regarding security. Staying vigilant and proactive with cybersecurity can feel like a never-ending battle.  But complacency costs far more than the effort required to stay secure. 

If you treat cyber like IT, risk multiplies. I’ve spent 20+ years in rooms where that sentence proved true. Not because IT isn’t smart. Not because security teams don’t work hard. But because cyber isn’t about devices. It’s about decisions. When leaders treat cyber like “the firewall team’s job,” here’s what actually happens: → Risk decisions get made by default → Budget becomes reactive → Revenue exposure hides in technical language → The board gets updates, not choices And when something breaks? It’s suddenly a business crisis. Not an IT ticket. Cybersecurity is about decisions, not devices. Every control you buy is a business bet. You’re deciding: 💰 What revenue you’re willing to put at risk ⏱ How long you can afford to be down 🤝 How much client trust you’re prepared to gamble 📈 How fast you want to grow without breaking Firewalls don’t decide that. Your leadership team does. Here’s where I see companies get it wrong: ❌ “IT will handle it.” That means no one owns risk at the executive level. ❌ “Just buy the tool.” Tools don’t reduce risk without priority and alignment. ❌ “Are we compliant?” Compliance is a floor. Strategy is the ceiling. The companies that win treat cyber like capital allocation. They ask: → What decision does this control support? → What business outcome does this protect? → What risk are we consciously accepting? That shift changes everything. Now the CISO isn’t presenting dashboards. They’re presenting options. Option A: Accept the risk Option B: Invest $X to reduce exposure Option C: Change the business process That’s a leadership conversation. When cyber is just tech, it competes with help desk tickets and server upgrades. When cyber lives at the decision table, it protects revenue, speed, and survival. Devices are tactical. Decisions are strategic. If you treat cyber like infrastructure, you’ll fund it like overhead. If you treat cyber like decision-making, you’ll govern it like risk. And risk is a leadership responsibility. Cybersecurity isn’t about what you installed. It’s about what you’re choosing. 🧙🏼♂️ Cyber maturity isn’t a tech upgrade. It’s a governance upgrade. 📲 If you’re rethinking how risk decisions are made at the executive level, follow @Wil for straight-talking insight. If you want help building that structure, my inbox is open. 📥

All risk is enterprise risk. Cybersecurity Risk Management (CSRM) must be part of Enterprise Risk Management (ERM). Many companies think managing cyber risks is: ╳ Just an IT problem. ╳ Isolated from other risks. ╳ A low-priority task. But in reality, it is: ☑ A key part of the entire risk strategy. Here are the key steps to integrate cybersecurity risk into enterprise risk management: 1. Unified Risk Management ↳ Integrating CSRM into ERM helps handle all enterprise risks effectively. 2. Top-Level Involvement ↳ Top management must be involved in managing cyber risks along with other risks. 3. Contextual Consideration ↳ Cyber risks should be considered in the context of the enterprise's mission, financial, reputational, and technical risks. 4. Aligned Risk Appetite ↳ Align risk appetite and tolerance between enterprise management levels and cybersecurity systems. 5. Holistic Approach ↳ Adopt a holistic approach to identify, prioritize, and treat risks across the organization. 6. Common Risk Language ↳ Establish a common language around risk that permeates all levels of the organization. 7. Continuous Improvement ↳ Monitor, evaluate, and adjust risk management strategies continuously. 8. Clear Governance ↳ Ensure clear governance structures to support proactive risk management. 9. Digital Dependency ↳ Understand how cybersecurity risks affect business continuity, customer trust, and regulatory compliance. 10. Strategic Enabler ↳ Prioritize risk management as both a strategic business enabler and a protective measure. 11. Risk Register ↳ Use a unified risk register to consolidate and communicate risks effectively. 12. Organizational Culture ↳ Foster a culture that values risk management as important for achieving strategic goals. Integrating cybersecurity risk into enterprise risk management isn't just a technical task. It's a strategic necessity. 💬 Leave a comment — how does your company handle cyber risk? ➕ Follow Andrey Gubarev for more posts like this

In many SMBs, cybersecurity is handed to the IT team “by default.” They’re technical, they know the systems—makes sense, right? Not quite. Cyber is about risk management, threat detection, incident response, and regulatory compliance. IT is about availability, performance, and operations. That’s like asking your mechanic to build your car’s alarm system. Related, but not the same. What Could Go Wrong? A breach that goes undetected because there's no monitoring Compliance failures due to missing policies Finger-pointing after an incident: “That wasn’t in our scope…” A Better Model: ✅ Let IT own infrastructure ✅ Let Cyber own risk and response ✅ Bridge the two with shared goals and clear roles Your cyber posture is only as strong as the clarity of your ownership model. Security deserves dedicated leadership—even if it’s part-time or virtual.

If the highest-consequence cyber risk in manufacturing sits at the OT/IT boundary, governance has to start there. Not in a policy document. Not in a quarterly review. In how the environment is actually operated. In stronger environments, three operating disciplines tend to stand out. First, there is clear ownership of the boundary. Not vague shared responsibility. Clear accountability for how access, identity, and control are managed across IT and OT. Second, access is governed through a defined operating model. Engineering workstations, vendor remote access, and remote support tools are not treated as one-off exceptions. They are brought into a standard approach for provisioning, review, monitoring, and removal. Third, controls are continuously validated. Not simply documented. Not assumed to be effective because they exist. Access is reviewed. Configurations are tested. Privileges are challenged. Assumptions are revisited. This is not about adding more tools. It is about operating the boundary as a system. When governance is clear, controls become more effective. When governance is fragmented, controls become inconsistent, and inconsistency creates exposure. Resilience is not built through individual technologies alone. It is built through disciplined ownership, controlled access, and consistent operation across the environments that matter most. For little deeper dive on this topic, check out my substack at: https://lnkd.in/eTGubqEP #Cybersecurity #Leadership #Governance

Cybersecurity Leadership: What Every C-Suite Needs to Know In today's interconnected world, cybersecurity isn't just an IT issue—it's a critical business concern that demands attention at the highest levels of an organization. Understanding the basics of cybersecurity is crucial for safeguarding your company's assets, reputation, and future. Know Your Enemy: The Threat Landscape Imagine cybercriminals as an ever-evolving army, constantly developing new tactics. From malware that can cripple your systems to sophisticated phishing schemes that trick even the savviest employees, the threats are diverse and relentless. Ransomware attacks, which can hold your data hostage, have become particularly prevalent. Stay informed about these threats through regular briefings from your security team. Know Yourself: Risk Assessment You can't protect what you don't understand. Regular risk assessments are like health check-ups for your organization's cybersecurity. These evaluations help identify your critical assets, current vulnerabilities, and potential impacts of a breach. By quantifying these risks, you can make informed decisions about where to allocate resources for maximum protection. Build Your Fortress: Defense-in-Depth In cybersecurity, one wall isn't enough. The concept of defense-in-depth advocates for multiple layers of security controls. Think of it as a medieval castle with moats, walls, and guards. In the digital realm, this translates to firewalls, antivirus software, encryption, and access controls, among others. Each layer adds an extra obstacle for potential attackers. Prepare for Battle: Incident Response Despite best efforts, breaches can happen. Having a well-prepared incident response plan is like having a fire drill for your data. It ensures everyone knows their role when a crisis hits. Regular exercises can help refine this plan and keep your team ready for action. As a leader, your involvement in these drills sends a powerful message about the importance of cybersecurity. Arm Your Team: Employee Training Your employees are both your greatest asset and potentially your weakest link in cybersecurity. Regular training can transform them from vulnerabilities into vigilant defenders. From recognizing phishing attempts to practicing good password hygiene, an educated workforce forms a human firewall against cyber threats. As an executive, your role in cybersecurity goes beyond understanding these concepts. You need to champion them. Make cybersecurity a regular board-room topic. Allocate appropriate resources. Lead by example in following security protocols. Remember, in the digital age, data is the new oil. Protecting it isn't just about avoiding losses—it's about ensuring your organization's ability to innovate, compete, and thrive. By prioritizing cybersecurity, you're not just defending against threats; you're positioning your company for success in an increasingly digital future.

This infographic illustrates a structured, multi-layered Cybersecurity Program Architecture, presented as a cohesive "cubic" ecosystem. It emphasizes that security is not just a technical deployment, but a managed business process involving governance, risk management, and operational support. The model is broken down into three primary horizontal tiers: 1. Top Layer: Governance & Leadership This is the "brain" of the program, where strategic decisions are made, and legal boundaries are set. • Steering Board: The executive body that provides oversight and aligns security with business goals. • Legal Obligation Registry: A catalog of the laws, regulations (like GDPR or HIPAA), and contracts the organization must follow. • Approved Control Registry: The specific set of security measures (controls) selected to mitigate risks. • Roles & Responsibilities: Clearly defining who is accountable for what, ensuring no gaps in oversight. 2. Middle Layer: Core Domain & Key Security Domains This is the engine room where active risk management and security operations take place. Core Domain - Risk Management: • Asset Identification: Knowing exactly what hardware, software, and data need protection. • Threat & Vulnerability Analysis: Identifying external threats and internal weaknesses. • Risk Assessment: Evaluating the likelihood and impact of potential security incidents. • Risk Treatment Plans: Deciding whether to avoid, transfer, mitigate, or accept specific risks. Key Security Domains: • Information Handling: Protocols for how data is classified, stored, and shared. • Business Communications: Ensuring secure messaging and information flow across the organization. • Training & Awareness: Educating the workforce to prevent human-error-based breaches. 3. Bottom Layer: Supporting Infrastructure This represents the foundation of the program—the "paperwork" and processes that ensure consistency and compliance. • Strategy Documents: High-level roadmaps for the program’s future. • Policy Framework: The high-level rules that mandate security behaviors. • Practices & Procedures: The step-by-step technical instructions for staff to follow. • Standards & Records: The benchmarks for performance and the evidence (logs/audits) that work was performed correctly. The Feedback Loop: Continuous Monitoring The left side of the diagram features a Continuous Improvement (CI) Cycle and Internal Audit (Peer Review). This indicates that the architecture is not static; it relies on constant testing and auditing to find flaws, which are then fed back into the "Steering Board" and "Risk Management" phases to refine the program over time. Key Takeaway: This architecture demonstrates a top-down approach to security, ensuring that every technical practice (bottom) is justified by a business risk (middle) and authorized by executive governance (top).

🔒 Cybersecurity isn’t just about firewalls and antivirus — it’s about structure, documentation, and readiness. Every mature security program relies on policies, templates, and logs to ensure consistency, compliance, and accountability. Whether you’re building a startup SOC or managing an enterprise security framework, these documents form the backbone of security governance. Here’s how the foundation breaks down 👇 🧠 Information Security – Tracks access control, encryption, incident reports, and compliance. ☁️ Cloud Security – Ensures safe configurations, asset visibility, and response readiness in cloud environments. ⚙️ Application Security – Focuses on secure coding, patching, and vulnerability management. 🌐 Network Security – Monitors devices, controls access, and mitigates threats like DDoS or intrusions. 🚨 Incident & Problem Management – Defines structured response and recovery processes for security events. 🧩 Disaster Recovery – Plans for resilience and continuity when systems fail. 🔐 Security Management – Governs identity, password, backup, and compliance frameworks across the organization. 🧾 Whether you’re an infosec student, SOC analyst, or IT manager, mastering these templates means mastering security maturity — because policies and documentation are what turn best practices into real defense. #CyberSecurity #InformationSecurity #CloudSecurity #ApplicationSecurity #NetworkSecurity #Infosec #IncidentResponse #Compliance #SOC #TejusChaudhary #SecurityGovernance #RiskManagement #CyberAwareness #SecurityFramework