TÜV AUSTRIA and LGMS just officially created the TÜV AUSTRIA Cybersecurity Lab in Malaysia, to offer cybersecurity testing and certification to the Asia-Pacific region.
TÜV AUSTRIA Cybersecurity Lab Official Launch In Malaysia!
The formation of the TÜV AUSTRIA Cybersecurity Lab in Malaysia is a major joint venture between TÜV Trust IT (a member of TÜV AUSTRIA) and LGMS of Malaysia.
The Austrian Ambassador to Malaysia, Dr. Michael Postl, was the guest of honor to inaugurate this partnership, which aims to deliver both cybersecurity testing and certification to the Asia-Pacific region.
TÜV AUSTRIA : A Quick Primer
TÜV AUSTRIA is an international testing, inspection and certification (TIC) company, with more than 2,000 staff members in more than 20 countries globally. Founded and based in Austria, TÜV AUSTRIA generates more than €220 million in annual revenue.
LGMS : A Quick Primer
LGMS – a proudly Malaysian cybersecurity company – has been accredited with multiple international certifications and is recognised internationally by IDC as one of the world’s leading IoT key penetration testing vendors in their 2019 report.
TÜV AUSTRIA Cybersecurity Lab : The Quick Details
The new TÜV AUSTRIA Cybersecurity Lab will house a global Cybersecurity Testing and Certification Center of Excellence (CoE) in Malaysia to serve both domestic and international markets.
Staffed by a mix of TÜV AUSTRIA and LGMS staff initially, they plan to add a hundred more cybersecurity positions over the next few years.
The new team’s focus will be to help organisations identify vulnerabilities within their IT infrastructure, and recommending measures to maintain and improve on their cybersecurity practices.
This Austrian-Malaysian joint venture will also stimulate Industry 4.0 Cybersecurity Testing and Certifications both locally and internationally, as well as drive the protection Critical National Infrastructure (CNI) as encouraged by the Malaysian government.
This joint venture is also supported by MDEC (Malaysia Digital Economy Corporation), which is striving to promote Malaysia as the Asian hub for cybersecurity testing and certification.
Yeo Siang Tiong, the General Manager of Kaspersky Southeast Asia, recently shared with us why cybersecurity is critical for Industry 4.0 initiatives to succeed.
While he uses Malaysia’s drive to implement Industry 4.0 as an example, the lessons are universal and apply across the world.
Let’s hear it from Mr. Yeo Siang Tiong!
Why Cybersecurity Is Critical For Industry 4.0 Success
The term Industry 4.0 was first used at the Hanover Fair, as a reference to the latest industrial strategy which has been termed the fourth industrial revolution.
According to the explanation by Ministry of International Trade and Industry Malaysia  I have read months ago, Industry 4.0 is referred to as production of manufacturing based industries digitalization transformation, driven by connected technologies.
Together with autonomous robots, big data analytics, cloud computing, Internet of Things, additive manufacturing, system integration, augmented reality and simulation, in my opinion, cybersecurity is among the main pillars of Industry 4.0.
Why? Because while the cyber-physical systems connected without wires, automated and with lesser human touch points promise more efficient processes and communications, this also exposes systems to potential cyberattacks.
Greater connectivity brought about by Industry 4.0 will require greater security attention for ICS security because the Fourth Industrial Revolution is a double-edged sword which countries and companies should use wisely.
It is great to note that Malaysia is currently ranked third globally among 193 International Telecom Union members, in terms of the level of national commitment to addressing cybersecurity risks.
In 2018, Ministry of International Trade and Industry Malaysia launched INDUSTRY 4WRD, a national policy on Industry 4.0, to place policies and guidelines in place to ensure Malaysian manufacturing industry and its related services would be ready, to be smart, systematic and resilient.
The policy has the overarching philosophy – A-C-T, Attract, Create and Transform.
The government’s efforts are indeed being commended worldwide. Proof is the Readiness for the Future of Production Report 2018  which put Malaysia in the “Leader” quadrant, positioned well for the future. Malaysia and China are the only two non-high-income countries in this coveted quadrant.
One important area for improvement that I know if will be the human force. Malaysia has shortage of required talents, skills and knowledge for Industry 4.0, particularly in the areas of IoT, robotics and AI. The lack of talents in the fields of IoT is hypocritical for Malaysia Industry 4.0 especially in the areas of exposure to cyber threats.
However, let us not miss the commitment uttered by the Ministry of Education Malaysia  saying that cybersecurity must be introduced at the grassroot level, especially among the schoolchildren. The department of Polytechnic and Community College Education and Politeknik Mersing in Johor is also off to set up the Cyber Range Academy, which provides the students with an authentic learning environment in the threat landscape.
For our part, Kaspersky understands the cyber security needs in ensuring the success of Industry 4.0 and have solutions in place – Industrial CyberSecurity (ICS), with the aim to protect companies from three main risks .
Firstly, unintentional infection of an industrial network. In theory, industrial information networks should not be connected to office networks, and should also not have direct access to the internet. However, sometimes without intending to cause any harm, staff will connect infected removable drives to industrial computers or access the internet to update software on the server, resulted malware manages to penetrate the network.
Secondly, it is not unusual for people who are professionally versed in industrial systems to try and use that knowledge to trick their employer, which cause serious harm to the business.
Thirdly, cyberwar, targeted actions that are intended to cause damage. Two years ago, a massive data breach saw more than 46 million mobile subscribers in Malaysia leaked on to the dark web.
For companies to reach their Industry 4.0 goals, all components have to be protected.
Remember ShadowHammer  which Kaspersky team highlighted in the research back in March? Executable files, found in reputable and trusted large manufacturer, contained malware features, which upon careful analysis confirmed been tampered by malicious attackers.
To avoid being victims and ensuring a clearer path to achieving Industry 4.0 , we suggest to:
Regularly update operating systems, application software, and security solutions
Apply necessary security fixes andaudit access control for ICS components in the enterprise’s industrial network and at its boundaries
Provide dedicated training and support for employees as well as partners and suppliers with access to your network
Restrict network traffic on ports and protocols used on edge routers and inside the organization’s OT networks
Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets
Deploy dedicated securitysolutions on ICS servers, workstations and HMIs, such as Kaspersky Industrial CyberSecurity. This solution includes network traffic monitoring, analysis and detection to secure OT and industrial infrastructure from both random malware infections and dedicated industrial threats
Form a dedicated security team for both IT and OT sectors
Equip these security teams with proper cybersecurity training as well as real-time and in-depth threat intelligence reports
Industrial Revolution 4.0, also known as the Fourth Industrial Revolution or Industry 4.0, is a term that is applied towards the current trend of intelligent automation that is enabled by information technology, interconnectivity and data analytics.
Industry 4.0 employs a wide range of technologies to achieve those aims, such as mobile devices, Internet of Things, smart sensors, big data analytics, augmented reality, cloud computing, and more.
Countries and corporations that successfully make use of these technologies will greatly improve their productivity. Hence, there is great interest by governments and companies to develop and accelerate their IR 4.0 capabilities.
F-Secure Regional Director of APAC and Japan, Keith Martin, flew into Singapore to ink a major regional partnership agreement with ACE Pacific Group. Timothy Shim from Tech Barrista and I had the opportunity to interview Mr. Martin about cybersecurity trends in Asia Pacific and worldwide.
Tech ARP Interviews Keith Martin
Keith Martin is the Head of Asia Pacific Corporate Business, F-Secure. Here was our exclusive interview with Mr. Martin after he officially signed the APAC partnership agreement with ACE Pacific Group.
The Cybersecurity Business
Tech ARP : How has your long experience in Japan helped you with F-Secure’s business in Japan?
Keith Martin : Japan is one of the largest market for F-Secure, and we are trying to replicate that (success) in the APAC region.
Tech ARP : Are you still based in Japan?
Keith Martin : Yes, but I have now racked up a lot of frequent flyer miles.
Tech ARP : What are your thoughts on the cybersecurity market in the APJ (Asia Pacific and Japan) region?
Keith Martin : Japan is a large market, but the growth rates are relatively stable. We look at the Asia Pacific region (which includes India, Australia and New Zealand), as the next source of growth for F-Secure.
Tech ARP : What are your plans, and areas of focus, for the APJ region?
Keith Martin : Without question, Singapore is going to be a major focus for F-Secure, as well as Australia and New Zealand. We just signed a major partnership agreement with ACE Pacific, which will be a cornerstone of our strategy in coming years.
Tech ARP : Chinese and Russian companies have been hit by accusations of cyber espionage and hacking, loose security and/or inserting backdoors into their products. Do you see this as a good opportunity to promote F-Secure’s products, or is this a poison pill for the entire industry?
Keith Martin : I don’t think it’s a poison pill for the entire industry. I have never seen any direct evidence that these go beyond mere accusations, but I understand the need to be cautious. One of the things that F-Secure is proud of is our policy that we will never add a backdoor into our products.
We are willing to walk away from any business if it means adding a backdoor. This is just the way we operate, because Finland has extremely tough privacy laws.
I think it’s absolutely an opportunity for us to differentiate ourselves (from the other cybersecurity companies) with our public pledge never to add backdoors in our software.
Tech ARP : Some countries like China and Russia are demanding access to encryption keys, and in some cases, requiring registration of VPN services. How do those tightening laws affect F-Secure products like Freedome VPN?
Keith Martin : F-Secure is very focused on maintaining the security of our products, so if those are the requirements, we will decline and get out of those markets. We would rather walk away from the potential business, than compromise the security of our products.
Tech Barrista : On the geopolitical implications of malware, do you feel that governments are increasingly more focused on cybersecurity on a national scale?
Keith Martin : For sure. We now see nation states attacking each other. There’s no denying that fact. Look at Stuxnet, that malware (which was targeted at Iran) got released into the wild and suddenly, people have the technology to use it elsewhere for nefarious purposes. I think that any country that does not pay attention to cybersecurity is sticking their heads into the sand.
Tech Barrista : Do you feel that this presents a greater opportunity for F-Secure?
Keith Martin : It represents opportunity, of course, but our mission as a company is to stop the spread of malware and cybersecurity attacks, wherever they happen. It’s a kind of Catch-22 situation, where we wish that nation states would not attack each other, but yes, we have the opportunity to help them protect themselves against such attacks.
Tech ARP : What is F-Secure doing to promote and enhance source code transparency? Like opening up transparency centers?
Keith Martin : At this point in time, there are no plans to do so. We have a very good reputation throughout our 30-year history of being straightforward and upfront. I have never seen any accusations against us of malicious activities.
Tech ARP : Does F-Secure allow corporations or countries with concerns to inspect their code?
Keith Martin : I don’t know of any specific situations in Asia Pacific where F-Secure has allowed this. It may have been allowed in other regions, where governments have specific concerns, but I’m not aware of those situations.
Tech ARP : Ransomware and phishing attacks are big problems these days. Can you detail how F-Secure can help users prevent or mitigate the risks of ransomware and/or phishing attacks.
Keith Martin : Third-party analysis of our software show that we are actually better at detecting these 0-day attacks than any other companies out there. We pride ourselves in detecting not just the malware we know about, but also the malware we don’t about, using technologies we have been developing over the last 20 years.
We have a multi-layered engine, where we use everything from the basic pattern matching technology, to heuristics, etc. so that if it doesn’t catch the malware on the first layer, it will catch the malware on the second or third or fourth layer.
Tech Barrista : Is malware-as-a-service now common?
Keith Martin : It is becoming more and more common. The entry barrier to launching a malware attack is now much lower due to the ability to outsource the creation of the malware.
Cybersecurity Risks Of IoT Devices
Tech Barrista : With cybercriminals leveraging the Internet of Things and Artificial Intelligence, how much more complex do you see the cybersecurity landscape becoming?
Keith Martin : It’s becoming incredibly complex. Our Chief Research Officer Mikko Hypponen said, “Once you connect something to the Internet, it’s vulnerable“. Billions of devices connected to the Internet become potential attack vectors for cybercriminals.
Most IoT devices don’t have good security. If you can get into one of those devices, you can get into the network through them.
Tech ARP : Does F-Secure have any products to mitigate the risks of poorly-secured IoT devices?
Keith Martin : On the consumer side, we have F-Secure Sense, which protects every device on your network.
Keith Martin’s Professional Bio
Keith Martin has been Country Manager for F-Secure Japan for 2 years, before being promoted in February 2018 to oversee the entire Asia Pacific region.
Prior to joining F-Secure in 2015, he spent a decade in the telephony and contact center space, first working for four years in Avaya Japan as Director of Multinational Account Sales, followed by six years serving as Japan Country Manager for Interactive Intelligence, a pioneer in cloud contact center technology.
Before that, Keith also spent three years at internet startup ValueCommerce helping build their web hosting platform business before the company was acquired by Yahoo Japan. He got his start at global IT services provider EDS (now HP), delivering IT services to numerous financial industry accounts.
On 19 March 2018, TUV Rheinland invited us to an exclusive Industry 4.0 cybersecurity seminar. Entitled Cyber Risk Management for Industry 4.0, it looks at the role of cybersecurity in securing critical infrastructure and heavy industries, and paving the way for Industry 4.0.
Join us for the presentations by TUV Rheinland cybersecurity experts on how you can secure your company against the latest cyberthreats.
Industry 4.0 refers to the new industrial trend of creating “smart factories” with highly-networked manufacturing technologies.
Also referred to as the 4th Industrial Revolution, it makes use of cyber-physical systems, Internet of Things, cloud computing and cognitive computing, to automate almost every aspect of the manufacturing process.
Fun Fact : The name Industry 4.0 comes from the German “Industrie 4.0” from the high-tech strategy of the German government to promote the computerisation of manufacturing.
TUV Rheinland : Cyber Risk Management for Industry 4.0
The Cyber Risk Management for Industry 4.0 seminar is a platform for TUV Rheinland to share their insights on developing cybersecurity measures to manage operational cyber risk, be it for smart factories, smart devices or smart vehicles.
According to TUV Rheinland, the discipline of Cyber Risk Management can be effectively implemented if cybersecurity and privacy are addressed by design – both in strategy as well as operations. Let’s hear from their experts…
Operational Technology Protected
by Nigel Stanley, Chief Technology Officer of TUV Rheinland Industrial
Automotive Cyber Security
by Rajeev Sukumaran, Director of TUV Rheinland Consulting Services
Ettienne Reinecke, Dimension Data’s Group Chief Technology Officer, reveals the Dimension Data 2018 IT Predictions!
The Dimension Data 2018 IT Predictions
The Dimension Data 2018 IT Predictions that was just published, noted the importance of blockchain, artificial intelligence, machine learning, robotics as well as virtual and augmented reality in 2018. They all have the potential to “deliver disruptive outcomes” and “reshape digital business”.
Ettienne Reinecke, Dimension Data’s Group Chief Technology Officer, says Blockchain has gone from strength to strength. “Last year, when we looked at the top digital business trends for 2017, we predicted that centralised transaction models would come under attack. We were spot on. In the financial services sector, we’ve seen the US and European capital markets moving onto Blockchain platforms, and similar activity in markets such as Japan. Considering how conservative and compliance-focused this sector is, that’s quite remarkable.
“It’s ironic that the cybercriminals who perpetrated the recent WannaCry ransomware attack could hold a federal government to ransom and demand to be paid in Bitcoin. Bitcoin might be a crypto-currency, but it’s based on Blockchain, and if cybercriminals are confident that Bitcoin provides a safe mechanism for the payment of ransoms, it indicates just how secure the distributed ledger approach is. I believe that Blockchain has the potential to totally re-engineer cybersecurity, but the industry has yet to come to terms with it.”
Blockchain And IoT
Reinecke predicts that Blockchain will also deliver on the promise of Internet of Things (IoT) in the year ahead.
“In the world of IoT you’re generating millions of small transactions that are being collected from a distributed set of sensors. It’s not feasible to operate these systems using a centralised transactional model: it’s too slow, expensive, and exclusive. To extract the true value from IoT technology you have to be able to operate in real time. Once a sensor alert is received from a control system you must react to it, meter it, and bill for it instantly – all of which negates the viability of a centralised transactional authority. The cost of the transaction has to be near-zero or free, and the cost elements of a centralised model simply don’t support the potential business model in IoT,” he explains.
In 2018, some interesting applications of Blockchain and IoT in the area of cybersecurity will emerge. Significant attacks have recently been launched from low-cost IoT endpoints, and there’s very little incentive for manufacturers of these devices to incur the cost of a security stack, which leaves them extremely vulnerable. Blockchain can play a fundamental role in securing these environments.
New Wireless Technologies
Another exciting trend to look forward to is the boom in new wireless technologies that will enable IoT and bring us a step closer to the dream of pervasive connectivity. Some of these advancements will include 5G and Gbps Wi-Fi, new controls, virtual beacon technology, and low power, long distance radio frequency.
There’s also a “digital fight-back” coming on the part of certain incumbent players. Established businesses that have proactively transformed into digital businesses, modernised their architectures, and embedded high levels of automation into their operations have a window of opportunity to claw back market share in the year ahead. That’s because there’s been an increase in the number of cloud-born start-ups themselves starting to be disrupted in certain industries.
“I predict that a number of digitally transformed incumbents will successfully start reclaiming their markets because they have more credibility, longer histories, an established customer base, and assets that can stand the test of time,” says Reinecke.
On 12 April 2017, F-Secure officially launched the F-Secure RADAR advanced security scanner in Malaysia. In their tech briefing, they revealed its key features and gave us a quick demo of the scanning it performs. Check it out!
The F-Secure Vision In Cyber Security
F-Secure President & CEO, Samu Konttinen, started with a presentation of the F-Secure vision in cybersecurity.
The F-Secure RADAR Presentation & Demo
F-Secure RADAR Services Director, Rune Kristensen, then gave a presentation and a short demo of F-Secure RADAR.
Here are the key takeaways from the presentation :
It is a scalable enterprise-grade vulnerability scanning solution that allows for easier control and management of cybersecurity risks.
It consists of three scanning engines – a port scanner, a vulnerability scanner, and a web application scanner
Using those three scanning engines, it maps the security of all assets on the network, checks for vulnerabilities, and then provides customised reports.
The scanning can be scheduled on an automated basis, usually once a month.
The in-depth analysis from the scans allows for easier and better security management by the client.
It can be installed as an on-site solution before the corporate firewall, or run as a secure cloud-based SaaS.
It is automatically updated, improved and ready for third-party integration through the F-Secure RADAR API.
F-Secure also offers F-Secure RADAR Managed Services which combines the F-Secure RADAR scanning solution with vulnerability management by F-Secure consultants.
Support Tech ARP!
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
28 February 2017 – Sophos, a global leader in network and endpoint security, today announced Sophos Mobile 7, the latest version of its Enterprise Mobility Management (EMM) solution. This new version extends containerization support for Android Enterprise (formerly “Android for Work,”) enables IT administrators to manage IoT devices, strengthens security features and will be available through the Sophos Central cloud-based management platform.
Sophos Mobile 7
Sophos Mobile 7 security enhancements include anti-phishing technology to protect users from malicious links in emails and documents and improvements to Sophos’ Android security and anti-malware app. There are also usability enhancements to the Secure Workspace and Secure Email app where users now can open, view and even edit encrypted and secure Office format documents and attachments without leaving the secure and encrypted container.
Sophos Mobile 7 is the latest in an increasing number of products that are available through the integrated Sophos Central management platform, including the next-generation XG Firewall, Sophos Endpoint Security, Sophos Intercept X, Sophos Email Security, Sophos Server Protection, Sophos Encryption and Sophos Phish Threat.
The new IoT functionality will provide basic management features to organizations that are designing and deploying solutions at scale using low-cost Android Things or Windows 10 IoT devices. This includes management tasks such as applying policies, checking the online device status, monitoring battery levels or confirming or updating firmware.
Sophos will be one of the first security companies to provide organizations with a cost-efficient way to add management and security capabilities to their IoT projects, offering a communication and management framework that can be built into industrial and commercial IoT solutions such as POS/retail or connected classrooms.
Sophos Mobile 7 Availability
Sophos Mobile 7 is available now for on-site installation and will be available through cloud-based Sophos Central in mid-March 2017. For more details of Sophos Mobile for IoT, customers and partners can email Sophos-Mobile-IoT@sophos.com.
Sophos will also be demonstrating Sophos Mobile 7, including the new IoT features, at stand 5H31 in hall 5 at Mobile World Congress 2017 in Barcelona, 27 February to 2 March 2017.