Designing the IHL Cybersecurity Talent Pipeline for the National Workforce

Producing industry ready graduates is seen as being the biggest challenge for cybersecurity talent development. To the industry there is always this notion of a shortfall of skill sets and this is more evident for cyber security which is ever evolving. Taking a cue from Asia Pacific University of Technology & Innovation (APU) who have been grooming and churning out distinct Cyber Security graduates for over a decade now into the job market of which this group sits in a ratio of 1:3 on the jobs opportunity playing field. The challenges faced at APU and how they were overcome are quite amazing;

  1. Many jobs in the cybersecurity segment ask for 2-3yrs experience so how do fresh graduates penetrate the market. At APU students are given experiential leaning combined with exposure to real-world experiences that elevates their cybersecurity skills beyond theoretical knowledge and hones problem-solving skills. It also provides opportunities to practice blending technical and other skills such as communication, leadership, and teamwork within a security context.
  2. Reaching out to beyond cyber security programme. Cyber security electives are offered to all the 6000+ tech students whether it’s in fields such as Computer Science, Information Technology or Software Engineering.
  3. Depth & Breadth of curriculum content. With tech ever evolving and cyber security having the dark & white side of trades so enabling the white side professionals has been strengthened by industry skill based content as advised by our partners namely Cyber Test Systems, Cyber Intelligence, TecForte and Silensec.
  4. Infrastructure & Ambience of Cybersecurity Professionals. This is done via courses offered where students take them seated in the facilities at APU such as our Cyber Range in which 3 courses are taught and also the Security Operations Centre (SOC) where another 2 courses are taught. The SOC is then also a mandatory manning fulfilment of 50hrs prior to graduation. The students monitor APU network traffic and do Tier 1 trouble shooting by themselves and escalate to the SOC manager for Tier 2.

There needs to be a continuous interest in Cyber Security programmes. This can only be ensured by universities having implementation strategies in place. As a benchmark below here are the FIVE prong pro-active measures and actions taken at APU focused on industry relevance & marketable graduates into the workforce;

  1. Engaging with the industry experts. The design of APU cyber security programmes are achieved with the industry through the participation of the Industry Advisory Panel (IAP) who have cyber security expertise. The experts are integral in verifying content, direction on software/tools applications, guidance on ideas for final year projects, serve in opportunities for industrial trainings and also support via guest lectures year in year out.
  2. Promotion of our infrastructure on all marketing mediums. In 2018 APU invested in the set up the Cybersecurity Talent Zone (CTZ) with a vision of producing nice graduates in the discipline. With the collaborative arrangements with industry partners, APU has been able to set up international standard facilities in the CTZ for teaching, learning and research. Good examples of this is the Cyber Range which is of Military Defense grade and one of 2 in Malaysia and the most equipped version in the SEA region along with the Security Operations Centre (SOC) which is one of 3 mainstream versions in IHLs within Malaysia. Both were designed, setup and commissioned with partners from the industry bridged by MDEC. A follow through on this is the professional level trainings which our students also benefit from.Malaysia OpenGov Leadership Forum APU won the prestigious Recognition of Excellence Award for its Cyber Security Talent Zone development.
  3. Engaging with local & national agencies. APU’s Corporate Training unit furnishes industry based certification training and APU talents can professionally certify themselves while undergoing their studies and our offerings are in partnership with the likes of CSM, CompTIA, Rocheston, ISACA, EC Council. 
  4. Showcasing our talents. Competitions, research outcomes at conferences & exhibitions as an average churn out 85 publications per year in cybersecurity & forensic. APU has been annual winners at industry level competitions hosted by F-Secure, KPMG, and Australian Information Security Association (AISA). This allows for other potential students to see that the exposure is at large and you are on an industrial footing while being in university.
  5. Showcasing the expertise. Sharing of experts’ in training or being a go to place for cybersecurity upskilling, i.e the MIA CSuite Awareness Programme. APU is also recognized as the Best Cybersecurity Education Provider in Asia – Cyber Security Excellence Awards in 2019 & 2020 and received the Award for best Cyber Security Education Provider in Asia Pacific by CompTIA in 2018.

As part of Digital Malaysia developments, encouragement to IR4.0 has to start from school levels. The awareness has to be made clear on this career pathway as a standalone profession. APU has conducted school programmes in the cybersecurity area quite successfully. APU hosted the Cyber Security Immersion (CSI) for Youth programme in collaboration with MoHE and MDEC. It was a 3 Days 2 Nights programme at APU. Throughout the programme, students underwent seminars, brainstorming sessions and presentations. The contents were delivered by the academic team which covered essential technical knowledge and know-how of phishing, hacking, types of cyber-attacks and countermeasures. APU has also done Cyber Security awareness programmes at SMKs from 2018-2019 where a total of 16 schools were covered.

The future in cybersecurity education is allowing the qualification as a standalone qualification as the market is so wide and jobs at a 1:3 ratio which means it’s a monstrous programme by itself. As for programme standards it should be standalone and not be parked under the cluster of Computer Science to address the depth and breadth of the content requirements mapped to workforce needs. There is a paradigm shift needed by the Malaysian Qualifying Agency (MQA) on this matter for the benefit of future graduates.

Prof Ir Ts Dr Vinesh Thiruchelvam
Deputy Vice Chancellor &
Chief Innovation Officer
Asia Pacific University of
Technology & Innovation

Prof Ir Ts Dr Vinesh Thiruchelvam is currently the Deputy Vice Chancellor for Asia Pacific University of Technology & Innovation (APU) and the Chief Innovation Officer for the APIIT Education Group. He is also an academic advisor and external examiner to four Malaysian Public Universities. He is Professional Engineering with the Board of Engineers Malaysia (BEM) and a Chartered Engineer (CEng) with Engineering Council, UK and a Fellow of the Institution of Mechanical Engineers (IMechE-UK). 

Prof Vinesh has been the Chairman of the Engineering Education Technical Division (E2TD) at the Institute of Engineers Malaysia, advisory member of the Ministry of Education’s ‘STEM Task Force’ directly involved with the development of the MoE’s Education Blueprint in 2014-2015, member of the Ministry of Human Resources’ BPIC on quality of graduates in 2014-2017, member of Malaysian National Task Force for Big Data Movements with Malaysian Digital Economy Corporation (MDeC) in 2015-2018  and is currently contributing to the Malaysian National Framework for Artificial Intelligence as a scientific expert appointed in 2019.

Prof Vinesh is also appointed on to Digital Expert Panel for Malaysia Digital Economy Corporation (MDEC) covering Cybersecurity, Data Science, Software & System Integrator, Animation, Games and Internet of Things for 2020-2024. He is also the Technical Chair and Lead worldwide for ISO under the working group TC307/WG 1 – BlockChain Fundamentals Standards Development.

Building Trusted, Secure and Ethical Digital Environment for Malaysian SMEs / Membangun Persekitaran Digital yang Dipercayai, Selamat dan Beretika untuk PKS Malaysia

Scroll down for Malay version / Skrol ke bawah untuk versi Bahasa Malaysia

The Malaysia Digital Economy Blueprint (MyDIGITAL) specifically sets out to map the importance of cybersecurity, listing it under one of the six main thrusts of the blueprint; to build trusted, secure and ethical digital environment. Cybersecurity sets the foundation from which businesses and enterprises can operate and grow in a safe and secure digital environment.

New working arrangement in the new norm, i.e. working from home, has also contributed to the surge in cyberattacks. Most SMEs utilise a “Bring Your Own Device” (BYOD) approach, which significantly exposes valuable data and information to cyberattacks and various malicious forms of intrusion. SMEs bear a brunt of these attacks. 

In 2020, Malaysia recorded 6,512 cybersecurity incidents. In the period between January to May 2021, the number of incidents recorded stood at 4,615, representing an almost one-fold increase in threats and incidents comparatively. Cybercrimes have also shown an upward trend. According to the  Royal Malaysian Police statistics, in 2019, the number of cybercrimes reported was 11,875 cases, with RM498 million in terms of losses. Last year, the number of cases increased to 14,229, with total losses of RM413 million. In the first quarter of this year, the number of cases reported was 4,327 and the losses involved were RM 77 million.

As the world grapples with the effects brought about by the pandemic, malicious attacks and serious data breaches are also increasing at an alarming rate, compounding the situation and putting into sharp focus the criticality of having a robust cybersecurity system in place. According to Deloitte, unseen (previously undocumented) malware or methods employed by hackers and cyber attackers have risen 30 percent during the pandemic as opposed to 20 percent pre-pandemic.

SMEs contribute a large percentage to our overall GDP, 38.9 percent in 2019 while the digital economy contributed 19.1 percent in the same period. Thus it is imperative that we must ensure that the appropriate safeguards are in place. Cybersecurity adoption for SMEs and as a whole, is no longer an option but a necessity.

To put it in numbers:

  • 84 percent of SMEs in Malaysia have been compromised in one way or another by cyber threat incidents.
  • 76 percent SMEs have suffered more than one attack.

Cognizant of this situation, the Malaysia Digital Economy Corporation (MDEC), the nation’s lead agency in digital transformation, in collaboration with the National Cyber Security Agency (NACSA) and SME Corporation Malaysia (SME Corp) have set out to develop and implement the MATRIX Cybersecurity for SMEs (MATRIX). This programme, launched on 28 June 2021 by Deputy Prime Minister, Senior Minister for Security and Minister of Defence YB Dato’ Seri Ismail Sabri bin Yaakob during Cyber Defence & Security Exhibition And Conference (CYDES) 2021, aims to boost cybersecurity adoption and implementation amongst SMEs from all sectors in Malaysia. 

MATRIX is the first-of-its-kind in Malaysia and the region as it is designed specifically to facilitate acceleration of SME cybersecurity adoption. This collaborative programme between MDEC, NACSA, SME Corp and Malaysia’s cybersecurity industry partners is a customised programme that is designed to fit with the DNA of SMEs. MATRIX will bridge the gap in cybersecurity adoption and as a result, ensures that businesses can continue to operate in a mitigated and safer environment.

Echoing the importance of this initiative, NACSA, the national lead agency for cybersecurity, via its Chief Executive, Ir. Md Shah Nuri Md Zain, said, “The MATRIX programme is established to address current cybersecurity challenges faced by the SMEs. MATRIX will be supporting one of its five strategic pillars and protecting SME businesses which is the foundation of national economy and future economy. With the vast growing digital economy, cyberattacks will multiply with higher business impact. SMEs will be the biggest target due to the preparedness with lack of resources and expertise to manage cybersecurity operation. MATRIX can definitely manage those challenges and it will be a sustainable approach as digital adoption will be a journey.” 

A robust cybersecurity system will integrate the virtual and physical spaces securely, resulting in a balanced economic advancement which resonates with our vision of Malaysia 5.0, a nation that is deeply integrated with technology, providing equitable digital opportunities to the people and businesses. It is also in line with Malaysia’s National Cybersecurity Strategy.

The MATRIX programme will also accelerate the journey of digital transformation and enhance the cybersecurity experience through two key value propositions:

  • Simple – Easy to adopt and cost-effective with minimum supervision
  • Smarter – Visibility by staying ahead of threats and scalable with business

The MATRIX programme has also taken into consideration the challenges faced by SMEs when it comes to adoption of cybersecurity measures i.e. lack of funds and resources, limited access to expertise and tools, and the complexity of deployment and operation. It sets out to  assists SMEs end-to-end, identifying the potential gaps in cybersecurity, the priorities and offering a cost-effective measure.

MATRIX utilises a three-pronged strategy to mitigate and prevent instances of cyberattacks. First, it provides a 24-hour cybersecurity surveillance to discover and flag attacks to critical business operations. Secondly, it will provide critical asset protection, deploying the measures against attacks on servers. And thirdly, it continuously assesses the vulnerability and gaps as the threat of cyberattacks evolve.   

The rapid growth of ICT and technology sovereignty bring with it a tremendous opportunity for Malaysia’s cyber-security industry. IDC reported that cybersecurity spending for Malaysia reached RM2.6 billion (US$627 million) in 2019 and is expected to exceed RM4 billion (US$1 billion) mark by 2024. 

For the next five years, it is expected to remain robust and will see steady growth at the rate of 12.5 percent (CAGR). This is more than twice of the overall ICT spending in the country which stood at 5.7 percent for the same period.

As cybersecurity is a domain that is continuously evolving and improving, with new technologies, processes, and methods, it will continue to expand the in-flow of investments and accelerate the growth of Malaysia’s cybersecurity ecosystem. At present, the local cybersecurity industry partners that have joined the MATRIX programme include TIME dotcom Berhad, NetAssist (M) Sdn Bhd, PERNEC Technologies Sdn Bhd, DNSVault Sdn Bhd, Securemetric Technology Sdn Bhd and Tecforte Sdn Bhd.

With so much at stake, not only must we be vigilant but also have the corresponding counter-measure in place. To learn more of the MATRIX Cybersecurity for SMEs, go to: http://mdec.my/matrix     

MDEC will also be kicking off its second edition of the highly anticipated and successful Malaysia Tech Month (MTM) on 29 July 2021. MTM is a month-long curation of electrifying digital and technology keynotes, workshops, discussion panels and business-matching sessions. It will feature distinguished group of local and international industry speakers and investors to share their expert thoughts and experiences in 4IR-driven digital economy. The MDEC Digital Adoption Ecosystems division will be curating a week-long series of events at MTM. To find out how you can participate, log on to: https://mdec.my/mtm2021


Rangka Tindakan Ekonomi Digital Malaysia (MyDIGITAL) secara khusus telah memetakan kepentingan keselamatan siber apabila menyenaraikannya di  bawah salah satu daripada enam teras utama untuk membina persekitaran digital yang boleh dipercayai, selamat dan beretika. Cybersecurity menetapkan asas bagi membolehkan perniagaan pelbagai peringkat dapat beroperasi dan berkembang dalam persekitaran digital yang selamat dan terjamin.

Pengaturan kerja dalam norma baharu, iaitu bekerja dari rumah juga telah menyumbang kepada peningkatan serangan siber. Sebilangan besar Perusahaan Kecil dan Sederhana (PKS) menggunakan pendekatan “Bawa Peranti Anda Sendiri”  sekaligus mendedahkan data dan maklumat penting kepada serangan siber yang berbahaya. PKS menghadapi serangan ini.

Pada tahun lepas, Malaysia mencatatkan 6,512 insiden keselamatan siber. Bagi tempoh Januari hingga Mei 2021 pula, jumlah kes yang dilaporkan adalah sebanyak 4,615 sekaligus menunjukkan peningkatan hampir satu kali ganda. Jenayah siber juga mengalami trend yang meningkat apabila statistik Polis Diraja Malaysia (PDRM) pada 2019 mendedahkan jumlah kes yang dilaporkan adalah 11,875 dengan kerugian berjumlah RM498 juta. Tahun lalu, ia melonjak kepada 14,229 serta membabitkan kerugian RM413 juta. Pada suku pertama tahun ini, jumlah kes yang dilaporkan adalah 4,327 dan kerugian yang dicatatkan sebanyak RM77 juta.

Ketika dunia masih bergelut dengan kesan pandemik COVID-19, serangan siber dan pelanggaran data yang serius juga turut membimbangkan. Ini menimbulkan pelbagai persoalan dan kritikan serta mewujudkan gesaan untuk memiliki sistem keselamatan siber yang kukuh. Menurut Deloitte, malware atau kaedah yang tidak dapat dilihat yang digunakan oleh penggodam telah meningkat 30 peratus semasa wabak berbanding 20 peratus sebelumnya.

PKS memberi sumbangan yang besar kepada Keluaran Dalam Negara Kasar (KDNK) negara iaitu sebanyak 38.9 peratus pada 2019 sementara ekonomi digital menyumbang 19.1 peratus bagi tempoh sama. Sehubungan itu, kita perlu memiliki ‘sistem perlindungan sewajarnya’ supaya PKS dan sektor ekonomi digital dapat terus beroperasi di sebalik ancaman keselamatan siber. Penerapan keselamatan siber untuk keseluruhan PKS bukan lagi pilihan tetapi kini telah menjadi keperluan.

Berikut merupakan fakta bernombor.

  • 84 peratus PKS di Malaysia pernah terlibat sekurang -kurangnya satu serangan siber atau insiden ancaman siber.
  • 76 peratus PKS mengalami lebih dari satu serangan.

Menyedari situasi ini, Malaysia Digital Economy Corporation (MDEC) sebagai agensi utama peneraju transformasi ekonomi digital negara, bekerjasama dengan Agensi Keselamatan Siber Negara (NASCA) dan SME Corporation Malaysia (SME Corp) untuk mengembangkan dan melaksanakan MATRIX Keselamatan Siber Untuk PKS (MATRIX). Program ini telah dilancarkan pada 28 Jun lalu oleh YAB Timbalan Perdana Menteri, Dato’ Seri Ismail Sabri Yaakob yang ketika itu Menteri Kanan Pertahanan (Keselamatan) semasa Pameran dan Persidangan Keselamatan Siber & Keselamatan (CYDES) 2021. Ia bertujuan untuk meningkatkan penerapan dan pelaksanaan keselamatan siber di kalangan PKS tempatan membabitkan semua sektor.

MATRIX yang pertama di Malaysia dan rantau ini dirancang untuk memudahkan dan mempercepatkan penggunaan keselamatan siber di kalangan PKS. Kerjasama dengan rakan industri keselamatan siber tempatan ini dirancang supaya sesuai dengan cara operasi PKS. MATRIX akan merapatkan jurang penggunaan sistem keselamatan siber dan dan hasil yang dijangkakan ialah perniagaan dapat terus beroperasi dalam persekitaran yang lebih selamat.

Menyuarakan betapa pentingnya inisiatif ini, Ketua Eksekutif NASCA, Ir. Md Shah Nuri Md Zain mengatakan, “Program MATRIX dibentuk untuk menangani cabaran keselamatan siber yang dihadapi oleh PKS dan mikro.  MATRIX akan menyokong salah satu daripada lima tonggak strategiknya bagi melindungi perniagaan PKS dan mikro yang menjadi asas ekonomi negara dan ekonomi masa depan. Berikutan ekonomi digital yang berkembang pesat, serangan siber akan turut meningkat berlipat kali ganda serta berupaya memberi kesan yang lebih buruk kepada perniagaan. PKS menjadi sasaran utama kerana kekurangan sumber dan kepakaran untuk menguruskan operasi keselamatan siber. MATRIX dapat menangani cabaran ini dan ia akan menjadi pendekatan yang berterusan kerana penggunaan digital akan menjadi sebahagian daripada perjalanan ini”.

Sistem keselamatan siber yang mantap akan berupaya mengintegrasikan ruang maya dan fizikal dengan selamat serta mampu menghasilkan kemajuan ekonomi yang seimbang dan sesuai dengan visi MDEC tentang Malaysia 5.0, iaitu sebuah negara yang sangat terintegrasi dengan teknologi, memberikan peluang digital yang adil kepada rakyat dan perniagaan. Ini juga sejajar dengan Strategi Keselamatan Siber  Kebangsaan.

Program MATRIX juga akan mempercepat perjalanan transformasi digital dan meningkatkan pengalaman keselamatan siber melalui dua cadangan utama yang iaitu;

  • Sederhana  – Mudah digunakan dan menjimatkan kos dengan pengawasan minimum
  • Lebih maju  – Mampu kenalpasti dan mematahkan ancaman dan sesuai dengan perniagaan

Program MATRIX juga telah mengambil kira  pelbagai kesukaran yang dihadapi oleh PKS dan mikro dalam menerapkan langkah-langkah keselamatan siber seperti kekurangan dana dan sumber serta akses terbatas terhadap kepakaran dan peralatan selain kerumitan penggunaan dan operasi. Sehubungan itu, program ini ditetapkan untuk membantu PKS dan mikro bermula dari peringkat awal hingga akhir serta mengenal pasti jurang dalam keselamatan siber, keutamaan dan menawarkan penyelesaian yang menjimatkan.

MATRIX menggunakan strategi serampang tiga mata untuk mengurangkan dan mencegah kejadian serangan siber. Pertama, ia menyediakan pengawasan keselamatan siber 24 jam terhadap serangan operasi perniagaan yang kritikal. Kedua, ia akan memberikan perlindungan kepada aset kritikal serta menerapkan langkah-langkah yang perlu diambil terhadap serangan. Dan ketiga, ia mampu menilai masalah.

Pertumbuhan pesat sektor ICT dan teknologi membawa peluang luar biasa bagi industri keselamatan siber Malaysia. International Data Corporation (IDC) melaporkan bahawa perbelanjaan keselamatan siber  Malaysia mencapai RM2.6 bilion (AS $ 627 juta) pada 2019 dan dijangka melebihi RM4 bilion (AS $ 1 bilion) pada tahun 2024.

Bagi tempoh lima tahun akan datang, ia dijangka akan terus kukuh dengan jangkaan kadar pertumbuhan tahunan dikompaun (CAGR) stabil iaitu  sebanyak 12.5 peratus (CAGR). Ini melebihi dua kali daripada perbelanjaan ICT keseluruhan negara ini yang berjumlah 5.7 peratus untuk tempoh yang sama.

Oleh kerana keselamatan siber adalah domain yang akan terus berkembang dengan teknologi, proses dan kaedah baharu, ia akan terus memperluaskan aliran pelaburan serta mempercepat pertumbuhan ekosistem keselamatan siber Malaysia. Pada masa ini, rakan industri keselamatan siber tempatan yang telah menyertai program MATRIX termasuk TIME dotcom Berhad, NetAssist (M) Sdn Bhd, PERNEC Technologies Sdn Bhd, DNSVault Sdn Bhd, Securemetric Technology Sdn Bhd dan Tecforte Sdn Bhd.

Dengan begitu banyak yang ditawarkan, kita bukan hanya perlu berwaspada tetapi juga memiliki tindakan balas yang sesuai. Untuk mengetahui lebih lanjut mengenai MATRIX Cybersecurity untuk PKS, layari http://mdec.my/matrix

MDEC juga akan memulakan edisi kedua Bulan Teknologi Malaysia (MTM) pada 29 Julai 2021. MTM merupakan acara selama sebulan untuk mengetengahkan ucaptama digital, teknologi, bengkel, panel perbincangan dan sesi padanan perniagaan. Ia akan menampilkan kumpulan penceramah yang terdiri daripada pelabur industri tempatan dan antarabangsa yang terkenal untuk berkongsi pemikiran dan kepakaran mereka dalam ekonomi digital yang didorong oleh Revolusi Perindustrian 4.0 (4IR).  Bahagian Penerimagunaan Ekosistem Digital MDEC akan menguruskan beberapa siri acara selama seminggu di MTM. Untuk mengetahui bagaimana anda boleh mengambil bahagian, sila layari : https://mdec.my/mtm2021

© 2020 Malaysia Digital Economy Corporation Sdn Bhd (389346-D). All rights reserved.