Dzof Azmi: My Fave 5 of 2018
By Dzof Azmi January 3, 2019
- The most underplayed stories related to the perceived severity of security breaches
- The rise of the e-wallet has not managed to dethrone cash… yet
OFTEN when writing articles, I am compelled for various reasons to not put down everything that I've learned in research. Sometimes it's because I can't get the information verified, other times it's because it deviates from the point of the stories, and sometimes it's just because it's more personal speculation that anything else.
2018 was a time of great change for Malaysia, and with that plenty of uncertainty. The five I've picked here for my favourite 2018 stories all relate to that idea, and I think there’s more to come about them in 2019.
Perhaps the most underplayed stories in Malaysia this year related to the perceived severity of security breaches and its potential impact on the public. Simply put, a lack of information means we don’t know exactly how bad the situation is, and this is why we need breach notification laws to get them in line.
This is partly due to companies’ unsurprising reluctance to publicly disclose any news about lapses in their security. But there needs to be a greater call for accountability and responsibility, if not to the general public at large, then at least to their customers.
Two prominent breaches bookend the year: The leak of 50,000 personal records kept by Astro, and the recent unauthorised transfers of money involving CIMB debit cards.
In both cases, the message from the companies is that customers don’t have to worry. Astro said that no financial information was leaked, and CIMB literally said “do not be worried”.
When theft has been seen to be rampant on Malaysian streets, there is plenty of public outrage. However, Internet-related crimes are harder to understand and quantify and they slip quietly by.
Security experts on the outside can only speculate, but the actual facts of the breaches are kept safely locked up behind the wall of NDAs and confidentiality clauses of the companies. This is despite the fact that for the public to make informed decisions about their security, they need to know what information they have that is at risk.
And so we rely on the goodwill of companies to share breach information with affected customers, and clearly the will is lacking. That's why Europe now has Breach Notification laws, and that's why Malaysia should take a closer look at them.
Admittedly, it's not quite true that the only people who know what has happened after a security breach are the victims themselves. Most countries in the world now have Computer Emergency Response Teams (CERTs) and Computer Security Incident Response Teams (CSIRTs) whose job is to monitor security threats and make recommendations to the government on how to manage them. Sometimes they are the first ones to learn about a breach which would otherwise go unnoticed.
In 2018, Malaysia hosted the 30th annual conference of The Forum of Incident Response and Security Teams (FIRST) , and I was lucky enough to attend many of the sessions there. It's always eye-opening to learn that you didn’t know what you didn't know, and certainly the passion of everybody involved made the sessions infectious.
However, much of the discussion is behind closed doors, and as I found out, many attendees are suspicious of the press. To be able to do their job properly, CERTs need the confidence of the companies they deal with, and much of the time, the information they share is sensitive.
However, whatever that was shared in the conference gave context to some of the issues we see locally. Perhaps the most prevalent is that companies in Malaysia do not like to share information (even with others in the same industry), and unfortunately sometimes it takes something drastic to befall them before they step up. And bear in mind, all the security issues in Malaysia highlighted in the press so far in 2018 is probably still not "drastic" enough yet.
Another initiative that perhaps doesn't get enough press coverage is the country's efforts to build up talent in Big Data Analytics (BDA). In May 2018, a team from the University of Malaya took first place in the world's first online Academia Datathon, beating a total of 130 participants from six countries and 10 universities. They built a system to predict movements in cryptocurrency prices and make trading decisions.
Although one data point does not a conclusion make, this was positive news to the field in Malaysia. MDEC had just the previous year set up the Asean Data Analytics Exchange (ADAX) to position Malaysia as a BDA hub in the region. The target is that by 2020, Malaysia will have at least 20,000 data professionals, of which 10% are data scientists.
UM's participation in this was a great example of answering when opportunity knocks. I talked to Sharala Axryd, the founder and CEO of The Center of Applied Data Science (CADS), the partner chosen to run ADAX. She had learned about this competition while talking the head of Data Science in Bulgaria. He asked if anybody in Malaysia would be interested in participating, and Sharala's answer was simply, "Hell yes!". Opportunity: taken.
CEOs of quasi-government bodies are always subject to change. For a start, national service may be rewarding to the soul, but there are certainly better opportunities out there, even beyond the form of a larger pay packet.
Nevertheless, it was still a bit of a surprise when Ashran Ghazi (pic, above) announced made the announcement that he was leaving MaGIC to join a consumer intelligence company, not the least because the feedback of its recent efforts have been largely positive.
What is likely more causation than coincidence (despite Ashran's protests otherwise) is that this decision to leave came after it was announced that MaGIC would now fall under the newly established Ministry of Entrepreneur Development - and this was after some argument with the new government whether MaGIC should be disbanded altogether in the first place.
I was happy to participate in the democratic process in Malaysia in 2018. But in changing the government, people are still really trying to find their feet. It's very similar to what's happening in the quasi-government space, and along with the news of other leaders such as Yasmin Mahmood leaving MDEC, it paints a worrying picture of shaking things up before you know where things ought to go.
This was a simple informal chat between various players in the e-wallet field (plus a representative of Bank Negara), where the ambitions of a nation, aided by the willingness of the private sector is crashing headlong into reality.
Basically, the benefits that being cashless bring to society have already been recognised, and there are now many players in the field locally. However, for some unknown reason, people are still not using it to its full potential.
The contrast I see between how cashless works in Singapore and Hong Kong with what I see here befuddles me. I have made it a point to ask shopkeepers and retailers here why they don't offer either credit card or e-wallet facilities, and the best I can understand it is that they believe that the benefits of going cashless do not offset the added cost of merchant charges.
There are issues with going cashless - lack of privacy, and widening a digital divide are two of them. But we can't even begin to have a conversation about the landscape of the future if we're stalled in first gear.