KUALA LUMPUR: Citizens need to have rights, including the right to demand penalties, in the government’s Central Database Hub (Padu) initiative, which will be used to implement targeted subsidies, said Sapna Sumbly (pix) , director for BFSI Business, SEA, Trend Micro.
While such a system may streamline subsidies, she stressed the importance of robust security measures and adherence to personal data protection laws to protect citizens’ data.
“What it means for users is that they have the ability, or I would rather say the right, to know what is happening to their data. Many similar initiatives, which have progressed from acts to laws such as GDPR (General Data Protection Regulation), not only grant individuals the right to privacy but also the right to demand penalties from governments if they fail to meet the expected response. It is more of a privacy issue, which falls under the scope of the Personal Data Protection Act (PDPA). If you examine the act itself, you’ll find it includes robust security controls alongside legal and other regulatory requirements,” she said in an interview.
However, she anticipates that the government’s move to centralise data within Padu will be accompanied by stringent security measures to comply with the PDPA.
“I’m sure that if the government is taking the initiative of consolidating and being the custodian then they will follow the necessary controls that are required as a part of the PDPA,” she said.
Sapna, who is an expert in the banking, financial services, and insurance industry, stated that technology has given rise to new threats and vulnerabilities.
She said that with the sector being one of the most targeted by cyber criminals, it is crucial for BFSI organisations to ensure their digital transformation journeys don’t come at the expense of security.
“The approach we recommend, of course, can’t be a silver bullet. It involves a combination of strategic changes, as well as transformation and consolidation. From a strategic perspective, it makes sense for organisations to adopt a risk-based approach. This means that all the tools they’ve invested in, from security to defence, need to be elevated,” she said.
She recommended that these organisations extract real-time risk data from the tools that they have and enhance the overall visibility regarding the ongoing risks their organisation faces.
“Users may not be concerned about what operates in the background, but the organisation finds comfort in the knowledge that operations are running smoothly. This sense of satisfaction needs to evolve into enhanced visibility,” she said.
In conclusion, Sapna stated that cybersecurity is a measure of people, process, and technology, but over the years, technology’s role has become more pronounced because humans are prone to failures.
“Tools are filling in that gap. organisations embarking on the journey of consolidation and moving to platforms that aid such a strategy can better circumvent challenges by having greater visibility across prevention, detection, response, and proactive security measures,” she said.
