by Shameera Nair Lin

Meet John (IT Manager at YTL Construction), Paul (Head of Cybersecurity at YTL Power International), Farid (IT at YTL e-Solutions) and Lukman (IT Service Management). Perhaps you have seen the various emails going out in recent weeks, where cybersecurity within the company has been a highlight. These four individuals have a lot to do with that: they comprise a new team within YTL, the cybersecurity taskforce. However, what exactly is the cybersecurity taskforce – which not-so-coincidentally could belong in the Marvel Cinematic Universe as a quartet (they describe themselves jokingly as superheroes of sorts) — and how did it come about?

In January 2022, they came to be a team after a request from Tan Sri (Sir) Francis Yeoh to ramp up cybersecurity defence, in light of numerous phishing attacks against high-profile users within the company. To alleviate the matter, they express they are always around to address potential threats.

The taskforce, as Paul and John explain to me, has three main purposes: to educate and offer a channel for users to reach out to them, be it to report spam or potential scams and verify the authenticity of messages; to provide policies, guidance and references across YTL; to ensure the networks are secure and prevent external cyber threats. Farid adds that they are also responsible for protecting network devices from attacks. In short, there are definitely more than three main purposes.

The budding team has, as of late February 2022, set up a reporting channel and have set up an educational side to the initiative. At the start of the year, a series of informative articles on the various types of phishing were disseminated on the internal BTRT website, through the Monday Memo, and are presently available on the website for all to read and learn from.

They work as a tightly-wound team, where John leads the operational side. However, what makes this any different from their previous job scopes? ‘Previously, we worked in silos just to cover our entities,’ Lukman says, ‘but now we cover all entities.’ As such, their work is broad-ranging and ambitious. John laughs and chimes in, ‘we never leave our work in the office.’

Plans are underfoot on various initiatives. At present, they have designed six educational modules on cybersecurity, mandatory for all YTL staff, of which two have been conducted at the time of writing. Prizes are being offered to those who complete the modules at the fastest time possible. They are also looking to potentially accept requests from companies wishing to do surveys or assessments of their current infrastructure: that is, examining the security posture of a company. As cybersecurity is a highly specialised field of work, they are also searching for two experts to work full-time on the taskforce so the present four members are able to disseminate their workload more fairly. Additionally, they would like to ultimately include members from YTL companies outside Malaysia.

I ask them if there is anything in particular they would like readers to know about their hopes for the initiative and more broadly. John highlights the importance of creating awareness on a personal level, and would like the taskforce to ultimately offer an educational cybersecurity perspective to everyone in the company, heightening their awareness. Similarly, they point out that they are presently accepting reports regarding text messages of any nature, even on personal devices, offering a service that does not come easily.

To send in a report about email phishing and scams to the cybersecurity taskforce, email [email protected] or send a text message via WhatsApp or SMS to +60187000911.