FGV HOLDINGS BERHAD | SUSTAINABILITY REPORT 2022/2023 47 PROMOTING ECONOMIC GROWTH OUR APPROACH FGV refers to IT security standards outlined in the Information Security Management Systems (ISMS) ISO/IEC 27001 as a guide to provide standardised methodologies for robust information security practices within the Group. The standard is ensuring a structured approach to information security, offering guidelines and best practices for safeguarding sensitive data. It also facilitates comprehensive risk assessments, which help identify and mitigate cybersecurity threats. By complying with the standards, we strengthen its security posture, uphold regulatory compliance, and fortify its defences against evolving cyber threats. PROGRESS AND ACHIEVEMENTS FGV has rolled out the Managed Security Service Provider (MSSP) programme since 2021, providing specialised security expertise and cutting-edge tools for improved threat detection, continuous monitoring and a proactive cybersecurity approach. The programme has offered scalability and flexibility, allowing FGV to adapt swiftly to changing security needs and enhance overall defence capabilities without high internal investments. In 2022 and 2023, there were zero substantiated complaints concerning breaches of customer privacy and losses of customer data. INITIATIVES As part of our IT security proactive measures, in 2022, FGV conducted IT penetration testing, which involves simulating cyberattacks to identify vulnerabilities within its systems, networks and applications. This proactive assessment helped FGV uncover weaknesses and address any gaps to strengthen its cyber security system. We also conducted an IT Business Continuity Management activity involving strategising and implementing plans to ensure critical IT systems and operations remain functional during and after disruptive events. This activity helped to minimise downtime, maintain essential services, and swiftly recover IT functionalities following unforeseen incidents, safeguarding the continuity of business operations. The effectiveness of IT Business Continuity Management instils confidence among stakeholders, ensuring that services and operations continue as usual even amid challenging circumstances. In 2023, FGV adopted a Digital Risk Exposure assessment to provide a holistic view of the organisation’s digital vulnerabilities in the digital landscape. It enables FGV to proactively identify and mitigate potential threats, bolstering cybersecurity measures and minimising the risk of data breaches or cyberattacks. Thus, it enhances FGV’s ability to respond effectively to emerging threats, fortifies its security posture, and reduces the likelihood of data breaches or cyber incidents. Ultimately, this contributes to protecting its digital assets and strengthening our resilience. GOING FORWARD FGV plans to improve IT security by streamlining user access control, minimising the risk of unauthorised access to critical systems and data. By centralising and regulating user identities and permissions, it will mitigate potential security breaches and bolster overall cybersecurity measures. The solutions will enhance operational efficiency, simplify administration, and ensure a more secure access environment within the organisation. FGV will continue to invest in cybersecurity initiatives that can help minimise cyber risks in its business. Cybersecurity makes up 10% of its annual IT budget and it plans to improve in terms of keeping data safe.
RkJQdWJsaXNoZXIy NDgzMzc=