Date: July 17, 2017


Local IT security firm IT Protective Security Services Sdn Bhd (ITPSS) today hosted a public presentation entitled One Click is All It Takes To Bring Down An Organization. The talk was presented by Bryce Galbraith, Principal Instructor at The SANS Institute, USA.

During the talk, Bryce addressed why large investments in security sometimes fail to defend organizations from cyberattacks, and followed with an example spear-phishing campaign. He also explored ways to fight Advanced Persistent Threats (APTs).

The event, aimed at information security officers and IT professionals, was an initiative by ITPSS in its effort to inculcate a cyber-aware culture in Brunei Darussalam, in terms of both security and safety. The collaboration with The SANS Institute, a reputable technology-neutral organization, addresses the human element, which is often referred to as the weakest link in the field of information security.

According to Shamsul Bahri Haji Kamis, CEO of ITPSS/BruCERT, despite prevalent cyberattacks in recent years, there have not been noticeable investments on information and cybersecurity awareness programs amongst organizations in Brunei Darussalam.

He also emphasized the need for organisations to shift in thinking and approach, as there tends to be a heavy reliance on so-called ‘technology box’ solutions. “Technology, while important and even critical in efforts to mitigate threats from cyberspace, cannot be the end objective,” he said.

“As the recent WannaCry and Petya ransomware attacks had demonstrated, the human element in terms of awareness and capabilities must be significantly improved in order to thwart off attacks involving not just technology but those human elements as well.”

ITPSS is a local company comprised of information security specialists, offering IT security services to help organizations fortify their defences. These include Managed Security Services, information security audit, incident response, penetration testing, vulnerability management, data recovery, secure deletion and IT security awareness training.