02/07/2025

BIZ & FINANCE WEDNESDAY | JULY 2, 2025

15

AI use sparks new security fears: Tenable

Citi launches Islamic Foreign Exchange Spot

KUALA LUMPUR: Citi recently launched its first Islamic Foreign Exchange Spot (FX Spot-i), a syariah-compliant product for currency exchange. The FX Spot-i structured on the syariah contract of Bai’ al-Sarf is available in major currencies. FX Spot-i is based on Bai’ al Sarf (Currency Exchange) that is the contract of exchange of money for money of the same or different type. In a statement yesterday, Citi said the FX Spot-i product will be available for commercial cor porate and financial institution clients. The product will follow the salient terms and conditions of Bai’ a-Sarf such as the rights and obligations of the contracting parties and where relevant with the arrangements of other syariah contracts. Citi Malaysia corporate bank head Zuliana Tann said, “At Citi, we are dedicated to delivering financial solutions that meet the diverse needs of our clients while aligning with their values. It is essential for institutions to have access to a broad range of services that cater to their specific requirements. “By integrating syariah compliant solutions into our corporate banking portfolio, we aim to foster financial inclusion and support our clients in

achieving their strategic ob jectives without compromising their principles.” From a syariah perspective, Citi Malaysia Islamic banking head Syairazi Sharoni said, the Islamic FX Spot transaction is structured to ensure compliance with requirement of taqabudh (possession) within the pre scribed period. He added the exchange of currencies is executed at the spot rate with settlement no later than T+2, in accordance with the rulings of the Shariah Advisory Council of Bank Negara Malaysia. This, he said, ensures the Islamic FX Spot transaction remains a syariah-compliant solution for cross-currency needs within syariah parameters. Citi Malaysia markets head Ng Hooi Wan said, “The product will adopt similar pricing metho dology of the conventional FX Spot. The introduction of the syariah compliant foreign ex change spot trading is a significant milestone in our journey which reflects Citi’s ongoing commitment to inno vation and excellence in serving our clients worldwide.” Citibank Bhd’s Islamic banking business operates under the Islamic Banking Window model with the supervision of a dedicated syariah committee.

broader progress in cloud risk management. Toxic cloud trilogies, workloads that are publicly exposed, critically vulnerable, and highly privileged, fell to 29% of organisations surveyed, a nine-point improvement from 2024. Tenable’s researchers attribute the nine-point decline to sharper risk-prioritisation practices and wider use of cloud-native security tooling, yet warn that even a single trilogy provides attackers with a fast lane to sensitive data. Identity remains the foundation of a secure cloud environment. The report finds that 83% of AWS users have configured at least one identity provider (IdP), a best practice for securing human and service identities. Yet, the presence of identity-based risks persists. Credential abuse remains the most common initial access vector, implicated in 22% of breaches, underscoring that strong multi-factor authentication (MFA) enforcement and least privilege principles are critical to meet regulatory expectations and protect sensitive data. “Organisations have made real strides in tackling toxic cloud risks, but the growing adoption of AI workloads is introducing a fresh layer of complexity,” said Ari Eitan, director of Cloud Security Research at Tenable.

o Cloud AI workloads riskier than traditional ones, exposure management company says in report

PETALING JAYA: Tenable, the exposure management company, revealed in its 2025 Cloud Security Risk Report released yesterday that cloud workloads supporting artificial intelligence (AI) initiatives are more vulnerable than traditional workloads. The report found that 70% of AI workloads across AWS, Azure and GCP contain at least one unremediated critical vulnerability, posing increased security risks for organisations in Singapore and Southeast Asia as AI adoption accelerates. AI workloads, with their vast training datasets and model development processes, are an increasingly attractive target for threat actors. The study found that 77% of organisations using Google’s Vertex AI Workbench had at least one notebook instance configured with an overprivileged default service account, which could allow privilege escalation and lateral movement across cloud environments. These risks are increasingly top-of mind for regulators across Southeast

Asia. In Singapore, the Cybersecurity Act and Monetary Authority of Singapore’s (MAS) Technology Risk Management Guidelines mandate stringent cloud and AI security controls. Indonesia’s PP 71 and Otoritas Jasa Keuangan (OJK) regulations require secure cloud usage and local data storage for financial institutions, while Malaysia’s Risk Management in Technology (RMiT) framework sets out strict cloud risk practices for banks. Thailand’s Personal Data Protection Act (PDPA) and Bank of Thailand (BOT) guidelines emphasise access controls and transparency, and the Philippines’ Data Privacy Act and Bangko Sentral ng Pilipinas (BSP) regulations call for data classification, strong authentication and robust third party governance. As these regulatory frameworks evolve, organisations must embed security early into AI development to ensure compliance and mitigate emerging cloud risks. Tenable’s research also shows

SUBSCRIBE TO theSun TODAY!

ONLY RM 1 PER COPY!

Enjoy daily access to:

The latest local & global news Top entertainment & sports stories All in 32 Full Colour pages

Stay informed 7 days a week! Just real news, straight to you.

SUBSCRIBE NOW!