Businesses throughout the world are experiencing unprecedented cyber-attack volumes, whether organisations are aware of it or not. The growth in the number of threats has a direct correlation to the number of attacks. To illustrate this, the number of attacks doubled from 4 to 8 per second in the last quarter of 2017, leading to an all-time high of 63.4 million new malware samples according to IBM Threat Intelligence
Looking beyond the sheer volume of cyber security threats, the sophistication is remarkable. The technology used is cutting edge in the form of “bad” Artificial Intelligence (AI). Conventional solutions no longer can provide the basic protection required against malicious AI.
Business Email Compromise (BEC) accounts for losses amounting to billions of dollars for businesses across the world.
Numerous large enterprises across all industries carry war stories, with the latest victim, in a South African context, a prominent leader in the financial services industry.
Yet, losses are not confined to large enterprises in specific industries.
In the last 3 months alone, we have seen losses in excess of R1 million between two clients, in the motor and plant hire industries via BEC; who approached us for assistance unfortunately only after the losses occurred.
The insider threat is overlooked in the majority of most businesses. The false perception exists that a single security product i.e. anti-malware or as still referred to by most businesses “anti-virus” will offer sufficient protection, or that a good perimeter defense in the form of a firewall will provide all required protection.
A good example in the form of a recent client incident, demonstrates the inadequate perceptions carried by business in general. In this incident, the business was compromised by its own employees who installed insecurely configured crypto currency miners into the private network infrastructure of the client. Even though the intent by the employees was not to be malicious, the results were.
In all cases, the major contributors enabling such exposure and ultimately leading to the breaches, were inaccurate beliefs, lack of cyber security understanding and incorrect assumptions, combined with the lack of a SECaaS vendor partner.
With the EU implementing their GDPR legislation in May 2018, legislative compliance became a tangible reality to many business entities, whether part of the EU or not. With the implementation of GDPR, Information Security is no longer a subject that can be ignored or postponed by businesses of all sizes across all industries in South Africa and the rest of the world.
Information Security Management (ISM) is part of the core of modern day business practice and deserves the same attention, good governance and due care as all the other core aspects of a sustainable and compliant business, irrelevant of business size or industry.
It begs the question: How does a company protect itself? How does SECaaS fit into this protection?
We shall answer the second question first and conclude by answering the first question.
SECaaS offers business the following critical elements with benefits at a fraction of the cost when compared to attempting to build and manage the capabilities with skills internally.
- Businesses will gain access to the latest and most updated security tools available which include a complete immune system, underpinned by AI and live threat intelligence feeds into all modules that are integrated by default.
- Unseen to the business client, yet very important, business has access to various best/specialised security personnel and resources without being on the business payroll.
- Due to the volume and sophistication already mentioned, fast and effective provisioning and response is critical. SECaaS provides this speed.
- Save on costs. As mentioned, businesses do not have to employ specialised skills nor buy hardware or pay for software licenses. Instead, the upfront capital can be replaced with variable operating expense options, at discounted rates compared to upfront capital expenses.
- Makes vendor and technology management simpler and efficient.
- Businesses get to focus on their core business – no distractions.
Protection begins with a strategic cyber security focus with risk management approach from executive level, followed by technical and administrative controls that should follow industry recognised frameworks and standards, i.e. the ISO27000 range. Your competent SECaaS vendor partner should be experienced and capable to guide and assist in this process.
Businesses of all sizes should enter into a strategic agreement with a cyber security vendor partner which maintains a holistic business and cyber threat view, that builds a sustainable long-term strategy that can envision, create, implement, maintain and walk the full distance of the cyber security roadmap of their client, as this will enable successful protection and compliance.
Selecting a SECaaS vendor partner from a purely technology offering point of view should be based on a complete yet modular immune system platform, scalability, maturity AI that must underpin the whole immune system including that of individual stand-alone modules.
Your vendor partner should have a thorough understanding of the complete cyber security landscape with strong consulting experience, system architecture knowledge, be fluent in assisting in the creation of relevant policy, implementation of policy and have the capability to compliment your existing security layers.
EOH Forensic Services as a SECaaS vendor partner to their clients understands legislative compliance, cyber risks with required mitigation actions. Our AgentX SECaaS offering provides affordable preventative and sustainable AI based solutions and services built on the only available yet complete immune system platform powered by IBM technology, that will cater for the pace and dynamics at which cyber security is evolving.
Our SECaaS is an asset for any business, of any size in any industry – not a problem.
Our technology is effective, efficient, AI intelligent, provides automated remediation and supplies true and holistic security.
Our commitment is find it, fix it, automatically manage & secure it – fast!
XTND SECaaS – powered by IBM technology – we lead with our clients.