Cybersecurity is a global threat – and managed security services help you treat it that way
No man is an island, the expression goes, but these days no business is either.
In today’s hyperconnected world, business operations are built around far-reaching networks of business partners, service providers, and technology solutions.
Digital transformation initiatives are adding complexity, enabling interdependencies that rely on data exchange and seamless integration of customer-service and other capabilities.
Those capabilities are helping businesses increase their presence in their home markets, and providing economies of scale to facilitate their entry into national or overseas markets – where they can build new operations or capitalise upon opportunities as they arise.
Yet even as a business expands, its cybersecurity exposure expands as well. Core networks, services, and data stores each carry their own risks – which are exacerbated when systems and processes are moved into cloud-computing environments.
Businesses face additional pressure from compliance regimes such as Australia’s new notifiable data breaches (NDB) scheme. Government regulators are deadly serious about data privacy, and the enforcers of the EU’s new general data protection regulation (GDPR) have already fined several organisations for alleged non-compliance.
Yet compliance is just one of the three ‘C’s presenting challenges in today’s cybersecurity environment – the other two being complexity and cost.
Faced with this triple threat, many companies are struggling to meet the challenge. Demand for cybersecurity skills is strong – Australia needs 19,000 new cybersecurity specialists by 2019, by one count – and businesses are struggling to get and keep the skills they need.
Managed security services (MSS) providers fill the gap by providing businesses of all sizes with repeatable processes, skilled staff, and intelligent automation tools that filter a storm of security alerts to focus on the security issues that are most relevant to the business.
An Effective Response to an Imminent Threat
Businesses looking for a way to address the complexity of today’s security environment can readily use MSS offerings to rapidly access robust platforms for business continuity, data loss prevention, email security, encryption, identity and access management, network security, vulnerability scanning, and more. MSS offerings are readily available as cloud or managed services, which are continually patched and updated.
Making the most out of MSS requires a provider with the depth of knowledge and expertise to deal with current and future threat environments. And while some MSS providers offer services as a commodity, the most effective providers start with services and back them with skilled staff and business strategists that understand security is the foundation of every modern, digital business.
A legacy of global experience doesn’t hurt, either. NTT Security has been developing and delivering security solutions and services, with more than 1500 staff across 10 security operations centres (SOCs) globally.
NTT Security’s MSS offerings are underpinned by a global threat-intelligence service that is fed not only by public-domain intelligence feeds, but by unique real-time insight derived from the 40 percent of global Internet traffic that traverses NTT Communications’ global IP network.
That same network allows NTT Security’s SOCs to scale in line with demand – providing a level of service and capability that most companies could never hope to achieve on their own. NTT Security is also investing billions of dollars into advanced analytics services to further enhance its services – giving even smaller companies access to cutting-edge information security capabilities.
These capabilities have become essential as the Asia-Pacific region is hit with a threat profile that is markedly different than in other countries.
The regional security climate has, according to NTT Security’s 2018 Global Threat Intelligence Report, been dominated by the spread of viruses and worms – which accounted for 66 percent of regional malware activity. This is well ahead of the 23 percent figure globally.
By contrast, spyware and keyloggers, Trojans and droppers, and ransomware were all more prevalent in other geographies – suggesting that Asia-Pacific organisations were being inundated with usually email-borne virus and worm attacks but were yet to see the same level of targeted, tailored attacks as other areas.
Indeed, brute-forcing of passwords was the most frequently-encountered attack type across the APAC region, accounting for 26 percent of all malware activity.
The high percentage of virus/worm and brute-forcing activity paints an interesting picture within the APAC region – as does the finding that Australian systems, perhaps compromised themselves, were the source of two-thirds of attacks against finance institutions, 35 percent of attacks on technology companies, and 84 percent of attacks on government institutions.
Minimising Business Impact with MSS
These figures suggest that Australian systems are being targeted and compromised at record pace – and that cybercriminals are leveraging Australia’s relatively large network bandwidth to launch large-scale attacks across the region.
The impact of this activity on businesses cannot be overstated. NTT Security’s 2018 Risk: Value Report, which included a survey of 1800 business decision-makers, found that 56 percent of respondents agreed that a data breach would cause loss of customer confidence while 52 percent worried about damage to the company’s brand or reputation.
Although Australian respondents estimated their companies’ annual revenues would drop by 11 percent after an information-security breach, actual financial loss was only named as a concern by 40 percent of all respondents.
This suggests either that many executives remain unaware of the financial havoc wreaked by malware such as NotPetya, or that they are, as fully a third of respondents admitted that they would consider to just pay a hacker’s ransom than to invest appropriately in information security protections.
Those sorts of attitudes run contrary to conventional wisdom about security, but they are driven by the very real and immediate needs that every business has. Yet while such businesses are effectively accepting malware compromises as a cost of doing business, embracing the skills and capabilities of a robust MSS offering allows them to resist complacency – building a stronger, more resilient business in the process.
The cybersecurity threat is intense and growing even more so – but with the right approach, companies of all sizes can stare down their attackers and build an effective response that maintains security objectives across an increasingly-connected world.
Learn more about NTT’s Managed Security Services: https://www.nttict.com/services/ict-security/managed-security-services/
Increasing mandates around the security of personal data have made encryption for every business. Australian businesses are leading the world in the use of encryption to protect backups, payment-related data, and laptops – and yet they still have a long way to go before encryption is both ubiquitous and manageable.
If your last access-control update was even a few years ago, you’re probably more exposed to fraud and exploitation than you’d like to be.
It’s not hard to understand why bot management is critical to maintaining business availability and customer satisfaction – but do you know how to properly deal with bots?
Increasing use of encryption has created new challenges for enterprise security managers. Ever more-sophisticated encryption such as Perfect Forward Secrecy (PFS) protects data and may even boost your Google ranking – but it also provides a haven for malicious code that may use encryption to bypass enterprise security controls.
Why nation-state attacks are everyone’s problem