Cyber security: going on the offensive with your defence is non-negotiable
Most C-suites accept that it is not a matter of “if”, rather it is a matter of “when” their business will be targeted by cybercriminals. That’s the reality of our world, and South Africa is no different. It means businesses absolutely have to be proactive with a holistic security, backup and DR strategy.
It’s no surprise that we find ourselves in this reality. In the 15 years since Clive Humbly proclaimed that data was the new oil, data has without any shadow of a doubt become the most important asset for businesses to build a competitive and strategic advantage. There’s no surprise, then, that criminals understand its value.
A prominent cyber security insurer recently said there are 13,000 attempted cyber attacks in South Africa every day. Every day. If one does the sums, the odds of being immune certainly don’t make for pleasant reading.
And yet, despite this, 43% of small and medium businesses (SMBs) don’t have cyber security in place and 83% are not financially ready to cope with a cyber attack. Managed services have grown exponentially over recent years because of the host of benefits that expertise and economies of scale bring to customers and it is no different in the cyber security space, with Managed Security Service Providers (MSSP) proving to be a compelling answer to SMB cyber security threats.
There are a number of reasons for this, not least because 52% of SMBs have no IT security in-house, and because when they do migrate to using a managed service provider, 96% of SMBs say that they’re able to cut costs by 24%.
The benefits of working with an MSSP include, but are not limited to:
There is no comparing the depth and range of skills you get from a Managed Services Provider (MSP) generally and an MSSP specifically. As stated above, more than half of SMBs don’t have a specialised security team and so the skills are limited. This must be read against a continually evolving threat where syndicates use the latest and most innovative means to attack. As a business, you absolutely need people at the cutting edge of technology and trends, alongside broader industry skills, to protect your data. You need threat hunting competencies and security gap analyses, as well as the know-how to work in real-time facing real threats under real pressure.
Where does an SMB get these skills? The skills shortage in the cyber security space is well-known and massive. Some estimates have the skills gap in the region of 4-million jobs worldwide. Consider that virtual working means someone could be sitting in Johannesburg and working for pounds or dollars, which makes it all the more difficult, and expensive, for an SMB to source skills. That doesn’t even factor how challenging it is to hold onto these skills. A MSSP fills this gap, in addition to providing a team as opposed to a lone individual.
An MSSP can provide service 24 hours a day, 7 days a week. From the perspective of an SMB, the peace of mind of knowing that the environment is actively being monitored in real-time, with real-time notifications and interventions, is priceless. This is almost impossible to replicate in-house. With an MSSP, an experienced and well-oiled incident response team is always on standby.
Let’s not beat around the bush. Cost matters and this is where an MSSP brings huge value as you, in essence, get far more for less. An MSSP can lower the total cost of ownership in providing a security service, both in terms of staff and technology.
The SMB working with an MSSP has access to a full security team comprising analysts, pen testers and vulnerability engineers, among others. Compare this to building a team like this in-house and the cost savings become apparent. Another advantage is that a MSSP will build one team and deploy it across its customer base. The insights, knowledge and shared expertise gained from working across businesses and industries are invaluable. Then, from a technology perspective, the MSSP will invest in best-of-breed security solutions on a multi-tenant solution, thereby taking advantage of economies of scale.
An MSSP is able to provide up-to-date guidance and counsel around best practice when working with data. Data privacy regulations and legal frameworks mean that complying with legislation such as POPIA – when managing and moving both operational and backend data – requires specific expertise. A team of seasoned professionals working with data in a host of different environments is invaluable.
Ultimately, the point of engaging an MSSP is to gain the strategic upper hand against the criminals actively seeking to penetrate your environment. And so, a managed security service must be proactive.
How does this proactivity look conceptually? It means the business must:
Managed providers are experts in bringing you back to an operational state with the least impact on production, while mitigating data loss and reputational damage. When planning a defence strategy, remember, it is not a matter of if, but when you are targeted. This requires a holistic security, backup and DR strategy.
Here are ten core pillars that underpin a winning security strategy:
Altron Managed Solutions
20 Woodlands Drive, Woodmead
Gauteng, South Africa
PO Box 3591, Johannesburg 2000
Gauteng, South Africa
+27 (11) 373 4000