Even before the current pandemic, as enterprises have adopted techniques and practices such as digital transformation, cloud and mobility, they have faced an increased risk from a range of established and emerging cybersecurity threats, such phishing attacks which seek to introduce malware capable of compromising sensitive business information, ransomware and other fraud campaigns. The risk of huge fines under the GDPR means that cyber security has become a board-level issue, as well as a focus for regulators.
The Covid-19 pandemic has turned many businesses ‘inside out’ as they rush to enable agile workforces, meaning increased cyber risk as criminals and fraudster look to capitalise on the rush to remote working. These risks include:
Specifically, criminals are sending phishing emails which seek to exploit the fear and uncertainty that the pandemic is causing, and creating malware which poses as a legitimate Covid-19 resource or application whilst hiding ransomware which can infect devices on which it installed.
Managed Security Services (MSS) refers to the activities, functions and services necessary to manage an organisation’s cyber security needs. These activities include:
These basic cyber security services are increasingly being augmented by technologies which use artificial intelligence, machine learning, big data analytics and other similar techniques.
Whilst some organisations have the skills and other resources needed to set up, staff and run their own state-of-the-art security operations centre (SOC), many will look to outsource some or all of their cybersecurity requirements to a specialist Managed Security Service Provider (MSPP).
Outsourcing to a MSPP enables an organisation to focus on other areas of strategic focus, often coupled with cost savings. Other benefits can include:
And with many MSPPs delivering their MSS solutions via a multi-tenant cloud-based platform, on a Security-as-a-Service basis, set-up can be almost instantaneous and without capital investment.
Faced with increased and emerging cyber threats, whether due to trend likes digitalisation, cloud and mobility, or due to the novel coronavirus, organisations must learn to look at MSSPs as ‘trusted advisers’ and seek to leverage the knowledge that they glean across multiple client engagements, since a threat which impacts one client is likely to impact many more. MSS outsourcing contracts need to reflect this – whilst KPIs and service metrics which make a MSSP accountable for meeting an organisation’s requirements are important, the agreement must not simply describe the relationship in transactional terms but reflect and enable a wider strategic relationship between the organisation and its MSSP.