Businesses continue to have a sense of unease in terms of their security posture as they move their data to the cloud, adopt a hybrid and or a multi-cloud strategy and utilise more cloud applications.
By Barry Kemp, head of managed IT at Vox
The top three cybercrimes most prevalent in South Africa remain phishing, impersonation or social engineering and ransomware. Data breaches continue to be a key driver for criminals to make their money by holding businesses’ data ransom. The easiest way for them to gain access to corporate information is still via email and the human firewall, which is the biggest risk for most businesses.
In light of these growing number of cyber threats facing modern organisations, we have developed and introduced several managed services during the course of this year to help companies of all sizes, but specifically SMEs with their security posture.
The risk is greater in the SME segment of the market – while corporates can prioritise security at the C-Suite level, these smaller companies often do not have the relevant experts within the organisation to set and enforce security policies and procedures, and need the expertise of a third-party to protect them.
Integrated protection
Our Cyber Threat Assessment Programme raises cybersecurity awareness by using a firewall to help companies see how many attacks their network is subject to on a daily basis. This test, usually lasting around two weeks, sees a firewall from Vox being installed at a company that does not have any existing solution, or in some cases even behind an existing firewall to illustrate the number of cyberthreats that are slipping through their current safety net. In certain instances, while companies have firewalls, these are not configured properly, and they stand to benefit from turning to a Managed Service Provider (MSP).
Our Managed Firewall Service, a customised Fortinet solution, is aimed specifically at SMEs to provide them access to some of the best firewall technology on the market. Apart from just monitoring for, and protecting an organisation from external cyber threats, a well-monitored firewall will also help better manage network usage and data consumption, which is especially vital for small businesses that often have to make do with connections that offer lesser bandwidth.
In instances where businesses opt for a managed service, Vox will ensure that certified firewall engineers set up policies that are correct, comprehensive, and well enforced, in order to protect the business’s data and network. This includes crafting a strategy for what an organisation should do in case a breach occurs.
Our IT Assessment Programme ensures that SMEs’ IT infrastructure is up to date and secure, and is maintained in line with global best practice. The programme looks at four major areas, including infrastructure (wired and wireless connectivity, servers, workstations, business continuity and disaster recovery, email exchanges and more), security (firewalls, antivirus, anti-spam and other protection measures), support services (the level of IT support available, management of software licenses, etc), and – in certain cases – telecommunications (looking at the quality of voice, voice continuity, call rates, etc).
We often find that infrastructure was put together years ago, and has been left untouched since. Larger companies tend to have the ability to hire their own IT personnel, who ensure that IT is managed and maintained in a more structured manner.
Cloud maintenance
Given the growth of the cloud in recent years and the arrival of multi-national data centres in the country, more businesses started moving services to an online environment. Unfortunately, many decision-makers incorrectly assumed that because their data is hosted in the cloud, it would be safe.
Even though the cloud environment is secure, a shared responsibility approach has to be applied. Depending on the cloud service model used, the business still needs to take responsibility for the security of its own servers.
Our IaaS Monitoring solution helps simplify the transition to the cloud and comes in two versions – monitoring, and monitoring with patch management. Even though many businesses have their own internal IT resources, they are often focused on other strategic activities with patch management falling by the wayside. With our IaaS Monitoring solution, they can continue delivering on their business objectives with us taking care of the onerous patching work and other server monitoring functions as it impacts their IaaS solutions.
Skills, education and awareness
Apart from properly maintaining their security infrastructure and software, businesses need to ensure their security policies are still valid, as these need to be continually updated to match the evolving threat landscape. It is impossible to comprehensively mitigate today’s cyber security problems with policies from five years ago.
To do all of this however, companies need to have the right skills in place if they are to secure their network and data, and this is a challenge facing many businesses. This is where an MSP becomes vital.
The right MSP can manage and maintain a business’s security infrastructure, ensure policies are up to date and being adhered to, and that best practices are being applied across the organisation. They should be able to alert the business to developing situations, provide a comprehensive report and review of the attempted/successful breach, and put in place measures to remediate the fault.
Lastly, however, it is important for companies to remember that while they can spend millions on network and data security products and solutions, a human employee that does not understand the security posture or culture of an organisation remains the biggest risk, as all it takes is a click on the wrong link. They need to be continually educated, and brought into the fold to be part of a company’s security defence measures.
The digital world of business needs a different way of addressing cyber security concerns. And given how the cloud is permeating everything SMEs are doing, this makes it the ideal platform to drive more sophisticated defences that can be part of a managed offering.