How to find the right cyber security service partner for your enterprise

22 April 2020 | Wai Kit Cheah, Director, Product Management (Security), CenturyLink Asia Pacific
Digital transformation is a vital concern for most organizations that are investing heavily in technology to improve efficiency, reduce costs, and gain a competitive edge in the market. Most companies have already moved, or are in the process of moving to the cloud, embracing AI-powered systems for greater automation, and software solutions to minimize human effort while maximizing output. Unfortunately, while businesses are focusing heavily on technology adoption, cybersecurity continues to remain a challenge to digital transformation.
The potential economic loss across APAC due to cybersecurity breaches can hit a staggering US$1.745 trillion.

According to a Frost & Sullivan study commissioned by Microsoft, “the potential economic loss across the Asia Pacific due to cybersecurity breaches can hit a staggering US$1.745 trillion — more than 7% of the region’s total GDP of US$24.33 trillion.” 

The study, based on a survey of 1,300 business and IT-decision makers from mid and large-sized organizations, also revealed that a quarter of the participants had experienced a cybersecurity incident. At the same time, another 27% were not even aware if they had experienced a cybersecurity incident, as they had not performed proper forensics or data breach assessments.

Why is cybersecurity important for a digital business?

Direct financial loss suffered during a cyberattack is just the tip of the iceberg.

The Frost & Sullivan reports highlighted that the “direct financial loss suffered during a cyberattack is just the tip of the iceberg”. Companies may also face higher customer churn due to loss of reputation and other induced damages after a cyberattack.

Cybersecurity incidents can also bring the digital transformation of a company to a grinding halt – as confirmed by 59% of the respondents who stated they have put off digital transformation efforts due to the fear of cyber-risks. This indicates that cybersecurity is a crucial factor in ensuring smooth digital transformation. Yet, many organizations only think of cybersecurity, if at all, after planning their digital transformation strategy, severely limiting their ability to create a holistic and secure infrastructure.

What are the biggest cybersecurity threats to an enterprise?

As medium and large-scale organizations make rapid strides towards digitization – without adequate emphasis on cybersecurity, they are only creating vulnerabilities that can be exploited by cybercriminals, jeopardizing their revenue and market share. 

According to Cisco, the most common types of cyberattacks are malware, phishing, man-in-the-middle attack, distributed denial-of-service (DDoS) attack, SQL injection, Zero-day exploit and DNS Tunneling. 

Most recently in Singapore, the most serious attack vectors (as viewed by the survey participants in a TRA report sponsored by Sophos) in the country include ransomware (32%), malicious employees (31%), and AI/ML attacks (31%). The same report also lists the lack of budget and skilled security specialists as common reasons for inadequate cybersecurity measures – which can also be cited as key cybersecurity challenges for enterprises, in addition to educating the leaders, as well as staff, about cybercrime and how to prevent it.

How to build a cybersecurity strategy for a company?

The starting point is recognizing that cybersecurity should not be an afterthought of digital transformation.
The starting point for any successful cybersecurity strategy is recognizing that cybersecurity should not be an afterthought of digital transformation, but implemented hand in hand to ensure the success of various tech upgrades. It is also crucial to strengthen the security fundamentals by following the age-old best practices like using strong, frequently changed passwords, multi-factor authentications, and up-to-date software and anti-malware protection.
As an IT leader or a key decision-maker in your company, it is essential to educate the entire organization and leverage maximum cooperation from all the departments to ensure everyone has a baseline for cyber hygiene. In addition to setting up a strategy for cyber-resilience, you also need to evolve a cybersecurity driven business model that is proactive and scalable.

Here are some key steps to help you build a dynamic cybersecurity strategy for your company:

  • Assess risks
  • Hire an expert
  • Regular patching and updates
  • Constant monitoring
  • Back-up important data
  • Be prepared with an incident response plan

The first step in building an effective cybersecurity policy is assessing risks – or identifying the current security landscape of your company, the potential threats, and the security regulations that must be adhered to. 

Cybersecurity is also a continuous process – which means regular assessments and routine security checks should be embedded in the strategy to recognize any gaps or loopholes at the right time. Digital businesses need to shift to a proactive cybersecurity strategy instead of relying on just tools and techniques to combat cybercrime.

In addition to firm policies and regulations, you should look at hiring a full time professional as your security officer or identify someone in your existing IT team for implementation and monitoring. However, the former may turn out to be too expensive and ineffective without an expert team to work under the chief security officer. The latter may not be feasible, for many companies’ have heavily burdened IT departments and an internal team member may take time to learn the ropes. The third option is partnering with a trusted managed security services provider that works alongside you to keep your IT infrastructure and data secure.

What are the key benefits of working with a trusted cybersecurity partner?

To build a secure organization, some of the key concerns that you need to address include the security of your critical infrastructure and network from external threats, cloud security and data protection, risk assessment and compliance management. At CenturyLink, we take all these factors into account to offer customized and comprehensive cybersecurity services to medium and large-scale enterprises backed by advanced threat intelligence and security experts.

According to Gartner, the benefits of working with an MSSPs allow for an “outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning, and anti-viral services. MSSPs use high-availability security operation centers (either from their own facilities or from other data center providers) to provide 24/7 services designed to reduce the number of operational security personnel an enterprise needs to hire, train and retain to maintain an acceptable security posture.”

On choosing a trusted MSSP for your organization

International Data Corporation (IDC) published a useful market assessment guide in 2019, which also shares tips on choosing the right cybersecurity services provider, such as comparing the breadth of managed security services portfolio of multiple vendors, availability of 24/7 support, threat detection capabilities, etc.
How do IT and security leaders improve their cybersecurity posture?

Independent research by CenturyLink reports improved business outcomes for companies using third party MSSPs, and suggests three points to consider while comparing managed services for securing your IT infrastructures. First, ask yourself whether a particular service improves your security or not. If it is an area where your company is already doing well – you can strengthen your expertise further. If not, it is best to rely on a third-party expert.

The next question to consider is whether working with an MSSP would improve the efficiency of your employees. As mentioned before, internal IT teams are usually too burdened to take on the additional task of security management.

Third is the question of costs – that is, does working with an MSSP reduce them? As most companies operate with limited funds, it is quite essential to weigh the benefits of hiring a third-party vis-à-vis costs before making the final choice.

Besides comparing services, you may seek answers to the following questions to choose the perfect fit:

  • Is the MSSP familiar with your industry?
  • What are the payment terms of the MSSP?
  • Is the company offering you a customized solution or not?
  • Is the MSSP selling a product or a service?
  • What are the certifications held by the company?
  • Are they ready to share the resumes of the team that will work on your account?

You may also ask your potential cybersecurity partner about the cybersecurity strategy they employ. For example, at CenturyLink,our comprehensive methodology of People, Process and Technology to simplify security through automated threat detection, mitigation and response allows our clients to focus on strategic initiatives while we guard their IT infrastructure.

People, Process and Technology refers to a three-fold approach for securing your company’s IT infrastructure.
The first step in this approach is People, that is, training employees and making sure that the policies are understood properly at every level in the company, eliminating security threats due to human ignorance or negligence, such as phishing attacks. Next is Process, which refers to the creation of proactive strategies to prevent cybersecurity incidents and responding quickly in case a breach is detected. These include the collection and evaluation of threat intelligence, prioritization of assets, preparing a recovery plan as examples. The last step is Technology, referring to integrated technology solutions developed to meet specific requirements of an organization.
Where protection gets personal
Every security situation is different. Let our experts help you identify blind spots, respond to incidents and find the most effective solution for your needs.
This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided "as is" without any warranty or condition of any kind, either express or implied. Use of this information is at the end user's own risk. CenturyLink does not warrant that the information will meet the end user's requirements or that the implementation or usage of this information will result in the desired outcome of the end user. This document represents CenturyLink’s products and offerings as of the date of issue. Services not available everywhere. Business customers only. CenturyLink may change or cancel products and services or substitute similar products and services at its sole discretion without notice. ©2020 CenturyLink. All Rights Reserved.

Related Articles

Where digital business goes to network
Where digital business goes to network