How to find the right cyber security service partner for your enterprise

22 April 2020 | Wai Kit Cheah, Director, Product Management (Security), CenturyLink Asia Pacific
Digital transformation is a vital concern for most organizations that are investing heavily in technology to improve efficiency, reduce costs, and gain a competitive edge in the market. Most companies have already moved, or are in the process of moving to the cloud, embracing AI-powered systems for greater automation, and software solutions to minimize human effort while maximizing output. Unfortunately, while businesses are focusing heavily on technology adoption, cybersecurity continues to remain a challenge to digital transformation.
The potential economic and consumer loss caused by cyber threats in Japan reached US$2.1 billion.

In fact, a Statista study found out that the potential economic and consumer loss caused by cyber threats in Japan, like internet auction frauds, illegal or harmful content, unauthorized computer access or malware, defamation and slander, illegal business practices or spam mails reached US$2.1 billion in 2017.

According to IPA statistics, only 55% of companies in Japan were reported to conduct cybersecurity vulnerability assessments, as opposed to roughly 80% of firms in the U.S.A and over 65% in Europe. This just goes to show a general lack of awareness among Japanese firms about cybersecurity and its importance.

Why is cybersecurity important for a digital business?

As the digital economy continues to grow in each country, so too does the exposure to cyberattacks. Being appropriately prepared can mitigate the risks to organizations and minimize the potential costs of an attack. Based on what we have seen in the region, businesses with an established cyber security strategy in place have confidence to invest in new technologies which can lead to higher levels of capital investment and productivity growth.

The Statista study mentioned above revealed that the financial losses that occur due to a cyberattack is just the tip of the iceberg. Companies may also face higher customer churn due to loss of reputation and other induced damages after a cyberattack.

Repeated cybersecurity incidents can also bring the digital transformation of a company to a grinding halt. In fact, according to a Deloitte study, almost 63% of IT and business leaders said that the fear of cyberattacks caused them to put the digital transformation plans for their organization on hold. In addition to that, many Japanese organizations see cybersecurity as a corporate social responsibility rather than a catalyst that could improve their competitiveness. Most only begin to think about it after planning their digital transformation strategy, severely limiting their ability to create a holistic and secure infrastructure.

What are the biggest cybersecurity threats to an enterprise?

As medium and large-scale organizations make rapid strides towards digitization – without adequate emphasis on cybersecurity, they are only creating vulnerabilities that can be exploited by cybercriminals, jeopardizing their revenue and market share. 

According to Cisco, the most common types of cyberattacks are malware, phishing, man-in-the-middle attack, distributed denial-of-service (DDoS) attack, SQL injection, Zero-day exploit and DNS Tunneling. 

A recently conducted cybersecurity study by Sophos showed that the most serious attack vectors in Japan were employee malicious acts, employee error, and poor system designs. Another study by Comparitech showed cyberattacks in Japan had increased, with computer ransomware attacks rising from 8.3% to 9.17%, mobile ransomware attacks having escalated from 1.34% to 1.97%, while telnet attacks stood at 1.06%.

The above report by Sophos also lists the lack of budget and skilled security specialists as common reasons for inadequate cybersecurity measures – which can also be cited as key cybersecurity challenges for enterprises, in addition to educating the leaders, as well as staff, about cybercrime and how to prevent it.

How to build a cybersecurity strategy for a company?

The starting point is recognizing that cybersecurity should not be an afterthought of digital transformation.
The starting point for any successful cybersecurity strategy is recognizing that cybersecurity should not be an afterthought of digital transformation, but implemented hand in hand to ensure the success of various tech upgrades. It is also crucial to strengthen the security fundamentals by following the age-old best practices like using strong, frequently changed passwords, multi-factor authentications, and up-to-date software and anti-malware protection.

How Japanese IT and security decision makers prepare for cybersecurity will affect their organization’s security in the next two years. The top technologies or issues that most IT leaders from Japan think will impact organizational security are artificial intelligence, machine learning, IoT devices, and public cloud computing.

These leaders and key decision makers should educate the entire organization and leverage maximum cooperation from all the departments so that everyone has a baseline for cyber hygiene. Apart from setting up a strategy for cyber-resilience, they also need to evolve a cybersecurity-driven business model that is dynamic and scalable.

Here are a few important steps that can help Japanese IT leaders to build a proactive cybersecurity strategy for their organizations:

  • Assess risks
  • Hire an expert
  • Regular patching and updates
  • Constant monitoring
  • Back-up important data
  • Be prepared with an incident response plan

The first step in building an effective cybersecurity policy is assessing risks – or identifying the current security landscape of your company, the potential threats, and the security regulations that must be adhered to. 

Cybersecurity is also a continuous process – which means regular assessments and routine security checks should be embedded in the strategy to recognize any gaps or loopholes at the right time. In fact, 38% of Japanese firms said that their lack of cybersecurity maturity affected the speed at which they could detect vulnerabilities in security. In addition to this, another 51% of Japanese companies feel that their organization doesn’t have an able cybersecurity team in place that could properly detect, investigate, and respond to threats ahead of time.

In addition to firm policies and regulations, Japanese IT leaders should look at hiring a full time professional as your security officer or identify someone in your existing IT team for implementation and monitoring. However, the former may turn out to be too expensive and ineffective without an expert team to work under the chief security officer. The latter may not be feasible, for many companies’ have heavily burdened IT departments and an internal team member may take time to learn the ropes. The third option is partnering with a trusted managed security services provider that works alongside you to keep your IT infrastructure and data secure.

What are the key benefits of working with a trusted cybersecurity partner?

To build a secure organization, some of the key concerns that you need to address include the security of your critical infrastructure and network from external threats, cloud security and data protection, risk assessment and compliance management. At CenturyLink, we take all these factors into account to offer customized and comprehensive cybersecurity services to medium and large-scale enterprises backed by advanced threat intelligence and security experts.

According to Gartner, the benefits of working with an MSSPs allow for an “outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning, and anti-viral services. MSSPs use high-availability security operation centers (either from their own facilities or from other data center providers) to provide 24/7 services designed to reduce the number of operational security personnel an enterprise needs to hire, train and retain to maintain an acceptable security posture.”

On choosing a trusted MSSP for your organization

Adopting a more proactive cybersecurity strategy isn’t something that has been practised by most Japanese firms. According to a 2017 survey, 46% of Japanese firms thought about improving cybersecurity only after experiencing an incident with the WannaCry ransomware attack, where 2,000 computers were infected at 600 organizations. Japanese IT leaders had to grow savvier about cybersecurity as a result, all the while looking to employ the services of MSSPs that would help them keep cyber attacks at bay and improve business outcomes.

The International Data Corporation (IDC) issued a market assessment guide in 2019 that would go on to show companies how to choose the right cybersecurity services provider, highlighting measures like comparing the breadth of the portfolio of MSSPs of multiple vendors, the availability of 24/7 support, threat detection capabilities, etc.

How do IT and security leaders improve their cybersecurity posture?

Independent research by CenturyLink reports improved business outcomes for companies using third party MSSPs, and suggests three points to consider while comparing managed services for securing your IT infrastructures. First, ask yourself whether a particular service improves your security or not. If it is an area where your company is already doing well – you can strengthen your expertise further. If not, it is best to rely on a third-party expert.

The next question to consider is whether working with an MSSP would improve the efficiency of your employees. As mentioned before, internal IT teams are usually too burdened to take on the additional task of security management.

Third is the question of costs – that is, does working with an MSSP reduce them? As most companies operate with limited funds, it is quite essential to weigh the benefits of hiring a third-party vis-à-vis costs before making the final choice.

Besides comparing services, you may seek answers to the following questions to choose the perfect fit:

  • Is the MSSP familiar with your industry?
  • What are the payment terms of the MSSP?
  • Is the company offering you a customized solution or not?
  • Is the MSSP selling a product or a service?
  • What are the certifications held by the company?
  • Are they ready to share the resumes of the team that will work on your account?

You may also ask your potential cybersecurity partner about the cybersecurity strategy they employ. For example, at CenturyLink,our comprehensive methodology of People, Process and Technology to simplify security through automated threat detection, mitigation and response allows our clients to focus on strategic initiatives while we guard their IT infrastructure.

People, Process and Technology refers to a three-fold approach for securing your company’s IT infrastructure.
The first step in this approach is People, that is, training employees and making sure that the policies are understood properly at every level in the company, eliminating security threats due to human ignorance or negligence, such as phishing attacks. Next is Process, which refers to the creation of proactive strategies to prevent cybersecurity incidents and responding quickly in case a breach is detected. These include the collection and evaluation of threat intelligence, prioritization of assets, preparing a recovery plan as examples. The last step is Technology, referring to integrated technology solutions developed to meet specific requirements of an organization.
Where protection gets personal
Every security situation is different. Let our experts help you identify blind spots, respond to incidents and find the most effective solution for your needs.
This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided "as is" without any warranty or condition of any kind, either express or implied. Use of this information is at the end user's own risk. CenturyLink does not warrant that the information will meet the end user's requirements or that the implementation or usage of this information will result in the desired outcome of the end user. This document represents CenturyLink’s products and offerings as of the date of issue. Services not available everywhere. Business customers only. CenturyLink may change or cancel products and services or substitute similar products and services at its sole discretion without notice. ©2020 CenturyLink. All Rights Reserved.

Related Articles

Where digital business goes to network
Where digital business goes to network