Assess, Protect, Empower: the unified approach to cyber defense
Businesses today are under constant threat from cybersecurity breach attempts. While that might sound like an exaggeration, the truth is that many attacks are not aimed at specific companies (although some indubitably are), but rather hackers and bad actors automate techniques and methods to continuously comb the internet for possible points of ingress.
The result is that no business is safe— large or small— as every separate IP address on the internet gets the same type of attention. Attacks and the criminals behind them are persistent, therefore, and are becoming increasingly sophisticated. Already on the dark web, many are offering HaaS (hacking as a service) and scripts, code, malware instances, and methods are freely exchanged – if you know where to look.
The results of an incursion and compromise of an organization’s assets include damage to customer and partner trust, massive PR fallout, loss of intellectual property and the loss of resources and time needed to fix the problem. Even at best, a successful incursion into an organization’s systems will result in dozens of lost hours’ productivity. At worst, a single attack can close a business down, for good.
While the manual or automated combing of the internet by bad actors presents its own threats, many companies today make life easier for hackers due to poor practices in areas that are almost 100 percent human-centric. New-generation endpoint protection measures now have to cover BYOD devices (the powerful computers that come into the workplace every day in employees’ pockets & belongings), plus there’s an increasing need for systems and processes that increase password security and practices.
Examining each and every aspect of the business to determine the maturity of cybersecurity systems and responses – according to accredited frameworks like NIST – can help determine best ways forward, and in time, create a realizable road map for change.
A developing theme, and one that’s spearheaded by that most traditional of industries, the banking sector, examinations of authentication methods, staff practices, and the presence of an otherwise baked-in security mentality. The latter too plays its part in removing some aspects of human error, and all help batten down the hatches from attacks ranging from brute force word-list attacks to personalized phishing campaigns.
In short, threats are changing and evolving, and new attack vectors come online constantly: “Who would have seen in-memory malware even five years ago? And while business strategists in the C-Suite are busy talking about new IoT deployments, the security-conscious are very aware about IoT’s increasing attack surface [being] presented,” said Raymond Teo, Senior Vice President, Business Development, APAC at NTT Security.
Without a security specialist on-board, or even a specialist security team, many organizations are suffering from threats of which they are probably not aware. Companies that can improve every aspect of a business’s security stance are thin on the ground; either they are ill-equipped, or they offer cybersecurity as an afterthought, or they are too focused on pushing hardware range X, or software platform Y.
Thankfully in the APAC marketplace, there’s a familiar figure in the shape of NTT Security, a market leader in the field. Its extensive consultative experience across the region and beyond, combines with its managed security capabilities that can help organizations of all sizes with their security issues. The company’s global reach and experience means that it can choose the most effective and business-oriented approaches to cybersecurity practices and methodologies.
At present, the company operates ten security operations centers (SOCs) and employs over 1,500 cybersecurity experts. Backing that team, there are seven dedicated R&D centers throughout the world; these constantly evolve new countermeasures, investigate emerging attack strategies and methods. That data feeds into and informs NTT Security’s managed security and consultating functions, which means that advice and planning guidelines are always rooted in the very latest intelligence drawn from real-world experience.
Very few companies possess the scale of independent facilities that a large company like NTT can wield. Most are in the position of accessing the same publicly-distributed threat lists, widely available attack reports and a third-hand reading of what’s considered to be “best practice”. That’s not to belittle many MSSPs’ efforts, rather to point out the following:
“There are companies out there in the cybersecurity space that create their own intelligence and support system, and others that come to information when it’s too late, the damage done,” according to Teo.
A good starting point for any organization wishing to bolster its defenses is a broad-reaching cybersecurity audit like NTT Security’s Cybersecurity Maturity Assessment. The program analyzes your entire architecture, your practices, policies, and procedures to bring you an accurate picture of your cybersecurity position ‘as is’.
Driven by NIST Cybersecurity Framework industry standards, the comprehensive assessment will identify gaps in provisions, areas for improvement and specific action plans to close these gaps, moving your organization towards its security goals. From there, NTT Security can benchmark your posture against similar companies and organizations in your sector, giving lead if necessary, with advice on steps required to attain the optimum level of security. Of course, the tools, methods, systems and technology to achieve an enhanced defensive posture are right on hand if required, as is a process of ongoing consultation and/or support as and when required.
As new attacks come into being and are propagated across the more unpleasant corners of the internet, your MSS or security consultant should have an effective method of staying up-to-date with the latest attack methods.
Tailored analyst workbenches in every NTT Security SOC constantly examine new instances of malware as they appear in the wild, examining evidence down to individual packet levels. “We’re starting to use some exciting cutting-edge artificial intelligence code to predict evolving threats, and attack threats; even some of those that still can evade standard forms of protection,” added Richie Tan, Head of Security Consulting, APAC at NTT Security. “Our maturity assessments have been shown to lead to better decision-making processes when sourcing specialist providers: finding the right company with the right tools.”
One often thinks that the type of service offered by multinationals is only suitable to other globe-straddling companies. Of course, the cloud computing & storage facilities from Alibaba, Amazon, Google & Microsoft dispel that myth. Such is also a misconception with regards to NTT Security: despite its size, its solutions are always carefully tailored for each business or organization, regardless of size or function. Every partnership shares NTT Security’s know-how.
With worldwide markets and trade come the need to shift compliance stance and adhere to many different legislations & strictures, and these can vary from region to region, even inside a single sovereignty. Again, the best providers (or guides) down that particular journey are probably the larger companies with an existing reach.
To learn more about NTT Security’s MSS service, Cybersecurity Maturity Assessment, and its consultative methods best suited to your organization’s circumstances, get in touch with a local representative from the company today.
- Communicating at the speed of 2019’s fastest-moving businesses
- Staying one step ahead: Site24x7 monitors IT systems globally
- How Checkmarx can help you Align application security with DevOps culture
- Make the right decisions from wherever work takes you with InEight management software
- Why a secure SDLC process is important for the finance industry