Cyber attacks are increasing in scale and ambition, with hackers managing to squeeze through the smallest of security vulnerabilities causing maximum damage, creating heightened levels of customer concern across Southeast Asia.
To combat this issue, it's no longer sufficient to simply plug the gaps and fill the holes. The industry needs to move away from this simple cat and mouse game before they are exploited.
A more holistic approach is required in today’s security climate that is both well-rounded and resilient - this presents an opportunity for the channel.
Consequently, partners must implement comprehensive cyber strategies to bolster customer defences, backed up by specialist levels of expertise.
“A year ago, customers were discussing whether the threat from ransomware was really real,” said Tsu Pheng Lim, CTO of Logicalis. “That discussion has now subsided but new threats have emerged.”
High profile data breaches such as Singapore’s Singhealth illustrate the urgent need to rethink how security is managed and operationalised, irrespective of business size or stature.
Although not considered a long-term solution, the government is investigating in the possibility of employing a virtual browser as a means to reduce the number of possible attack points.
“The nature of the threats are changing at a quickening pace,” Tsu added. “A single defence system does not work sufficiently anymore.
“The customer does need a defence and they do need detection but they also need the ability to restore their services and network when a breach happens. A total defence of the customer is needed.”
Whilst the large enterprise or governments like Singapore with deep pockets may not require a managed service solution from the channel on every occasion - such is the size of internal IT departments - smaller organisations of the SME variety continue to benefit greatly from external services,
“Managed services are becoming a lot more prevalent now because of the resource crunch,” said Nop Srinara, sales director of Asia at Datto. “Smaller companies have fewer resources and they have less money to hire people so they would rather outsource.”
Smaller organisations find such services a business saver as they are unable to provide sufficient security measures on their own due to a lack of resources.
Of note to the channel, one trend is the move away from a pure system integration business model to one that includes a managed service component.
“They [end-user] would rather get a provider to offer an end-to-end service at a predictable cost,” added Nop.
Having the best security is not always about who has the latest technology or innovation. A major security hole for many organisations is still its people; a disgruntled employee, an IT admin who has left the company, for example.
“I think what is overlooked a lot in regards to security is how an organisation’s staff is organised,” said Bas Winkel, managing director of LeaseWeb.
“A lot of the security breaches that we see in the cloud have a human element, coming from disgruntled employees, backdoors, a system admin that is no longer with the company.
“We always have to keep this human element in mind when it comes to security. It's not about one layered defence or the best tools, it's the people organisations have to be careful about.”
A spate of targeted attacks have hit several regional countries recently, attacking infrastructure and searching for holes in security defences.
While a country like Singapore has generally been successful at preventing such breaches, other jurisdictions like Vietnam have not.
With the majority of organisations in Southeast Asia falling within the SME bracket, managed service providers (MSPs) need to step up expansion efforts to help secure critical networks and customer data.
“It's much more about targeted attacks now,” said Hartony Tok, country manager of Singapore at Sophos. “It's normally said that hackers do not strike twice, however, in regards to ransomware, a lot of our customers say they get attacked more than once.
“You need to know who your attacker is before you decide the best approach.”
There is a larger trend around data breaches being universal but this did not come easily for regional organisations.
“The traditional mode approach is no longer valid for today’s security environment,” said Diwakar Dayal, former security channel leader at Cisco. “What is required is more of an outcome-based approach.
“In certain countries and mature markets, customers are clear that they cannot do this on their own because of different reasons such as the availability of certain skills, people, and the cost of doing this versus a managed services approach.
“An SME may want to purchase a certain outcome and that outcome becomes the MSP’s responsibility. As markets mature the ecosystem becomes a lot more powerful because it has to be consumable, it has to be easily integrated, and it has to be open.
“It cannot be a single vendor or a single partner. It has to be multiple vendors and multiple partners together to make this a complete solution.”
Threats such as ransomware have increased alongside the rise of mobile solutions in the marketplace - this needs to be addressed with a comprehensive security plan accompanied by training.
Read more on the next page...