Home / Blog / Cyber-attacks on globally dispersed organisations

Cyber-attacks on globally dispersed organisations

By Viadex | July 21, 2022

The top 3 pillars of a successful security strategy

Geo-dispersed IT project deployment


by
Chris Walsh, Head of Client Engagement at Viadex Global

Global business means global risk

Global mid-market organisations face growing security risks as they expand and grow. As their network edge (or perimeter) expands, they are beset with risks, yet often have under-resourced and overwhelmed IT teams. I encounter these issues with many of the customers I work with when we explore ways to improve cyber security globally.

Most mid-sized organisations and IT teams today are realising they can’t go it alone. The primary need is for support and experts in cybersecurity—Global partners, with the appropriate technology, can simplify consistent cybersecurity, lowering risk and strengthening your cyber security posture.

In this blog I outline three drivers of a fresh approach to cybersecurity, why outsourcing parts or all of your cyber security operations is increasingly common and how this allows you to strengthen your posture. I also look at SASE, which enables customers to realise the benefits of an enterprise security stack across your network, rapidly.

Of all the businesses, in all the countries, in all the world, why would anybody hack yours?

Accepting that you have a problem is the best place to start. The next best place is accepting that if you don’t have a problem now, it is increasingly likely you will face one at some point.

It is well understood the threats are wide ranging both in method and perpetrator. Many organisations take the approach of preparing for the worst case, a targeted attack. It is just as likely, with 95% of breaches1 being due to human error, that an individual gets lucky.

In short, you never really know who the cyber-attackers might be, why they may have decided to come at you, what they’re after, or at what point across your organisation, network, systems, apps and locations they might be able to find their way in.

They might look to steal your data, extort ransom payments, or just cause damage. Whatever their motivation, a well-orchestrated attack can disable your business, disrupt your ability to function, cost a small fortune to remedy, and erode trust among your customers and other stakeholders.

The perfect storm

Organisations are increasingly coming to the understanding that any business can be a target. As we all know, any individual can be a target. Any device can be too. For a geo-dispersed mid-market business all these factors together create the conditions necessary for a perfect storm.

Your IT systems and network, your locations and the people within them, your devices (and the devices your people use that sometimes you may not even be aware of) can all represent points of weakness when compounded by the fact that you operate in more than one country.

It can be frustrating; knowing where to start, where you may be at your weakest, and what sort of protection to put in place. These are all skills that many organisations don’t have in house. The 3 pillars outlined below provide a template for how to move from a risk-abundant place to a far safer IT environment:

Building a successful security strategy

The top 3 pillars of a successful security strategy

  • Understand your threat landscape | Know the battleground
    There is one word to describe your threat landscape: complexity. As threats continue to increase, remote working has intensified the risk. As your network edge expands, the easier it becomes to collaborate between people, teams, and locations, the more widespread the potential entry points become for hackers.Possible weaknesses creep in when you move business applications—and allow permissions to people across a wider ecosystem—outside your traditional perimeter security.

    Such security measures as you once deployed may have seemed fit for purpose when initially adopted. A question well worth pondering is whether these measures now may be less than up to the mutating nature of the security task, and the capabilities of hackers. As much as they keep fully up to date with your weak spots (working on the theory that in the cyber-world, crime often can pay), you need to have full awareness of every security vulnerability, everywhere.

    Your business needs the confidence that you have taken the most up to date precautions to address every corner of your operational landscape, no matter how global it may be; the more global, the more precautions needed.
    Should you be a business that acquires others, every consideration multiplies.
  • Address the global IT skills-shortage | Conquer the fear
    There is a general security skills shortage although it’s getting ever so slightly better. The (ISC)² Cybersecurity Workforce Study, 2021 reports that: …” the Cybersecurity Workforce Gap is the number of additional professionals that organizations need to adequately defend their critical assets. For the second consecutive year, the Cybersecurity Workforce Gap has decreased, down to 2.72 million compared to 3.12 million last year. Together, the Cybersecurity Workforce Estimate and Cybersecurity Workforce Gap suggest the global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets”2.Most medium-sized organisations find it hard to locate, recruit, and even afford broad cyber security skills. Nonetheless, you do need to grasp the enormity of the problem and be comprehensively informed to be able to formulate (and then implement, fast) a robust, best-in-class security strategy.

    This requirement highlights the value of leadership expertise. You don’t necessarily need a hard-to-find, expensive-to-run team, but you may certainly benefit from having a security visionary on side. Such roles as CIO, CISO, or CTO can lead the strategy and work with the board whilst managing service providers, platforms, and deep expertise partners.

    External partners are the specialists who provide the insights, monitoring, remedial actions, and support, leading to the reassurance and confidence
    essential for the business, its operational continuity,
    and its ability to function without fear.
  • Set realistic cybersecurity goals | As soon as you can
    The cyber security challenge, when rigorously addressed, can seem like a long journey. The more you come to grips with the extent of your landscape, your user base, your business applications and solutions mix, the more you’ll come to know what it is you don’t know. It will start to seem like the required investment will never end.To avoid the task becoming an enormous and evolving challenge you may think you’ll never keep pace with, the business needs to make critical decisions about the most important investments to make; setting priorities and realistic goals.

    Make your business a hard target. The threat actor, like the lion, is looking for the weak entry point, the quickest win. Becoming a hard target is about doing the fundamentals well. If you are hard to breach, hackers will move on to an easier target.

Safer Cyberworld

How to make your cyberworld safer

For the complexity of this challenge it’s highly possible that you may need external specialist advice and ongoing support. Imagine if experts were monitoring your systems 24/7/365, anticipating events, remediating issues instantly; protecting your business, its data, its ability to function, and its reputation.

Managed and Extended Detection and Response (MDR/XDR) are rapidly growing in popularity because they are very simple to on-board with immediate impact. These approaches combine human expertise with AI and machine learning technology so the benefits are realised from day 1.

Given that problems can come from the expanding edge, we explored the market to find the best way of securing it. This is where Secure Access Service Edge (SASE) comes in—the new enterprise networking category identified by Gartner:

“A new package of technologies including SD-WAN, SWG, CASB, ZTNA and FWaaS as core abilities, with the ability to identity sensitive data or malware and the ability to decrypt content at line speed, with continuous monitoring of sessions for risk and trust levels”.3

SASE delivers a transformative in approach to network and cyber security. It enables the rapid roll-out of an enterprise security stack built for businesses facing precisely the challenges I’ve been talking about in this blog. It also brings immediate agility and scalability without having to hire, train, and manage teams of people to achieve the same levels of cybersecurity. Viadex were among the very first cybersecurity providers to deliver a SASE solution to the market, using Cato’s SASE solution.

Our customers find that by leaning on the skills, insights, and constant protection of an outsourced team, using truly cutting-edge technology, they avoid the huge costs associated with going it alone. Find out how one customer is benefitting from SASE: customer success story4

Viadex are a global MSP with a suite of services across core infrastructure and corporate users delivered with local presence for performance, security, compliance and data sovereignty. We’ve been supporting midmarket geo-dispersed businesses (with 350 to 3500 users) for over 20 years. We don’t know who the bad guys are any more than our customers do, but we certainly know how to keep them out. If you would like to chat further, and find the fast route to feeling and being safer, get in touch: chris.walsh@viadex.com

1 Cybint: 15 Alarming Cyber Security Facts and Stats
2 (ISC)²: Cybersecurity Workforce Study
3 Gartner: ‘Say hello to SASE’
4 Selig Group: Making the cyberworld safer for a global manufacturing group

Posted in Blog and tagged , , , , , , ,