Understanding the threats to your company

One of the unfortunate realities with regard to security is that, no matter what kind of business you are, everyone faces the same threats.

All companies are subject to the same threats and issues regardless of size. The issue is that smaller businesses don’t have the scale or resources to properly address them.

For John Killilea, security consultant at CommSec, the type of businesses it would serve would be smaller to medium-sized companies, the companies that most benefit from such a partnership and for good reason.

“Going back the last few years, small companies would have engaged with a general IT support-type company which would have dealt with all of their IT including security,” he said. “Those guys would have been doing their best, like setting up a basic firewall and antivirus, but it’s not their area of expertise.

“With the advanced threats coming now, those companies don’t have that level of experience to deal with it properly.

“Companies like CommSec are becoming more prominent where they’re offering that level of expertise and smaller companies, they’re realising that they can continue using their own IT provider . . . but also have someone else there, helping them and giving that assurance that security is being addressed in the best way possible.”

The obvious reason for availing of a managed security service is the range of threats that are being faced. You only have to look at this year to see numerous examples of data breaches, malware attacks, vulnerabilities and other security issues occur and are part and parcel of business life.

It’s not just that they’re more prevalent than before: regulations like GDPR require you to report them if they involve personal data.

For the big companies, dealing with this can be straightforward. But for SMEs who don’t have the resources, this can create some challenges.

“They’d be facing security threats that larger companies would face, but they’re not as well equipped to deal with them,” Killilea said. “Even the basic stuff that they face, they wouldn’t be able to deal with it, because they don’t have dedicated security staff and the resources to even know it would be happening.

“A lot of the problem is that these things can go undetected. Even for simple things like malware, some smaller customers mightn’t have proper malware protection in place, they mightn’t have antivirus running on their machines or servers, basic stuff like that.

“We can come in and make quite a difference to them, and when something does happen, sometimes malware can be quite difficult to remove. Again, we can provide our expertise to clear it up and make sure it’s fully gone.”

The issue of malware is becoming a bigger problem than before with more advanced strains being released into the wild. Now that everything is connected and accessible, it’s likely installing software and keyloggers that will capture everything you type. When accessing sensitive information like online banking or passwords, having those details captured and sent back to the attackers can cause havoc for an organisation.

“If that happened over a period of even five days, that could be enough for an attacker to gain access to sensitive information,” Killilea said. “Again, that comes back to smaller companies not having either up-to-date antivirus software or the expertise to get rid of it.”

“Another advanced feature of malware is that it can be difficult to remove, it can bury itself into a system and then you might run a basic tool and say it’s gone. It’s not gone, it’s still there. You need to know the signs to look for to make sure it’s fully gone, and that’s the expertise CommSec and other managed service network providers can provide.”

Malware isn’t the only reason why managed service providers have grown in popularity: the compliance side of a business is another reason. You have regulations like GDPR now in play, and while they make things better for the consumer as a whole, they can add their own stress to businesses as they move from reactive model to a proactive approach.

It’s easy to keep your focus on the technical side, but since more and more customers are looking for security credentials, it’s important that businesses show that they’re keeping up with best security practices.

“You might have customers up there looking for security certification to validate that they’re dealing with a company that’s secure,” Killilea said. “That’s something else we can help with, get them certified and enable their business to gain more customers that way.

“Then you have things like business and security strategy for those smaller companies. Asking: what are they investing in in the future? Are they spending the money on the right kind of tools and resources? Are they addressing all the business risks?

“We can provide that level of expertise to help guide them in how they should be doing things and planning for the future, ensuring that they can get the best return on their investment.”