The constant evolution of the global security threat landscape is playing a part in the rise of cyber ‘security as a service’ offerings. In addition, the evergreen discussion around cost modelling, namely the ‘Capex vs Opex?’ issue, is also a factor in the promotion of this type of service, particularly when it comes to security approaches of enterprises verses smaller businesses.
This is according to Anton Jacobsz, managing director at value-added reseller, Networks Unlimited, who says, “The fact that threats are ever changing and mutating is driving a massive demand for protection in the IT landscape. However, this need calls for a significant investment in advanced threat protection products, such as Distributed Denial of Service (DDoS), Sandbox, Web Application Firewall (WAF) and mail solutions.
“Larger enterprises can absorb the costs of the security products and also train their employees to manage the technologies, and so it is easier for them to bring cyber security for the organisation into a Capex model. However, the SMME market prefers to run according to an Opex model, as these businesses can turn services on and off as needed at a marginal cost. It is for this market, that the security as a service model, with its flexibility and scalability, is ideal.”
The way in which larger versus smaller companies tackle the issue of security in general differs substantially, Jacobsz adds, saying, “Enterprise-level companies have wholeheartedly invested in a holistic approach to security. This is driven predominantly by the advanced knowledge, recourses and budget to deploy end-to-end solutions. Enterprises are also more cognisant of the various Acts that are enforceable within South Africa, such as the Protection of Personal Information Act (POPI) or the National Credit Act (NCA).
“In contrast, the SMME market follows a different approach, with different IT challenges and approaches, and their plans are driven by budget. Typically, many of them would start off by protecting the edge of the network, and then work their way across the platforms.”
However, it is important for any business owner to be aware that a smaller organisation’s reduced size compared to a larger global entity does not necessarily protect it against a cyberattack.
Jacobsz notes that many SMMEs think they won’t be affected by ransomware or any other type of hacking threat, because they are not large enough to matter to hackers. He clarifies, “Real ransomware enforces one simple underlying outcome: to make money – the ‘from whom’ does not matter. A ransom is a small amount paid in bitcoin for its untraceable capabilities.
“All South African companies should fear a cyberattack. This includes both direct attacks, where your business infrastructure has been studied for weaknesses, and indirect, where your business may not be the goal, but as the weakest link in the security chain it is a means to an end to attack the actual target – be it a supplier or client.”
According to Jacobsz, we further need to remember that network security requires a multi-pronged approach, as modern-day networks are borderless. “With threats coming from all over the world, this means that cyber security by nature must be a continually evolving field.”