Cyber Security as a Service (CSaaS)

Introduction

Cybersecurity is a crucial priority for governments, organisations and businesses, most especially Small and Medium Enterprises (SMEs). Today’s cyberattacks are growing at an unprecedented rate and the challenge of initiating proper countermeasures to combat evolving threats which can be expensive and complex. It is difficult to prepare for all possible cyber incidents and the increasing sophistication of cyberattacks, especially Small and Medium Enterprises (SMEs) that does not have required internal resources to properly counteract evolving threats.

A cybersecurity incident is a potential business continuity and disaster recovery event. Governments and businesses (large, medium or small) need cyber capabilities to protect themselves against any form of cybersecurity incidents or breaches. These cyber capabilities requires 24/7 cyber protection coverage with a range of cyber defense solutions to meet any organisation specific cybersecurity needs. Thus, this is where Cyber Security as a Service (CSaaS) comes in.

Conceptualization of Cybersecurity as a Service

Cybersecurity encompasses the technologies, processes, people and compliance that are put in place to provide protection and security from cyber attacks that are deployed against Information and Communication Technology (ICT) systems. A good cybersecurity will provide a comprehensive solution to protect and secure against a diverse range of cybersecurity issues.

Cyber Security as a Service (CSaaS) is basically an outsourced model of cybersecurity management. This model ensures Information and Communication Technology (ICT) systems stay secure and protect against cyberattacks. With CSaaS, government, organisations and businesses, most especially Small and Medium Enterprises (SMEs) can access strategic and operational professionals without the expense of engaging a full-time internal cybersecurity team.

The reason for having Cyber Security as a Service (CSaaS) is largely to protect businesses from unplanned events that could disrupt the business.

Benefit of Cybersecurity as a Service

The benefits amongst others include:

1. To proactively detect and remediate cybersecurity issues.
2. Having direct access to a team of cybersecurity experts.
3. Audit security vulnerabilities of network infrastructure and develop an action plan to plug these security weaknesses.
4. Subscribing to only the services required, to prioritise, adapt, adopt and disengage as the business evolves.
5. Minimise total cost and maximise efficiency of building a full-time internal cybersecurity team.
6. Accessing all ranges of Information Technology (IT) security and compliance under a single Service Level Agreement (SLA).
7. Provide cybersecurity training to employees on good cybersecurity hygiene and habits.

Cybercrime Statistics, Scope and Frequency

Nigel Dickson (2019) Here reported that, cybercrime generate $1.5 trillion annually, with businesses facing cyberattacks as many as 16,856 times annually and hacking is becoming less pervasive at 3% as a technical problem, with 97% using the human as the weak link through social engineering.

Varonis Global Data Risk Report Here showed that, 21% of 6.2 billion sensitive files analysed in 2018 were exposed cyberattacks and 53% of companies with more than 1,000 sensitive files are accessible to all employees.

TekMonks Infographic (2018) Here, shows a total of 1,946,181,599 records containing personal and other sensitive data were compromised, costing businesses an average of $3.62 million in damages, 75% proportion of data breaches are caused by external attackers and 77% of IT professionals indicated that, their organisation do not have formal cybersecurity incident response plan.

Cisco 2018 Annual Cybersecurity Report Here revealed that, the most malicious file extension used in 2018 was Microsoft Office formats. This includes files in the Word, PowerPoint, and Excel formats. The study reveals that, 38% of malicious file extensions are Microsoft Office files, followed by archive file formats (.zip and .jar) at 37% and PDF files at 14%.

The estimated daily cybercrime activities as indicated in the McAfee’s Report on Economic Impact of Cyber Crime 2018 Here in 2017, are 80 billion malicious scans, 300,000 new malware, phishing at 33,000 remains the most popular and easiest way to commit cybercrime, Ransomware attack at 4,000 and 780,000 records were lost data breaches.

Symantec Report on Internet Security Threat Here disclosed that, averagely 24,000 malicious mobile apps were blocked daily in 2017 on Google Play.

In 2017, Cybersecurity Ventures predicts Here cybercrime will cost the world $6 trillion annually by 2021, 6 billion internet users by 2022 and global cybersecurity expenditure will be in excess of $1trillion cumulatively over the next five years.

Cybersecurity Ventures Report Here revealed that, 3 billion user credentials were stolen in 2016, an approximation of 95 passwords were stolen every second. The report further revealed that, user credentials including a combination of human and machine passwords will grow to 300 billion by 2020 and are likely to face increase security risk form cybercriminals.

In 2016, Adware affected 75% of the 130 organisations investigated by Cisco Here. Adware presents itself in the form of advertisements, but it can also facilitate malware attacks, change browser settings to weaken security, track users/devices location and exfiltrate personal data, credentials and organisational information.

The growing number of cyberattacks clearly depicts the need for cybersecurity (24/7 cyber protection coverage) in governments, organisations and businesses, most especially Small and Medium Enterprises (SMEs). The increased ease of committing cybercrime as led to the growth of Cybercrime as a Service, along with Cyberattacks/Hacking as a Service, Crimeware as a Service, Malware as a Service, Fraud as a Service, Cybercrime Infrastructure as a Service and Ransomware as a Service.

Conclusion

Cybersecurity is a growing concern in today’s information technology world, due to the growing complexity, heterogeneous systems and highly connected devices as well as inadequate tools to protect and secure these resources against attacks and exploitations.

Cybersecurity incidents can incapacitate government and businesses that are not prepared. Successful cyberattacks can compromise the confidentiality, integrity and availability of Information and Communication Technology (ICT) systems.

Threats, vulnerabilities and impacts are the three factors of risk associated with any cyberattack. The management of these risks to Information and Communication Technology (ICT) systems is considered fundamental to effective cybersecurity.

It should be clear that, engaging the services of cybersecurity provider is a must-have investment in ensuring business continuity, disaster recovery and cybersecurity especially for Small and Medium Enterprises (SMEs) with online presence that cannot afford full-time internal cybersecurity team.

About Author

John Odumesi is a Cybersecurity Researcher/Analyst presently with the Office of The National Security Adviser.