Blog

Shifting From Cyber Security to Cyber Resilience – Day Zero & Beyond

root

By Stephan Berner, CEO

7 min to read
Shifting From Cyber Security to Cyber Resilience – Day Zero & Beyond

As a global community, we have undergone a lot in the past two years – pandemic, lockdowns, multiple variants of COVID-19, geopolitical conflicts, and more.

It has been tough but nevertheless, it has inspired and built grit and resilience like never before, be it in individuals or businesses. Digital transformation and human connections have both been accelerated during these unprecedented times, albeit in unexpected ways, and I have to say, we are grateful and thankful for both. Unprecedented times call for unprecedented measures. While we have always stressed on the importance of embedding cybersecurity into every crucial project from day zero, it’s high time to see the writing on the wall for all those who still haven’t worked out a well-defined cyber resilience strategy yet. 

It’s essential to understand that resilience is not an overnight project, and instead needs to be a combination of preventive, detective, and responsive methods, across the three pillars of people, processes, and technology. The increasing importance of cybersecurity in today’s times was further reaffirmed as delegates at the World Economic Forum 2022 debated and discussed the way forward, as cybersecurity moves outside of being a topic for the IT department and evolves to becoming a business enabler when managed well, and a big hinderance, when not thought over.

The World Economic Forum’s Global Cybersecurity Outlook 2022 sheds light on valuable insights about the state of cyber and perceptions about the current path of cyber resilience. Unfortunately, cybersecurity is still an afterthought in too many organizations, and this is something we all need to work jointly towards changing. Another interesting finding from the survey reconfirms what we have seen in the region over the recent months, and that’s the ever-growing threat from ransomware.

Ransomware attacks are increasing in frequency and sophistication and are followed by social engineering attacks and malicious insider activity as the major concerns for cyber leaders globally. Organizations need to accept that as the world gets more and more connected, the benefits will always come with a side serving of threats, which we need to manage and mitigate successfully to optimize the advantages of digital transformation.

 

At the end of the day, we must always remember that we live in a hyperconnected world and hence all IT systems share a global risk of exposure. We, at Help AG, are performing threat hunting, based on indicators of compromise (IoCs), for traffic patterns and attack techniques across our MDR (Managed Detection and Response) client base, and will continue to perform these assessments in conjunction with our general threat hunting activities and update our indicators as they are updated by the security community.

The resilience of governments and economies depends on the collective resilience of the businesses and individuals, and this can be achieved by creating a strong business continuity plan incorporating cybersecurity controls at every step and having a well-structured incident response and recovery plan in place.

I believe we can all agree on one thing and that’s the universality of the issue of cybersecurity as a strategic business topic, even more so against the backdrop of the changing geopolitical dynamics worldwide. The resilience of governments and economies depends on the collective resilience of the businesses and individuals, and this can be achieved by creating a strong business continuity plan incorporating cybersecurity controls at every step, and having a well-structured incident response and recovery plan in place, because there’s only much we can do to prevent attacks, and we must be prepared for the time if and when they happen. This requires the breakdown of siloes inside the organization, and acceptance of the fact that cybersecurity is everyone’s responsibility.

But then how can businesses go about getting all of this done, while still being able to focus on their core offerings? Skill shortage in cybersecurity doesn’t make it easier – however, unlike some problems which don’t have a clear-cut solution, this has a genius workaround, and that’s through partnership with trusted managed security service providers, who can work as an extended division of the organizations, constantly monitoring, detecting and responding to threats as they happen, keeping their eyes peeled for anything that might pose a potential risk to the business, and preparing accordingly.

However, there are certain considerations to be kept in mind – all that glitters isn’t gold, and not every organization claiming to be a MSSP is one you can trust. It’s important to ask the right questions before trusting the security of your crown jewels to a third party – how many dedicated specialists they have for the purpose? Are they operating in compliance with the regional regulations? Is data residency maintained as promised? How many of the resources in their security operations center are actually based inside the country? Are the services offered to you constantly assessed and improved, or are you stuck with a stagnant package of tools which are not doing the job they are supposed to? Think before you sign on those dotted lines, and if you are not already a MSS customer for us, we would be glad to do a deep dive with you, starting with an assessment of your entire infrastructure, followed by us suggesting a phased approach for improving your security maturity and business resilience, by partnering with the largest MSS team in the region.

At Help AG, our portfolio encompasses all the steps in your cybersecurity journey – assess, defend, and respond. Our strategic consulting and security analysis teams make sure you are compliant, have your BCM plan in place, and all your security controls are checked to make sure they are providing the protection they are meant to. When there is a need to revamp your security estate, our specialized professional services and integration teams work closely with you to implement state-of-the-art technologies with minimal to no downtime. Our award-winning support center is right behind, so we take responsibility of supporting all your deployments, day in and out. And at the core of our offerings lies managed cyber defense, whereby we monitor, protect, detect, and respond 24/7/365 with the best quality of services, while you operate your business with the ultimate confidence. We launched ‘Help AG as a Service’ in 2021, and as we move ahead, that’s going to be the main driver for us – with this, customers can rest assured that they are provided best-of-breed services, irrespective of the underlying technology or deployment model. Driven by our vision to offer the highest level of protection and user experience, Help AG delivers future-ready services in terms of people, processes, and technology, on an MRC/PAYG model.

It’s essential to understand that resilience is not an overnight project, and instead needs to be a combination of preventive, detective, and responsive methods, across the three pillars of people, processes, and technology.

As a brand, our technology focus areas continue to be secure cloud enablement, smart SOC, security service edge, Zero Trust architecture and data privacy, in close alignment with the market needs and industry evolution we are witness to. While focusing on this, and driven by service-centric business evolution, we will move forward with a heavy focus on human capital enablement to bring to you the best team, the best services, and the trust you need to move ahead with resilience and confidence.

Another exciting development most of you are already aware of now is the new brand identity of Etisalat Group, now e&. This marks the transformation ambitions of the group into a global technology and investment conglomerate. As part of its strategy, e& will enhance customers’ experiences across all segments by ideating, designing, and delivering a range of innovative and breakthrough technologies, driven by its track record of success. e& enterprise will be the driving force behind the digital transformation of governments, corporates, and enterprises.

Help AG is the cybersecurity arm of e& enterprise (formerly Etisalat Digital). We are super energized for this new adventure – we will continue to push the limits when it comes to innovation, highest quality of cybersecurity services and support, and human capital enablement. Everything we do is a step in the direction of ensuring we stay your trusted partner for cyber resilience. We are also aiming for geographical expansions to unlock further value in other countries of GCC and Africa. Stay tuned for the developments to unfold within the coming months.

Cyber attacks are not going to stop anytime soon, and there’s no magic bullet to keep them in check either. What’s needed is a comprehensive approach to boost business resilience, by embedding cybersecurity from day zero and beyond. The shift from cybersecurity to cyber resilience is going to be a crucial step towards a secure, connected, and sustainable knowledge economy. And it starts with empowering people and building strategic partnerships. Our State of the Market Report is a step in this direction – the primary objective of this being to share relevant insights from our experience, and expertise, to collaborate with you in building resilient organizations with future-proof technologies. Together we can MAKE IT POSSIBLE.

Share this article