An array of separate cybersecurity tools might be of value for an individual user, but they are not enough to secure the organization's entire network and critical business infrastructure.
Organizations often invest in antivirus, firewalls, and password management systems to secure their networks, systems, and clouds. But it’s often not enough to call your cybersecurity robust. According to experts, constant monitoring, incident playbooks, and innovation are required in order to be protected against cybercrime at all times.
To talk about the right and wrong ways of securing a business of any size, Cybernews reached out to Steven Meyer, CEO and Co-Founder of ZENDATA, a provider of security and protection solutions,
How did the idea of ZENDATA originate? What has your journey been like?
I created ZENDATA in 2012 in order to help high-risk SMBs protect themselves against cyber threats. We realized that small law firms, wealth managers, and fiduciaries were soft targets and might lead to supply chain attacks. ZENDATA set up an MSSP (Managed Security Services) service with the best solutions for these organizations, connected to a 24/7 SOC in Switzerland.
We've come a long way since the creation of the company. We now offer our services to government, multinationals, and critical infrastructure.
Can you introduce us to what you do? What are the main challenges you help navigate?
Most of ZENDATA's activity is around MSSP with more than 30 different cyber protection options, which are all managed and monitored by our 24/7 SOC. In addition, we have a department of Audit & Pentest, as well as Incident Response, Consulting, Threat Intelligence, Training, and OT Security.
For us, it is essential to correctly and continuously assess the risk exposure of our clients, as well as their risk tolerance in order to have rational and efficient protection. We understand that cybersecurity is not a profit center for organizations, and therefore, we have to put in place as effective of a defense as possible within a constrained budget.
What cyber threats are the most concerning nowadays? What types of organizations are being targeted the most?
Cybercrime is dominating the headlines, and attacks such as ransomware and BEC (Business Email Compromise,) are the most common ones we see. But organizations are also very concerned about internal threats and corporate or nation-state espionage.
Unfortunately, all sizes and all types of organizations are being targeted nowadays. Larger organizations are victims of Big Game Hunting (BGH) operations, SMBs are attacked through Ransomware as a Service platforms, and entities “at high risk” are targeted by Hackers for Hire. Therefore, it is very interesting to see the different types of threat actors and TTPs (Tactics, Techniques, and Procedures) being used in different sectors, as it enables us to better customize the protection put in place.
How do you think the current global events are going to affect the threat landscape?
The COVID19 had a huge impact on the threat landscape: Organizations accelerated their digital transformation in an uncontrolled manner, and criminals increased their activity in cyberspace. These two elements combined generated huge revenue for cybercriminals which was fed back into the cybercrime space, providing them with more skills, tools, and talents.
The trend here is not stopping or slowing down; the low risk and high reward are ideal for hackers who also have the ability to engage against targets worldwide. And with the war in Ukraine, we can expect more damaging attacks which will not only be motivated financially but also ideologically and politically.
The belief that only large and well-known enterprises are prone to cyberattacks is only one of many misconceptions still prevalent today. What other cybersecurity myths do you come across from time to time?
Many organizations confuse IT and cybersecurity. They expect their IT team to manage and mitigate the cyber risk. Unfortunately, nowadays, simply deploying a firewall and an antivirus is not sufficient. Protection tools must be multiple and complex to efficiently protect against cyberattacks; and they all need to be carefully chosen, correctly set up, and constantly monitored in order to achieve their goal.
Why do you think it takes some organizations so long to acknowledge internal risks?
We do see some improvement: more and more organizations have a better understanding of their risk and the board of directors is asking the C-level to be prepared against cyberattacks. That being said, most organizations that come to us seeking help thought of being correctly protected before being attacked. Therefore it is clear that the risks are still not correctly managed.
In your opinion, which IT and cybersecurity details are often overlooked by new businesses?
Organizations often don’t really understand how technology works and who should be responsible for protecting it. Should it be the cloud provider, the IT company, the CTO, the CISO, or the end-user? At the end of the day, all are responsible for different tasks and at different levels. Correctly splitting responsibility and correctly managing each role will greatly increase cyber resilience.
Talking about average Internet users, what security tools should everyone use to keep themselves safe online?
Tools are just a means to an end. Organizations need to understand who are the threat actors, what is their risk appetite and what are their assets and use this information to plan how to be protected. Tools will only be useful after this full analysis. In general, we see organizations not protecting correctly their cloud environment believing it is solely the responsibility of the data center or cloud operator.
Of course, best practices should always apply: having the ability to stop the malicious code and behavior with an Antivirus & EDR is essential. Controlling network traffic with a Firewall and/or Proxy is very important. And having a backup and disaster recovery plan will save an organization following an incident.
In addition, the users remain a critical element of security. They should be trained correctly in order to recognize phishing, choose good passwords, and react correctly in case of incidents. Other tools such as Email Security Gateway, CASB, PAM, etc. will help to increase the cyber maturity.
And finally, what does the future hold for ZENDATA?
ZENDATA opened a new office in Dubai in fall of 2021. This will be a big focus in order to expand its activity in the GCC region. The headquarters in Geneva will continue to grow.
We have very exciting new services in the pipeline, which we will launch in 2022 to better protect our current customers and expand its reach.