Since the first commercial Internet Service Providers (ISPs) started making the web available to the general public more than thirty years ago, the world-wide-web has grown into a limitless ocean of opportunity in terms of both personal freedom of expression as well as in commercial value. It gives businesses the power to reach beyond traditional boundaries and expand exponentially, with the right strategies.
Unfortunately, with such opportunities also come the opportunists, of a darker shade. Today, growing with the dimensions of the web come the modern day cyber pirates and terrorists, who wreak havoc for many reasons. Some champion alleged causes, targeting governments and their agencies. Others attack businesses, stealing information or holding data for ransom. The most malicious simply seek to deny service to others by obliterating a capacity to function online, such as through distributed denial of service attacks (DDoS).
“It is clear that cyber threats have become of the most focal points in economic and national security challenges. Private organisations have long recognised this, and the plethora of web security products have flooded the market for years,” says Ellery Wee, Senior Associate Director of renowned international research house Gartner (pic).
To exemplify a situation that could escalate rapidly out of control, take a case in point when just two years ago, a Malaysian media outlet was hit by large-scale DDoS attack. The site was targeted over a period of weeks before culmination in a massive botnet strike. This, in essence, meant that the site was flooded by multiple requests from numerous IP addresses. In this case, it was multiple requests from over 36,000 IP addresses over a 24-hour period.
How many corporates have the infrastructure needed to withstand such a strike? How much in terms of monetary value and more importantly, in terms of credibility, can a company afford to lose? While it is true that investing in certain web security products can help guard against threats at an individual level, where does that leave companies that rely on the web as a lifeline to business?
“The key thing here is that companies should focus on the prevention part, rather than worrying about the cure once an attack has taken place,” emphasized Wee. “Although antivirus usually works as the first line of defence, they may sometimes be not enough with more sophisticated attacks,” he added.
“What companies really need – especially when they cannot afford any downtime as this would affect their operations – is to work with renowned service providers that provide customers with 24×7 monitoring and attack support.
The enterprise security field of today is vastly different from before. In the past, only the large corporates could look towards security vendors to provide their organisations with the security they need. However today, especially in countries such as Malaysia which sees SMEs as a pillar of economic growth, there are many more options and opportunities.
“Instead of providing fixed security infrastructure for a single corporate, technical security experts today have come up with massive distributed networks which they can use to channel traffic of multiple companies through. This type of service can be very affordable in nature, even to smaller SMEs,” said Wee.
“Such providers protect online brands from the web’s most insidious attacks every day – they are able to help organisations effectively respond to even the newest threats on the web,” Wee further said.
“This is achieved by decreasing response time and increasing mitigation quality by institutionalising mitigation techniques and lessons learned beginning with the first time a single customer is attacked. This requires access to experts, not only technical experts who can provide 24×7 services, but those who are experienced enough to have a vision of strategic security. The threat landscape is ever changing and to get locked down into a rigid security structure can only lead to digital disaster,” concluded Wee.