Strengthening cybersecurity
Pandemic has organisations thinking about better ways to consolidate and manage cybersecurity needs.
The last two years have shown us the harm a physical pandemic can do to people, as well as the havoc a cyber pandemic can wreak on information systems and associated data. Last year, malicious cyber-attacks cost US$6 trillion globally in the form of ransomware, loss of productivity, loss of data and reputational damage, among others.
Similarly, the cost inflicted by the Covid-19 pandemic has been measured in trillions of dollars to the global economy, from the impact of lockdowns to supply chain disruptions.
As the pandemic caused havoc, remote work became the norm for most office employees. The consultancy McKinsey estimates there was an increase in the remote workforce by a factor of four to five times compared to pre-pandemic levels.
Within a matter of weeks, surface attacks on IT assets widened dramatically, shattering the security perimeter. This exposed security vulnerabilities on the network, cloud, devices, and access rights, which were exploited by malicious actors to destabilise institutions including hospitals, banks and governments.
Check Point Research reported a 40% increase in cyber-attacks in 2021, with one out of every 61 organisations being affected by ransomware each week.
When the biological pandemic emerged, public policy makers reacted with stricter lockdowns and vaccinations, and reinforced their health systems with complementary infrastructure including testing centres, quarantine centres and dedicated areas for coronavirus patients at hospitals to cope with the number of patients arriving in waves.
Similarly, chief information security officers (CISOs) had to react to the widening attack surface by enforcing security policies and the security infrastructure. They have two options to deal with a widening attack surface. One can pursue a best-of-breed strategy to patch the security architecture with multiple vendors, or one can consolidate the security architecture with a cybersecurity suite.
The latter approach is recommended as it closes security gaps related to misconfiguration and security policies that do not fully overlap when using multiple vendors.
Check Point surveyed over 400 global CISOs to confirm this trend, with 79% saying that working with multiple vendors is challenging and 69% agreeing that working with fewer vendors would increase security. The benefits of security consolidation include:
Reduced overhead: Managing individual licences across the organisation can consume significant resources as each licence needs to be purchased, tracked and renewed individually. An ELA (enterprise licence agreement) allows a company to use a single licence for all vendor services that it consumes across the entire organisation.
Lower costs: An ELA is a bulk purchase of a vendor’s service for a fixed period. Often, this comes with large discounts compared to individual, perseat licences.
Decreased business impact: With individual licences, an organisation needs to manage each licence and may face business disruptions if one slips through the cracks and expires. With an ELA, an organisation only needs to manage a single licence, decreasing the probability that oversight will cause a disruption.
Reduced waste: With individual licence agreements, an organisation may inadvertently purchase additional licences for a product while others go to waste or are only used occasionally. An ELA enables an organisation to bundle services and stop spending money on unused services.
Predictable spending: With an ELA, an organisation and a vendor agree on a predetermined rate for a vendor’s services for the period of the ELA. This provides a greater degree of predictability than individual user licences.
Service flexibility: ELAs often include the option to claim credits for underused resources that can be applied to other services. This allows an organisation to better tailor its service consumption to its actual needs.
‘‘ Some 69% of chief information security officers agree that working with fewer cybersecurity vendors would increase security.