By Sundar Balasubramanian, Managing Director, India, and SAARC, Check Point Software Technologies
With cyber-attacks against corporate networks increasing 50% year-over-year, it has become clear that the past year has seen a dual pandemic, a biological and a cyber one. As the World Economic Forum warned us: “We should prepare for a COVID-like global cyber pandemic that will spread faster and further than a biological virus, with an equal or greater economic impact.”
To defend against an expanding attack surface, security teams are increasingly adopting new cyber security products to protect networks, cloud infrastructure, IoT devices, as well as users and access. However, stitching together different products from multiple vendors may create security gaps and operational overhead. Read more to learn why moving toward security consolidation can significantly enhance security posture, improve security operational efficiency, and greatly reduce TCO (Total Cost of Ownership).
Did the COVID pandemic instigate a cyber pandemic?
Both pandemics perform malicious actions on their victims. While a cyber pandemic affects information systems and associated data. Last year, malicious cyberattacks cost $6 trillion USD globally[1] in the form of ransomware, loss of productivity, loss of data, and reputational damage, among others. Similarly, the cost inflicted by the COVID pandemic is measured in trillions of USD to the global economy from lockdowns to supply chain disruptions. Here in India, Check Point’s Threat Intelligence Report on India reports that an organization in India is being attacked on average 1789 times per week in the last 6 months, compared to 1643 attacks per organization in APAC, with 89% of the malicious files delivered via Email in the last 30 days.
As the pandemic caused havoc, remote work became the norm for most office employees. McKinsey estimates that there was an increase in the remote workforce by a factor of 4-5x compared to pre-pandemic levels. In a matter of weeks, the surface attack widened dramatically, shattering the security perimeter. This exposed security vulnerabilities on the network, cloud, devices, and access rights, which were exploited by malicious actors to destabilize institutions including hospitals, banks, and governments. Globally, in 2021, Check Point Research reported a 40% increase in cyberattacks with one out of every 61 organizations being impacted by ransomware each week.
How to prevent the next pandemic?
With the biological pandemic, politics reacted with stricter lockdowns, vaccination, and re-enforced the health system with complementary infrastructures including testing centers, quarantine hotels/centers, and dedicated areas designed for coronavirus patients at hospitals to cope with the number of patients flowing in waves.
Similarly, CISOs had to react to the widening attack surface by enforcing security policies and the security infrastructure. CISOs have two options to deal with a widening attack surface. Either one takes a best-of-breed strategy to patchwork the security architecture with multiple vendors, or one consolidates the security architecture with a cyber security suite. The latter approach is recommended as it closes security gaps related to misconfiguration and security policies that do not fully overlap when using multiple vendors. Check Point surveyed over 400 global CISOs to confirm this trend, with 79% of security experts saying that working with multiple security vendors is challenging and 69% agreeing that working with fewer vendors would increase security.
Security consolidation – the benefits
- Reduced Overhead: Managing individual licenses across the organization can consume significant resources as each license needs to be purchased, tracked, and renewed individually. An ELA (Enterprise License Agreement) allows a company to use a single license for all vendor services that it consumes across the entire organization.
- Lower Costs: An ELA is a bulk purchase of a vendor’s service for a fixed period. Often, this comes with large discounts compared to individual, per-seat licenses.
- Decreased Business Impact: With individual licenses, an organization needs to manage each license and may face business disruptions if one slips through the cracks and expires. With an ELA, an organization only needs to manage a single license, decreasing the probability that oversight will cause a disruption to operations.
- Reduced Waste: With individual license agreements, an organization may inadvertently purchase additional licenses for a product while others go to waste or are only used occasionally. An ELA enables an organization to bundle services and stop spending money on unused services.
- Predictable Spend: With an ELA, an organization and a vendor agree on a predetermined rate for a vendor’s services for the period of the ELA. This provides a greater degree of predictability than individual user licenses.
- Service Flexibility: ELAs often include the option to claim credits for underused resources that can be applied to other services. This allows an organization to better tailor its service consumption to its actual needs.