Over the past few months, data breaches have dominated the news. According to Alan See, Co-founder and Chief Executive Officer of FIRMUS™ Sdn Bhd, as people and businesses become ever more interconnected, “Parameter defence is no longer sufficient given the current threat landscape where attacks are zero-day in nature, targeting endpoints including servers.”
In fact, the threat has become so serious and prevalent that it has come to the point where the question is no longer a matter of if but when you’ll get attacked. He added that with the new and more sophisticated attack tactics and techniques being used, organisations have to step up their game in order to stay ahead of the attackers.
More importantly, they must understand the effectiveness of their cyber defences in order to proactively protect, detect, and respond to threats.
Gaining that understanding is not so simple, given how diverse and complex business IT environments have become. Hence, that’s where a Compromise Assessment (CA) comes in.
The Role of Compromise Assessments in Enterprise Security
A compromise assessment is an objective survey of a network and its devices to detect unknown security breaches, malware, vulnerabilities and signs of unauthorised access. More specifically, the assessment seeks to identify attackers who may currently be active in the environment or have been active in the recent past.
For companies that may not have adequate time, investment levels or resources to implement all the necessary cyber controls, carrying out compromise assessments regularly as part of a risk mitigation strategy could provide them with the “defence in depth” that they need to ensure that they are aware of vulnerabilities that may exist and prevent threats from making it past their defences.
How is it different from other forms of cybersecurity assessments? Rodney Lee, SVP – Business Development at FIRMUS™, states that when the subject of compromise assessment is brought up, people frequently confuse compromise assessments with Vulnerability Assessments (VA).
Rodney addressed this in a simple way and said, “A CA is an effective way to detect compromises throughout the entire infrastructure, whereas Vulnerability Assessment and Penetration Testing (VAPT) focuses on identifying exploitable vulnerabilities in a very limited scope."
“When you do a penetration test or vulnerability assessment, you normally tell the vendors, ‘Can you do a VA on this application?’ ‘Can you do a VA on this particular segment of your network?’ ‘Can you do a VA on my firewall or on my IPS (intrusion prevention system)?’ So, these are the limited scope that is normally specified during a VAPT,” explained Rodney.
Nevertheless, despite the benefits that CA could bring, a common trend is that many businesses, particularly in Malaysia, do not go for security protection because they want protection but rather because they need to comply with certain regulations or guidelines.
“So, in [Malaysia’s] industry, [it will be] organisations like the financial institutions and also government organisations that are required by the Critical National Information Infrastructure (CNII) and also the Personal Data Protection Act (PDPA) guidelines.” He further explained that in Malaysia, a compromised assessment is an exercise required by the local central bank to ensure the financial institutions (FIs) gain visibility to answer three basic questions: They want to know if you're compromised, can identify the compromise, and if you can come up with an effective incident response strategy.
To help us further understand CA, Rodney went on to explain its process and how long it takes to identify potentially malicious activities, which you can see in the video below.
In It For The Long Run
As a company, FIRMUS™ sees itself as a game-changer and thought leader in cybersecurity, with 13 years of experience and a large client database. To stay ahead of the ever-evolving threats, they incorporate and implement new technologies and solutions into their end-to-end solutions and services. They also prioritise customer data and platform security in order to maintain network visibility and the ability to respond to any incident quickly and effectively. And they are constantly innovating their methodology based on the three P's: People, Process, and Product.
This, according to Rodney, is what distinguishes FIRMUS™ from other cybersecurity firms. This methodology also emphasises both short- and long-term solutions. “Long-term solutions are important because they must be able to close every threat entry point and movement and ensure that this entry point is reviewed, as well as where the weaknesses are and how to close them. So, our methodology is slightly different even though we complete assessment quickly, we don't run away from the responsibility of providing a long-term solution and an incident response plan that can be used over and over again for our customers,” he explained.
Aside from that, because there are so many technologies, tools, solutions, and services for businesses to consider, organisations are debating which areas to invest in, and whether to invest more in cybersecurity.
Alan stated that given the current threat landscape, where many businesses have been infected by ransomware in the last few months, he urges the CIO or CISO to, at the very least, spend on endpoint protection even if their budget is limited because endpoints are a target for the majority of hackers.
He went on to say that the ransomware outbreak has resulted in people's servers being encrypted and operations being shut down for weeks or months, all of which were caused by an attack on endpoints.
“Many years ago, businesses invested in perimeter defence, intrusion prevention, and intrusion detections, all of which are used to protect the endpoint. Given a limited budget scenario, I’d strongly recommend businesses to protect their endpoint because servers are money-generating engines,” Alan explained.
With the current business performances in both Malaysia and Singapore markets, FIRMUS™ is looking into markets expansion to other countries. One key success factor is human capital – securing and placing the best fit talent to run the operations in the selected countries,” added Alan.
"We are currently evaluating our potential markets in the Southeast Asia region; and we usually do not provide any forward projections until we solidify the plans. However, we certainly will increase our Singapore resources starting this year to scale its business growth before expanding into other countries," Alan concluded.