15 March 2022

Two years of Corona: How important are Managed Security Services?

Rising number of cyber attacks and lack of specialists drive demand

Bad Homburg, Germany - 15 March 2022 - With the threat environment intensifying due to an increasing number of cyber-attacks and strict compliance requirements, the market for Managed Security Services (MSS) is growing unabated. NTT Ltd, a leading global technology services provider, reveals the issues driving the industry after two years of Corona.

Cyber crime is weighing heavily on the German economy: more and more companies are falling victim to theft, espionage or sabotage. Hackers are becoming increasingly aggressive in their approach, deliberately exploiting vulnerabilities to gain access to systems. Many companies don't have the expertise or time to raise their level of protection. This is where MSS providers can help deliver an end-to-end solution tailored to the exact threat situation.

From NTT's perspective, four themes will drive the MSS market in the coming months:

• The exceptional situation is becoming the norm. It is not only the number of security incidents that is worrying, but also the rapid development of new and adapted attack methods, the mass exploitation of serious software vulnerabilities and the sometimes serious consequences that successful cyber attacks trigger. Although the "king of malware" has disappeared from the scene with the dismantling of the Emotet network, new means of attack and methods have long been available. Artificial intelligence, for example, is now a natural part of hackers' repertoire. What's more, the increased use of home offices has opened up numerous new avenues for infiltrating the corporate network. At the same time, companies are facing numerous compliance challenges thanks to DSGVO, industry-specific security standards and the amendment to the IT Security Act. Then, when budgets for IT security are cut in the face of financial constraints after two years of pandemic, companies find themselves at a loss.
  
  
• Lack of resources slows down cyber defenses. Technology is only one cornerstone of IT security, the other being the internal security team that takes care of processes, organization and user awareness. Many IT departments reached their capacity limits even before Corona, and demand for cybersecurity experts has exceeded supply for years. In the pandemic, the situation has become even more acute, as security specialists have been called upon in many places as a silent reserve to fix computer and network problems, install virtual private networks (VPNs) or staff help desks in order to meet the sudden demands of the shift to remote working and accelerate digital business processes. As a result, security initiatives have suffered in many organizations.
  
  
• New areas require new approaches. IT infrastructure has changed fundamentally in recent years, and IT security measures must now be adapted in parallel. This includes client portals, for example, as well as mobile applications that are essential for remote working. As a general rule, security by design is a better approach to warding off potential dangers than to carry out some laborious upgrades after the fact. If a company has fallen victim to a cyber attack and needs to take appropriate countermeasures, Digital Forensics & Incident Response (DFIR) is the tool of choice. Using artifacts, i.e. traces left by attackers on a compromised system, experts identify the attack vectors and determine the extent of the damage. Countermeasures are then initiated and protective mechanisms are built to prevent attacks via the same gateway in the future.
  
  
• Cyber insurance and DFIR retainer become the perfect match. Many companies take out cyber insurance to protect themselves against the financial consequences of a hacker attack or data loss. However, such a policy is not a free pass for inadequate IT security. As a rule, insurers assess a company's risk level in advance by means of audits and derive the appropriate insurance cover from this. Companies that are not mature enough to defend against and respond to cyber attacks or lack awareness of the numerous threats will not be offered a contract. It therefore makes sense to combine this with a DFIR retainer: in addition to defense, proactive measures are also taken here to sustainably increase a company's cyber resilience. Onboarding at the beginning of the contract gives the provider an overview of the technical conditions of the customer infrastructure and evaluates the protocol and security mechanisms. Based on this and also as a "lesson learned" after an incident, improvement measures are implemented.

"Proactively managing compliance requirements and security threats must be a top priority for any company. The risks associated with third-party vendors, supply chain attacks and reputational damage caused by public disclosure of sensitive customer data loss or intellectual property theft, as well as fines for non-compliance, require an appropriate security strategy," emphasizes Bernhard Kretschmer, Vice President Service and Cybersecurity at NTT Ltd. "Managed security services allow companies to massively reduce the burden on their own IT departments while ensuring a significantly higher level of security."

More information at services.global.ntt and services.global.ntt/de-de/newsroom.

If you have any questions, please contact:

NTT Germany AG & Co. KG
Hakan Cakar
Vice President Marketing and Communications Germany
Tel.: +49 89 2312 178 32
hakan.cakar@global.ntt

PR-COM GmbH
Christina Haslbeck
Senior Account Manager
Tel.: +49 89 59997 702
christina.haslbeck@pr-com.de