Hong Kong operator SmarTone has joined the cyber security services race with a new offering for enterprises that focuses not just on the usual firewalls and anti-virus software, but training employees to be part of the company’s defense perimeter .
Billed as “military grade”, SmarTone Cybersecurity Solutions offers what it says is a holistic solution with three prongs: “people, process and technology”. That means security awareness training for staff, 7×24 managed smart endpoint detection and response (EDR) for continuous monitoring and response to advanced threats and smart threat analysis tools using machine learning.
To that end, SmarTone has roped in three partners to power each prong of the service – Cybereason looks after the endpoint monitoring; ZecOps handles the threat hunting and forensic analysis; and KnowBe4 provides the security awareness training, which includes simulated phishing email attacks.
The focus on humans is a deliberate acknowledgement of the fact that humans are often the weakest link in any enterprise’s cyber security perimeter, said SmarTone CEO Anna Yip at a media event launching the service.
“After studying the patterns of attacks, talking to global experts and also talking to our clients, we have come up with three-pronged tactics, because just hardware and software is not enough,” she said. “We believe that it takes people, technology and process in an integrated approach to form an effective defense and also early detection system for enterprises.”
Harry Poon, head of Cyber Risk & Security Practice for SmartTone’s Business Markets division, added that targeted social engineering attacks – where hackers manipulate humans to give up security information by, say, pretending to be from the IT department or the police – are “the biggest cyber threat business organizations are facing today because they’re extremely effective and can do a lot of damage.”
Poon said that while process and technology play important roles, “you can have the best process and technology but if you don’t have the best people, everything can still fall apart. On the other hand, if you have the best people but not the best technology or process, you may more likely be able to survive.”
Even with basic hacking tricks like phishing being common and fairly well publicized, Yip noted, businesses shouldn’t assume that employees know a phishing email when they see one, or a social engineering scam when they hear one. She cited recent research from the Hong Kong Productivity Council which found that Hong Kong companies only scored 38 out 100 on its cybersecurity awareness index (with 40 being a passing score).
Even if they know better than to click suspicious email attachments, they may not know that even something as innocuous as a USB cable can be weaponized to compromise a workstation – which is just one example of how innovative and ingenious hackers can be, said Poon.
Poon added that while companies with high security maturity typically manage to do a better job of balancing their defenses across people, process and technology, “there are many companies focusing too much on the technology part, or are doing the bare bones minimum to meet compliance requirements.”
Freeman Ng, certification director for China-Hong Kong chapter of ISACA, observed that large companies in Hong Kong generally have investing more in addressing cyber threats, “new systems are always developed and tested from a silo view because of the high pressure of time to market. As a result, potential cyber threats raised by interfacing systems and connecting devices are often overlooked. A more holistic or end-to-end approach is recommended to address cyber threats.”
SmarTone’s move into cyber security services for enterprises is an extension of the operator’s recent initiatives to target the enterprise sector with digital transformation solutions encompassing things such as smart buildings, healthcare and transportation. (SmarTone has previously launched a separate security service, ST Protect, for consumers which leverages AI technology to protect smartphones from cyber attacks.)
It’s also an acknowledgement that as everything goes digital and everything becomes connected, cyber security will be more important than ever – and therefore something that no one can afford to take for granted.
The Internet of Things has already demonstrated the consequences of not taking security seriously, and 5G will introduce additional cyber security challenges, said Charles Cote, regional vice president of Asia Pacific at Cybereason.
“To be able to step back from a security perspective and address the comprehensive components [of 5G] early on so that the technology will be prepared to be able to detect and provide scalability from the beginning is very important,” he said.
Igors K, VP of global sales at ZecOps, said that 5G and IoT “does increase the attack surface because those devices have been invented with functionality in mind and not security in mind, so we definitely need to look more closely and how to secure them.”
Poon of SmarTone concurred, adding that the ironic trade-off of 5G is that hackers will be able to take advantage of its faster data speeds and capacity.
“At the end of the day, we may likely see more unusual attack methods which are beyond our current imagination,” he said.