Why the time is right for automated digital risk protection – for businesses and the channel
The scale and sophistication of the cyber risk facing businesses today, and the expanding risk surface caused by digital transformation, the cloud and remote/home working, demands a multi-layered, proactive approach to security.
It is no longer enough just to defend the perimeter. Today, organisations must also take steps to protect data beyond the firewall and that means having the right defences on remote devices but also intelligence to identify threats and detect when a breach has occurred.
Which is where Digital Risk Protection (DRP) comes in.
By searching the surface, deep and Dark Web for clients’ critical data and potential threats to an organisation, DRP gives businesses (and their customers) reassurance that their data is safe or, if data is found, early warning that a breach has occurred.
David Chalmers, Chief Marketing Officer (CMO) at UK digital risk protection specialist Skurio, says that DRP is an increasingly necessary supplement to traditional defences.
“Traditional cyber security is all about defending the network, defending a business with an established perimeter and stopping people from getting in. Digital Risk Protection works on the presumption that your data is already outside, because of home-working and human error, which is the cause of 80-90% of data breaches that occur.
“Cyber security software won’t stop someone from leaving a USB stick on the bus or sending an email with a file to the wrong person. You have to assume that those mistakes are going to happen and look in places outside your network to see if your data appears there. That is the basic difference between traditional security and DRP.
“Rather than looking for a new piece of malware or a new actor targeting certain kinds of business, we look for data belonging to an organisation. It could be contact data; it could be employee credentials; it could be customer data. If you are not looking for it, you won’t know it’s there and so won’t be able to mitigate damage from a breach or stop a breach that might be ongoing,” he said.
Chalmers points out that as well as finding data caused by a breach that you might not even be aware of, DRP can be used to gather intelligence on vulnerabilities or planned attacks.
“Hackers are very chatty. They will go on hacker forums and say ‘Here is a port scan of this company. If you want to go and attack them, here’s how you can do it. Here are some scripts and some other things that you can use.’ They share stuff very collaboratively. We can find that as well.”
To date, DRP has largely been the preserve of enterprises with the resources to establish in-house teams to conduct searches manually. Now, by developing an automated DRP platform, Skurio is bringing DRP within reach of smaller companies and enabling MSPs to develop new services for their customer base.
“Some organisations will have cyber intelligence teams that use a bunch of different tools to go into the dark web and look at hacker forums and marketplaces where data is being sold. Our system does all that automatically. We save customers time; they don’t need expert resources to find what they are looking for; and we make it safe. We go into those dangerous places, where all kinds of bad things are happening, and we pull that data into our system where the customer can look at it very safely,” said Chalmers.
Having established its platform and tested it with large end user organisations, Skurio is now adopting a channel-first approach to build awareness of DRP in the broader business community, particularly amongst businesses that have moved, or are moving, some of their data to online cloud services, as part of their digital transformation.
Chalmers points out that moving customer or employee data to a cloud service, where it will be processed by third parties, is a risk as businesses will still be responsible for safeguarding the data but won’t have complete control over it or necessarily know when a breach has occurred.
“The digital supply chain that is evolving quite rapidly with digital transformation is a major driver of the need for DRP because it means your data is now in the hands of other organisations that you don’t control. It is quite a nascent market, in terms of people understanding the need for it and the availability of solutions, which is why having a very expansive channel programme, with resellers and managed service providers (MSPs) spreading that message far and wide, is really critical,” he said.
Skurio currently has around 30 channel partners, including MSPs, resellers, consultants and even insurance companies that sell its services, and it is expecting this number to grow with the appointment of CMS Distribution as its UK and Ireland distributor.
Chalmers argues that using the Skurio platform to deliver new cybersecurity services is a good way for MSPs and resellers to attract new business, as well as to upsell and increase wallet share from existing customers, thanks in no small part to its ease of use and flexibility.
“The Skurio DRP Platform is effectively a search engine for finding information in the deep and darkest web. All you have to do is put in the data you want to look for, switch it on, and we will monitor it for you and alert you whenever any of it is found. It is very, very simple and therefore very attractive to MSPs,” he said.
He adds that Skurio has done a lot of work behind the scenes to make its offering as channel-friendly as possible, including the development of APIs and connectors so that partners can embed the technology into their own portals and customer front-ends, and the creation of partner-exclusive products, including a low-cost domain monitoring service.