Hackers, scammers, cyber criminals: the bad guys are everywhere.
For businesses that rely upon the exchange and storage of online data, the threat is constantly increasing, and the likelihood of a security breach is ever-present.
Those breaches are capable of destroying brand reputation overnight, not to mention the potentially-ruinous fines and penalties that may also be imposed.
Technology providers in particular are highly-exposed. Contact centers, telephony systems, unified communications platforms and applications all process highly-valuable customer and user data.
Also, as a result of increased sophistication and constantly-improving functionality, those technologies’ back ends have more and more potential back doors through which bad actors like to sneak.
Helpfully, governments around the world have responded with constantly-evolving legislation aimed at protecting organisations’ customer data. However, that means Managed Service Providers and the like must deploy robust measures to ensure compliance.
The smarter ones bolster their own in-house resource with external experts. With the stakes so high, it’s a partnership which must deliver big.
“Organisations have huge legal, contractual, and moral responsibilities to guard against cyber crime – having experts alongside to ensure they are met can make the difference between success and failure,” says Dr Scott Allendevaux, senior practice lead at the UC professional services practice Allendevaux & Company, whose security offering is helping enterprises around the world.
“Everyone in first and second world countries are connected to the Internet, and third world populations are catching up fast. Then there are the estimated 15 billion IoT devices that are connected around the globe including houses and cars–even coffee machines and air conditioning systems.
“UC providers managing interconnected assets and infrastructure must monitor and safeguard them from vulnerabilities; applications and operating systems must, for example, be up to date with the latest versions.”
“Are those providers actively scanning attack surfaces to find ways in which bad actors could compromise them? If they are not, then they should be.”
Vulnerability scanning – just one vital aspect of Allendevaux’s suite of services – proactively and regularly interrogates IP addresses for ways to illegally exploit them. Its certified experts then prepare a comprehensive cyber security audit report. Some organisations complete the process monthly, others weekly or daily, and some perform vulnerability scanning 24/7.
Allendevaux also provides penetration testing – the next rung up the cyber security ladder and which goes one step further in its assessment of organisations’ vulnerabilities.
“When we find what looks like an open back door in, for example, a provider’s customer portal, we press on it to see if it opens further,” says Allendevaux.
“Then we squeeze through and see how far into an organisation’s systems we can go. We also have penetration testers that are expert in mobile apps, SIP signalling, virtual meeting room services and call centers to name a few. Many companies ask us to perform penetration testing as often as four times a year because that is often the frequency of their service updates or new releases, and they have to be able to demonstrate they’ve done it in order to meet their contractual obligations.”
Customers’ own in-house engineers are provided with an “attack narrative” explaining how testers compromised the system, the tools that were used to do so, and advice on how to deploy better protection.
As well as the comprehensive audit report flagging organisations’ security weaknesses, Allendevaux recommends fixes and provides all territory-relevant statutory compliance certification.
“It’s a really important part of many compliance requirements that senior people within the organisation, even specific board members, receive our reports and acknowledge that they are aware of the overall cyber security posture of the enterprise,” says Allendevaux.
“Our responsibility as an assessor is to score our findings; the enterprise’s responsibility is to respond accordingly. Of course, we are able to help them separately with any subsequent actions or cyber security enhancements they may wish to make.”
So, do you think you and the organisations you serve are all as buttoned-up up possible?
You may want to think about differentiating yourself from your competition by making absolutely sure…
To learn more about how Allendevaux can help your and your customers’ businesses benefit from outsourced professional services expertise, click here.
from UC Today https://ift.tt/hedmJSf
0 Comments