With the opening of companies’ IS to the outside world and the ever-increasing adoption of SaaS and the cloud, cybercrime has exploded and entered the industrial age. Thus, for four or five years, and even more since the pandemic, cyber attacks have multiplied. According to the UN, the global cost of cybercrime is around $ 5.2 trillion per year between 2020 and 2025.
Faced with this scourge, companies are forced to erect more and more ramparts to protect themselves. And if antivirus and antimalware have long been sufficient to fight against cyber attacks, they no longer meet the characteristics of new attacks. “For great ills, great remedies”, a new generation antidote is now needed: Endpoint Detection and Response or EDR. Placed on terminals (PCs or servers), and not on networks, these tools analyze the actions of equipment and detect behavior anomalies.
Internal resources adequate for technological tools
If on paper, EDR seems to be a convincing technology to block any attack occurring on information systems and on data hacking, the reality is quite different. Indeed, acquiring the solution is not enough, it is still necessary to know how to administer and use it for it to be effective. This is where the shoe pinches because the complexity of this type of solution requires specific skills that are currently lacking.
In this scarcity market where supply and demand are driving up the salary expectations of experts, only large accounts are able to align themselves to afford these experts. As a result, SMEs acquire EDRs without having the means to manage them and use all their functionalities, leaving cybercriminals with loopholes into which they can easily enter.
Setting up a contract does not go hand in hand with putting the equipment back into operation.
In such a context, SMEs therefore have every interest in subscribing to a SaaS solution and leaving the administration and operation to a specialized service provider. To meet these new challenges, more and more integrators are developing service offers around EDR.
But before signing a contract the company must assess several points. Thus, she must look at the service provider’s level of response to avoid any disillusion. Indeed, by signing this type of contract, the company very often thinks that not only its IS is protected against all cyber attacks but also, that in the event of malicious intent, it will be quickly repaired.
However, contracts generally only include the detection of piracy. But in the event that the attack generates too much damage, the service provider does not ensure that the equipment is put back into operation. A disappointment for the customer but which is perfectly justified in view of certain damages which require days, even weeks of work to be repaired. A service provider cannot therefore enter into a contract for the return to service of a system.
Another point of vigilance: certification. Any EDR solution requires not only skills but also regular upgrading, as functionality is constantly evolving. It is therefore strongly recommended to rely on certified service providers because they are constantly trained by the publishers they represent. Third point: choose a service provider specializing in a few technologies rather than a wide range, because acquiring expertise in increasingly complex technologies takes time.
At a time when cyberattacks have become a scourge that can endanger health systems, States, businesses, communities, managers of public goods (water, energy, etc.), it is time to establishes a real communication between all these actors so that they can exchange and share their experiences, knowledge and good practices of cyber defense.
For effective cybersecurity, you need to be one step ahead of your opponents!