AC3 has launched a dedicated security practice in Australia, tasking a former Reserve Bank of Australia and IBM cyber specialist with running local operations.
Established under the business line of Cyber Security, the managed services provider (MSP) will bring security capabilities under one roof, including perimeter, network and application technologies, alongside end point and platform protection.
To support this initiative, Vlad Vyshnivetskyy has been appointed as program lead for the division, bringing over 20 years of IT experience to the role following stints at Reserve Bank of Australia, IBM, IPAC Securities and AXA.
Having dedicated the past eight years to cyber security specifically, Vyshnivetskyy is currently in the process of hiring new resources, as well as rearranging existing personnel into the team.
“We’ve seen demand from the market for more advanced security solutions and establishing a dedicated practice will ensure that we’re not only meeting this demand, but exceeding it,” AC3 CEO Simon Xistouris told ARN.
“We’ve been delivering cyber security solutions for years, however the landscape in this area has changed.
“Therefore, we felt it was important that we carve out these services into a dedicated practice and commit the time and resources to help our customers protect their businesses from advanced threats.”
According to Xistouris, AC3 already provides a mature offering based on traditional platform security services, bolstered further by an established and governance, risk and compliance framework used for the delivery of services.
Specifically, the Sydney-based business has held ISO27001 certification since 2006 and more recently obtained ISO9001 certification.
“We have kick-started the practice by clearly defining the existing security services we offer today and we intend on quickly moving onto providing more advanced solutions in phase two of our plan,” Xistouris added.
From a technology perspective, the government specialist provider will leverage both new and existing vendors to deliver security expertise, including partnerships with VMware, F5 Networks, Palo Alto Networks, Cisco, Trend Micro and Zscaler.
“As our practice grows, we fully expect to keep adding new products in both the traditional and advance areas of cyber security,” Xistouris added. “These include technology areas like security information and event management (SIEM), artificial intelligence and machine learning.”
Servicing a lucrative market
AC3’s decision to streamline security efforts follows news that worldwide spending on security-related hardware, software, and services is forecast to reach US$119.9 billion by 2021.
Triggered by new threats, increased regulations and digital investments, IDC findings highlight that spending is expected to achieve a compound annual growth rate (CAGR) of 9.6 per cent over the 2016-2021 forecast period.
As reported by ARN, worldwide spending on security products and services will total US$83.5 billion in 2017, an increase of 10.3 per cent over 2016.
From a channel perspective, more than 80 per cent of security spending in 2017 will go to services and software.
Services spending will be led by two of the largest technology categories – managed security services (US$15.25 billion) and integration services (US$12.5 billion).
“Given that the only constant is change, it is impossible to say that any existing level of protection is enough,” Xistouris observed.
“You can implement the newest and most sophisticated cyber security technology solution today but you may fall victim of social engineering tomorrow, or the newest vector of cyber attack. Therefore cyber and information security is a never-ending effort.”
Meanwhile, software spending will be focused on three categories – endpoint security, identity and access management, and security and vulnerability management – that will make up more than 75 per cent of the software total this year.
In addition to being the two largest technology categories, managed security services and network security will also be the fastest growing categories until 2021, increasing by 14.3 per cent and 11.4 per cent respectively.
“There are security challenges across every area of a modern business,” Xistouris added. “Businesses have to constantly review their cyber security measures, as the threats are ever evolving; machine learning, artificial intelligence, file-less attacks, modular virus kits, signature-less attacks.
“If a business does not consider such technologies today, that business may not exist tomorrow.”
Changing threat landscape
Delving deeper, Xistouris said that traditional threats such as viruses, malware, ransomware, espionage continue to remain present, showing “no signs” that they will go away in the near future.
“Big data and ever increasing volumes of information to store and to protect, often supported by a hybrid IT model presents a new set of security challenges,” he added.
“The Internet of Things has also contributed to the massive data volumes and the need to protect those end points is becoming more and more crucial.”
Today, cyber security represents big business for hackers, with activities advancing rapidly into business-like operational models, backed by R&D, management, delivery resources, employable software kits and compute botnets.
“There are no individual ‘bad guys’ anymore – we now face sophisticated and complex organisations,” Xistouris explained.
Specific to the customer, Xistouris cited Shadow IT as another key challenge facing organisations today within the context of security, as users side-step the CIO in search of innovation.
“It is becoming easier and easier for end-users to consume online IT services, bypassing their IT department,” Xistouris said. “While there are big benefits for a business in being able to be agile when it comes to consuming a promising new technology, it can also create challenges if enterprise architecture and security are overlooked.
“But most importantly, modern society and developed economies have a heavier reliance on information technology which is vulnerable to cyber threats by definition.
“Our everyday digital, internet and online footprint is only getting bigger, meaning that cyber attacks and therefore cyber security is here to stay.”
Locally speaking, and in examining both the public and private sector landscapes across Australia, Xistouris believes positive steps are being taken by the industry to raise awareness around cyber security.
“This is an area where there is always room for improvement,” he added. “Ongoing government initiatives and cyber security strategies at the state and federal levels are very timely and welcomed measures.
“The notifiable data breach bill sends a very strong message to the Australian businesses community and impacts even those business owners and CEOs who didn’t have cyber security in their sight before. This is definitely a very positive sign.”
Looking ahead, Xistouris said key priorities involved completing phase one of an internal roadmap, which consists of establishing a security practice and recalibrating resources and services into this dedicated team.
“We want to continue to deliver the traditional managed security services we offer today but also extend these into technology pockets that we believe are a natural progression for us,” he added.
“We will then move into providing complementary advanced services that will involve broadening our portfolio and service offering.”