I can recall back in 2016, as a senior advisor working for one of the largest dealer channels in the office imaging and print industries, I became a student and researcher of cybersecurity. All major news outlets were reporting catastrophic data breaches of some of the largest brands in the market, seemingly every day. Ransomware (though still in its infancy) began proliferating across all business segments. From SMBs to global healthcare organizations, everyone became hostages of what seemed to be an endless parade of hacking groups—many of whom evolved as poorly compensated nation state hackers.
I began looking around my industry and realized that, to all the major OEMs, security was relegated to protecting multifunctional devices and printers and the output that they produced. Being that this has been some of the low hanging fruit for malicious actors looking for a way into a company’s network, it was perceived to be sufficient. Secure enterprise content management solutions also began to dominate the software portfolios of the manufacturers and dealers as the paradigm shift of secure collaboration and sharing began its accent as a business practice standard.
Then the unprecedented marketing coup by HP’s Wolf campaign began turning the heads of OEM CEOs and consumers alike—and so the race was on. Behind closed doors and in board meetings, discussions of how each one was going to make a play in the industry to be recognized as a trusted supplier who would make a commitment to help their customers secure their businesses began. Companies like Konica Minolta and Ricoh acquired IT integrators (All Covered and MindShift, respectively) and they began to expand beyond merely offering IT infrastructure support into managed security .
Every manufacturer ratcheted up the security capabilities of their devices with technology that could perform security checks at start up and validate that no security policies, certificates, or embedded apps were changed since the last good state of operations. Some even developed healing technology so that even if changes were detected, the device would automatically correct the breach and notify administrators of the event.
I began to see that all players’ websites began touting security services such as vulnerability assessments, penetration testing, endpoint protection and secure and encrypted ECM solutions as the cloud revolution was rapidly becoming the next frontier that OEMs would have to reconcile, especially at a time when the myths of faulty security in the cloud persisted.
So here we are in one of the most precarious times in our generation in a pandemic that has a chokehold on “business as usual” and the OEM giants are struggling to diversify in the face of adversity. In terms of security, the mission is changing yet again. With distributed workforces and work from home environments creating a whole new attack vector for cybercriminals, the demand for more advanced and more offensive security services is on the rise.
Alliances and acquisitions with major cybersecurity service providers are happening everywhere. In 2018, HP partnered with Aon, who not only offers advanced threat mitigation services, but even cybersecurity and data breach insurance with a $0 retainer and master services agreement.
"Combining Aon's deep cybersecurity capabilities and risk management solutions with HP's world-class security features and device management capabilities through HP DaaS further enhances our ability to meet changing customer needs,” says John Bruno, Aon COO.
Around the same time, Canon Solutions America built out a five pillar security strategy that includes an alliance with Agile Cybersecurity Solutions (ACS) out of Washington, DC—a group of ex-DoD and intelligence agency cyber practitioners that have assisted with resolving some of the largest government and private sector data breaches to date from the likes for the pentagon and the US Department of Homeland Security.
Carlos Fernandes, CEO of ACS, shares a unique perspective by saying “After over 30 years of focusing on the cybersecurity problem, it has become clear that we need fewer fancy solutions and more disciplined focus on the fundamentals. Among these is the philosophy and psychology of cybersecurity...When it comes to understanding the motivations of the advanced and persistent threats of cyberspace, they are no more or no less than the digital version of our physical world.”
Just recently, Konica Minolta announced the acquisition of Depth Security, serving as an extension of its IT services group, All Covered. “At Depth Security, we have helped clients improve their cybersecurity postures through the discovery of critical security flaws within infrastructure and applications. We are currently faced with growing market demand for our security expertise,” said Gene Abramov, CEO, Depth Security.”
The game is changing from a defensive strategy to a more offensive strategy. Our US Cyber Command organization has been moving in this direction for the last few years and (finally) our industry is now a sleeping giant no more. These three services providers maintain core competencies in advanced services, such as incident response, threat hunting, virtual CISO, cyber forensics, strategy, and security framework development. This can give businesses of all sizes and industries a fighting chance against a voracious and persistent cyber-criminal network.