Changes in work practices, the emergence of new communication channels, and the accumulation of a huge number of electronic documents caused an increase in information security incidents. It is difficult for companies to control how employees handle information and how it is stored. Special software is expensive, and good IS specialists are hard to find. WatchfulEyes was created to help companies provide security without facing these issues. Ruben Theva, WatchfulEyes‘ co-founder speaks to us about the unique managed security service provider on the Malaysian market.
Could you share with us a bit of WatchfulEyes background? How did you come up with the idea to set up a new company focusing on managed services?
WatchfulEyes is a managed security service provider (MSSP) focused on internal threat protection. The idea behind opening such a company is simple: the demand for managed security services is high and constantly growing, yet the supply on the Malaysian market did not exist/was not there. We are the pioneers of MSSS in the field of Insider Threat Management (DLP as a service) and it is very inspiring.
Internal risks are underestimated, and clients face the rapid growth of such information security incidents as accidental data leakages, unauthorized access, corporate fraud, document forgery, secondary employment, etc. Above mentioned activities cause financial losses and reputation damage to organizations. Furthermore, companies that deal with personal data need to comply with the Personal Data Protection Act 2010 (PDPA) and Personal Data Protection Standard 2015, numerous industries do require higher standards of data protection. Moreover, ISO and other certification standards require DLP while companies and industries are not always ready to buy, host, update, maintain and support it on their own.
There are several ways in which companies can deal with these risks, but everything depends on its size and resources. Large enterprises may implement a state-of-the-art data security solution: DLP, data classification, access rights audit systems and risk management solutions.
For small and middle-sized companies the primary way to protect would be such services’ outsourcing, here I mean MSS. Working in the ICT market we see lots of services that help to fight hacker attacks, malware, phishing and no services to face internal threats. That’s why we have set up WatchfulEyes.
Why do you think service is the primary way for SMEs to ensure security?
The analog is an in-house security service, which implies the purchase of security software, the hardware necessary to host it and the hiring of information security specialists. Not only is there a great shortage of such specialists on the market, but the shortage of supply also naturally raises the cost of such employees.
So, a lot of small and medium-sized enterprises would like to implement solutions to manage internal security risks but they often don’t have human or financial resources for such deployment.
In most companies, the MSS costs will not just be recouped but turn a profit due to fraud prevention, business process optimization and other business risk elimination. Creating an InfoSec department from scratch costs a fortune and the service requires only a modest monthly payment.
How does your service work?
Customers only need to express their interest in securing their business, and we take care of the rest. We will provide the software, deploy it on-prem or in the cloud, and configure all necessary security policies. Then, our analyst will provide day-by-day monitoring, and regular and emergency reports ensuring business and data protection 24/7 regardless if the employees work from the office or remotely.
An attractive feature of our service is a one-month free trial. Remarkably, around 86% of customers choose to continue a partnership with us after the trial period.
What are the most frequent real-life cases you see as MSSP?
The most common information security incidents related to employee actions can be divided into three groups. First is data leakages which include leaks of personal data, client databases, and trade secrets. Our statistics show that almost 100% of companies have room for significant improvement in security policies. We quickly reveal all “weak points” and provide recommendations on how to eliminate them.
The second group of incidents is corporate fraud. Unfortunately, companies face this problem, and our service helps to identify it. For example, facts when an employee colludes with a counterparty.
The third type of incident is not related to security, but rather to business performance. Since our service allows us to monitor user activity, we can give reports on whether employees are evenly loaded (someone may be underloaded, and someone may be at the brink of burnout), see the processes in which they are engaged, make better decisions on employee promotion, etc.
How can a potential client get the free trial you were talking about?
As I mentioned before, for the first month the service is free. In such a way we show confidence in the service and allow the customer to feel its value. To explore our managed security service at no cost, please reach out to us via the following contact information:
+603-7931-9471 / +603-7931-8471
