Why Security as a Service

  • Reduce TCO (Total Cost of Ownership)

    By adopting subscription-based managed service plans

  • Protect Business Data Against Cyber Security Threats
    With latest security solutions including firewall, endpoint and email gateway
  • Resume Business Operation Quickly
    By providing an effective SLA with remote support
  • Focus on Core Business
    By outsourcing IT services to Ricoh, customers can focus on their core business

Frequently Asked Questions (FAQs)

Cyber security is about guarding different systems, networks, computer equipment and data against cyber attacks. Safeguarding cyber security serves three key purposes: maintaining the confidentiality, integrity and availability of data.
With cyber attacks getting more diverse and sophisticated, businesses are now facing growing threats, and conventional cyber defence measures may not be adequate. When hacked, a company may suffer losses because of business interruptions. In case of a ransomeware attack, the data of customers and business partners may be leaked, thus seriously tarnishing the hard-earned reputation of a company. A recent survey found that 31% of businesses were forced to temporarily or permanently suspend operations following a ransomware attack. 

While safeguarding cyber security is about protecting systems, networks, computer equipment and data from cyber attacks, in practice it covers seven areas, according to the Seven Habits of Cyber Security for SMEs published by the Hong Kong Computer Emergency Response Team Coordination Centre.

  1. Security policy and security management

    Companies should establish a cyber security management policy. Employees should be able to work in accordance with the policy. The policy should be reviewed regularly and amended when necessary.

  2. Endpoint security

    One example of endpoint security involves installing security software, such as anti-virus and anti-malware software, to protect staff’s computers and smart mobile devices.

  3. Network security

    Constantly detect data transmissions connected to the internet, properly configure firewalls, and adopt strict authentication standards and Remote Desktop protocols (RDP).

  4. System security

    Boost the security of systems that deal with business operations or provide services. For example, system security and related files should be updated timely, and data stored on servers or in systems should be encrypted.

  5. Security monitoring

    Continuously monitor and analyse the log records in information systems, monitor changes in network traffic, and timely detect suspicious activities so as to minimise losses.

  6. Incident handling

    Prepare in advance emergency plans for responding to different types of cyber security incidents, and regularly back up data and perform data recovery procedures, so as to minimise the impact of cyber attacks as well as business interruptions.

  7. User awareness

    95% of security incidents involve human as a contributing factor. Organisations should provide security awareness training to employees on a regular basis. Drills can also be performed to assess staff’s response to cyber attacks.

Types of cyber attacks Introduction
Ransomware                       The attacker encrypts a company’s computers and computer files with advanced algorithm encryption, forcing the company to pay a ransom for decryption. The attacker also steals the victim company’s confidential data in what is a double extortion.
Infostealer The attacker mainly wants to steal a target company’s confidential information, such as information related to intellectual property technology, financial reports and customer data. Such information will then be sold in the black market or used to blackmail the victim company.
Phishing The attacker sends phishing emails to employees of a target company, luring them to open a malicious link or file. Using the malicious link, the attacker can extract login details of the employees to carry out further attacks. A malicious file, on the other hand, enables the attacker to install malware in the internal network of the target company, such as Trojan horse and ransomware. Having got a better understanding of how the victim company operates, the attacker will launch more precise and deceptive spear phishing attacks or business email compromise attacks, manipulating staff of the victim company to transfer huge amounts of money.
Distributed Denial of Service (DDoS)                                             A botnet manipulated by the attacker bombards the victim company’s server with invalid requests trying to connect to the server. The purpose is to overload the server and exhaust its computing resources, thereby causing suspension of the company’s operation or forcing the it to pay a huge amount of service fee.
Internet of things (IoT) attacks The attacker exploits IoT devise vulnerabilities, such as firmware that has yet to be updated, default factory password, and wrong connection port settings. By performing privilege escalation, the hacker can hack the internal networks of their targets, intercept data transmissions or install malicious software.
  1. Cloud suppliers offer adequate protection

    Under the shared responsibility model, a supplier only provides the basic infrastructure and basic security, whereas the client still needs to protect their own data by dealing with account permissions, API settings and the like, and preventing staff from falling victim to phishing attacks. 

  2. Hackers only target big companies

    Numerous surveys have found that small and medium enterprises (SMEs) are not less vulnerable to cyber attacks than big companies. This is because they are less capable of defending themselves, and hackers tend to attack easier targets. Besides, many SMEs are contractors of big companies, and hackers like to use them as a springboard to hack the latter. 

  3. Open source platforms are safe and reliable

    Many businesses mistakenly believe that open source suites on open source platforms such as GitHub are safe and reliable, and can be used for developing application services. In fact, it has been found that many open source modules have vulnerabilities and there are already hackers who dress up malicious suites as well-known suites, waiting for businesses to download them. 

The technologies used in cyber attacks are getting increasingly complex, with a variety of variants and fileless software that disable signature-based virus detection security technologies. Cyber security solutions that combine artificial intelligence (AI) and machine learning can enhance the accuracy of virus detection and interception, thus minimising false alerts. 

  1. Threat intelligence

    Collect data from threat intelligence databases in different parts of the world and data from media reports and the social media, get hold of information on the latest variants and ways to attack them, and prevent zero day vulnerabilities to minimise losses. 

  2. Behavioural analysis

    Analyse suspicious cyber activities based on users’ behaviours and habits. For example, verify whether a user is the real account holder based on the login location, login time and devices used, and check whether the user’s internet access goes beyond what is permitted by the account, all with a view to keeping intruders at bay. 

When drawing up cyber security rules, businesses can consider the following:

  • Prohibit the use of default factory passwords or weak passwords and use strong passwords and multi-factor authentication (MFA)
  • Adopt strict account management privileges or permissions
  • Keep all hardware and software systems up-to-date
  • Use VPN connection
  • Monitor open ports on the internet and configurations
  • Use sandbox tools or isolation techniques to analyse suspicious files
  • Provide security awareness training for employees
A managed security service provider (MSSP) is tasked with monitoring and managing a business' security equipment and systems. Common services include security operation centre, managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services. According to a survey conducted recently by market researcher Gartner, about 24% of interviewed businesses tended to leave the task of maintaining cyber security to MSSPs. The advantage of doing so is that with minimal preliminary investment, companies can quickly intercept hackers’ attempts by virtue of the advanced technology and the latest threat intelligence of an MSSP. Currently, companies around the world are facing a dearth of cyber security specialists. Security experts of MSSPs have professional qualifications such as CCNA, CISP, CCSA, MCSE and CITP. They are able to help businesses take care of complex settings such as secure network connection, login permissions, and traffic distinction and control. They can also help identify potential vulnerabilities and fundamentally solve network security problems, making sure companies have round-the-clock protection and support, and helping them lower the total cost of ownership.

 

Ricoh Security as a Service Offering

  • Cyber Security Suite

    Cyber security suite is an adaptive security platform that protects organizations from imminent endpoint threats such as ransomware, phishing, or malware.

    More

  • Monitoring Dashboard & Reporting

    Security Operations Center provides 24/7 security event monitoring, proactively identifies and resolves any security issues before they impact on your business.

    More

  • Cloud Applications – Smart Backup Service

    Smart Backup Service provides you with the flexibility in managing your on-site and off-site backup with the industry leading solutions and cloud-based services

    More

  • Professional Service Support

    Consolidating your IT monitoring and management to Ricoh Professional Service Support will give your IT team a peace of mind with a single point of contact, 24/7 support.

    More

Cyber Security Suite

Our cyber security suite is an adaptive security platform that protects organizations from the most imminent endpoint threats such as ransomware, phishing, or malware - across networks, endpoints, cloud and mobile, backed by our team of security specialists.

Endpoint Security

Endpoint security plays a critical role in enabling remote workforce. With 70% of cyberattacks starting on the endpoint, companies need a total solution that can overcome all potential threats, provide automatic protection and detection, and respond to known and unknown attacks that target their endpoints.



Key Features
  • Block phishing & spam emails
  • Block malicious attachments before they reach users’ mailboxes, without impacting user productivity
  • Protect against malicious URLs with URL filtering
  • Prevent credential theft with zero-day phishing technology that identifies and blocks the use of phishing site in real-time
  • Meet regulatory compliance with advanced data leak prevention (DLP)
  • Gain runtime protection against ransomware, malware, and file-less attacks


Network Security

Network Security is vital in protecting business data, ensuring reliable access and network performance as well as protection from cyber threats. A well designed network security solution reduces overhead expenses and safeguards organizations from costly losses that occur from a data breach or other security incident. With our network security solution, you may simplify your network security with a unified approach to protect your on-premises, public and private cloud environments.



Key Features
  • Next Generation Firewall
  • Network Anti-Malware
  • Application Control & URL Filtering
  • Intrusion Prevention Systems
  • Anti-Bot
  • Anti-SPAM
  • Block Unknown Threats


Email Security

94%* of malware is delivered via email. Since email attacks usually involve the human factor, your Office 365 and G Suite environments are your organization’s weakest spot. Closing this security gap requires protections from threat vectors such as phishing, malware, data theft and account takeover.

With our email security solution, you will get a complete email protection that is constantly adapting to the ever-changing threat landscape.

* Top cybersecurity facts, figures and statistics



Key Features
  • Anti-phishing: Block the most sophisticated phishing attacks such as impersonation and Business Email Compromise (BEC)
  • Malware protection
  • Meet regulatory compliance with advanced data leak prevention (DLP)
  • Prevent account takeover


Mobile Security

With remote workers constantly accessing corporate data, companies are looking for a solution to keep their data protected, easily managed and without causing any disruption to their employees performance and productivity. Our mobile security solution is designed to keep business data safe by securing the mobile devices of employees across potential threats from the network, applications, and devices.



Key Features
  • Prevent malicious app downloads
  • Prevent phishing across all apps
  • Safe browsing: Block access to malicious sites from any web browser
  • Conditional access: Block infected devices from accessing corporate apps
  • OS and device protection: Detect jailbreaks and rooting exploits
  • Wi-Fi network security: Detect malicious network behavior


Monitoring Dashboard & Reporting

With the growing demand of hybrid working, Security Operations Center is designed to facilitate Smart Workplace as a one-stop-shop featuring advanced cybersecurity, offering security workshops, design & construction validation, assessment & analysis of current threats to our customers.

Our team provides 24/7 security event monitoring, proactively identifies and resolves any security issues before they impact on your business.

 

Incident Response Escalation

  • 1. Data Collection

    Agreed event logs are being collected and sent to SOC

  • 2. Analysis and monitor

    Event logs are normalized and closely monitored

  • 3. Detection

    Alert will be triggered once reach certain level of risk score

  • 4. Response

    Incident handling or will be activated


Cloud Application - Smart backup service

Every business needs a backup solution as part of an effective data storage and disaster recovery plan. Ricoh's Smart Backup Service provides you with the flexibility in managing your on-site and off-site backup with the industry leading solutions and cloud-based services. Our team of security specialists will cover the works of hardware upgrades, cloud provisioning and software maintenance, while protecting your company files, databases, applications and systems from security threats, all at an affordable and fixed monthly rate.



Key Features
  • All-in-one backup appliance
  • Support for physical and virtual machines
  • Network health check
  • Active protection from ransomware
  • Remote restore and data recovery
  • Incremental and differential backup


Professional Service Support

Keeping up with the growing IT demands can be both challenging and time-consuming. Hence many organizations find their IT to be reactive rather than proactive, and are always struggle with limited IT resources.

Consolidating your IT monitoring and management to Ricoh Professional Service Support will give your IT team a peace of mind with a single point of contact, 24/7 support, and free up in-house staff to focus on their core objectives.


Professional Services Support - Why Ricoh

  • Well-established partnership

    We partner with the world's leading technology brands.

  • Industry qualified

    Multi-skilled consultants, i.e. CCNA, CISP, CCSA, MCSE, CITP.

  • Experienced team

    200K calls handled a year, 500+managed servers, 200+ professional technicians, One single point of contact.

  • ISO certified

    Equipped with ISO 14001 and ISO 27001.

  • Proven track records

    Extensive experience from Corporate to Public Sector and Education.

  • Specialized services

    Experienced in design, configuration and installation of LAN, VOIP, Network Security and Wireless Projects.