Accounting Firms Increase Their Presence in the Managed Cybersecurity Services Market
Ami Rojkes Dombe
| 25/11/2018
BDO Israel's SOC team (Photo: Ami Rojkes Dombe)
In recent years, large accounting and advisory firms have expanded their service portfolio to include cybersecurity. This international trend is as evident in Israel as it is in all major markets around the world. While leading firms such as PwC began to offer risk management services for the computer systems back in the 1990s, they were not ‘cyber services’ in the way they are defined today. The real transition took place more recently as the large accounting firms set up Security Operations Centers ("SOCs") with dedicated professional and technical services for monitoring, cyber defense services, and related consulting.
“Accounting and advisory firms have some advantages over ‘pure-play’ cyber service companies,” explains Ophir Zilbiger, partner and director of BDO Israel's cyber defense center. Zilbiger is a leader in this field in Israel, and the former owner of Secoz Ltd., which was sold to BDO two years ago. “An accounting firm already has a deep understanding of the client's business because of the accounting and auditing services it provides. Trust with the client already exists, and this is an essential part of providing cybersecurity services,” he says.
“Another advantage is our firm's global presence. BDO operates in more than 160 countries worldwide through local branch offices. From a practical perspective, it is virtually impossible to develop a business remotely in a country without a local office, and we find that the operations of the local office can solve that problem. So, we avoid the need to manage a local ‘facilitator’ or partner which can be a process that complicates the internationalization of the operations for Israeli companies.”
Game Changer
The acquisition of Secoz turned BDO into a Managed Security Service Provider (“MSSP”), providing cyber consulting, risk management, and cybersecurity operations services as a SOC provider. Among other things, the SOC provides services to clients in Europe, Australia, and Israel. “We are in the process of setting up two more situation rooms abroad under the BDO brand, which will mirror what we have built in Israel. BDO Global personnel are now studying what we have already established here, including systems and methodologies, and they will duplicate this for two more continents. If you want to compete with global MSSPs, you need a number of SOCs located around the world,” says Zilbiger.
The development of BDO's cyber activities is part of a more significant move to transform the Firm into a service provider, in a variety of areas. Accounting, risk management, and cyber services are just part of the package. From the moment that we define ourselves as a service company, there is no reason not to enter other service areas as well. “The cyber services market is facing pressure to consolidate,” Zilbiger adds. “It is difficult to establish a technological services company that only focuses on the Israeli market, so the backing of an international company is required to provide international reach. The entry of the largest accounting firms into the cyber services space is, therefore, a game-changer.”
BDO's expansion into cyberspace requires the Firm to engage with startups and recently commercialized technology if it is to maintain its technological leadership. A tour of BDO's SOC reveals the use of a number of innovative technologies and solutions. Along with network monitoring and recognition of cyber events, which are at the core of startup companies, BDO's SOC managers have written scripts that allow automated event detection and processing.
Market Consolidation
“We monitor large client networks,” says Dori Fisher, Head of the Firm's Managed Cyber Services. “These networks record many events, most of which are legitimate and do not flag a cyber incident. A SOC is only as good as the incoming alerts and the processes that handle them. So if the client infrastructure does not report properly, and/or their monitoring systems fail, then the SOC is not receiving the information to work with".
“Today,” Fisher continues, “there is no universal measure of SOC service standards that can be applied, so we are committed to meeting standards set by BDO clients. Hence, we calibrated the system from the outset to reduce false alarms in the SOC, because large and multi-national companies cannot tolerate a volume of false alarms that interfere with their normal business operations.”
What happens when a possible cyber event is detected? “When we become suspicious, we inform the client and begin an in-house investigation,” explains Dori. “The SOC's expert analysts work across all findings to form a picture of the event. We share this picture with the client, and together we then decide how to proceed. Clients do not allow us to intervene in their processes, and we do not want access that may lead BDO to become a potential point of failure. After the discovery and identification phase, we issue the appropriate warning and together try to solve the problem remotely. To this point, we have not had an incident that required the deployment of an on-site response team. We have managed to solve all events remotely.”
Zilbiger explains that if a response team is required in any specific country, it will be formed with the help of the local BDO office and will provide services to clients under the guidance of the SOC. “The international deployment simplifies response to cyber events that cannot be solved remotely, but to date, we have not encountered such an event,” he says.
There is no doubt that BDO's move in cyberspace, as well as that of other accounting firms in Israel, marks a significant change in the field of cyber services and technological services in general. The combined attributes of a ‘trusted’ partner with international coverage and strong financial foundations, which is not reliant only on the cybersecurity market and has many long-established client relationships, provides an advantage over ‘pure’ cyber service companies which are focused solely on consulting or providing MSSP services. If this trend continues, it is possible that the market forces will pave the way for accounting firms to capture a larger portion of the managed cybersecurity services market in Israel and around the globe.
BDO Israel's SOC team (Photo: Ami Rojkes Dombe)
In recent years, large accounting and advisory firms have expanded their service portfolio to include cybersecurity. This international trend is as evident in Israel as it is in all major markets around the world. While leading firms such as PwC began to offer risk management services for the computer systems back in the 1990s, they were not ‘cyber services’ in the way they are defined today. The real transition took place more recently as the large accounting firms set up Security Operations Centers ("SOCs") with dedicated professional and technical services for monitoring, cyber defense services, and related consulting.
“Accounting and advisory firms have some advantages over ‘pure-play’ cyber service companies,” explains Ophir Zilbiger, partner and director of BDO Israel's cyber defense center. Zilbiger is a leader in this field in Israel, and the former owner of Secoz Ltd., which was sold to BDO two years ago. “An accounting firm already has a deep understanding of the client's business because of the accounting and auditing services it provides. Trust with the client already exists, and this is an essential part of providing cybersecurity services,” he says.
“Another advantage is our firm's global presence. BDO operates in more than 160 countries worldwide through local branch offices. From a practical perspective, it is virtually impossible to develop a business remotely in a country without a local office, and we find that the operations of the local office can solve that problem. So, we avoid the need to manage a local ‘facilitator’ or partner which can be a process that complicates the internationalization of the operations for Israeli companies.”
Game Changer
The acquisition of Secoz turned BDO into a Managed Security Service Provider (“MSSP”), providing cyber consulting, risk management, and cybersecurity operations services as a SOC provider. Among other things, the SOC provides services to clients in Europe, Australia, and Israel. “We are in the process of setting up two more situation rooms abroad under the BDO brand, which will mirror what we have built in Israel. BDO Global personnel are now studying what we have already established here, including systems and methodologies, and they will duplicate this for two more continents. If you want to compete with global MSSPs, you need a number of SOCs located around the world,” says Zilbiger.
The development of BDO's cyber activities is part of a more significant move to transform the Firm into a service provider, in a variety of areas. Accounting, risk management, and cyber services are just part of the package. From the moment that we define ourselves as a service company, there is no reason not to enter other service areas as well. “The cyber services market is facing pressure to consolidate,” Zilbiger adds. “It is difficult to establish a technological services company that only focuses on the Israeli market, so the backing of an international company is required to provide international reach. The entry of the largest accounting firms into the cyber services space is, therefore, a game-changer.”
BDO's expansion into cyberspace requires the Firm to engage with startups and recently commercialized technology if it is to maintain its technological leadership. A tour of BDO's SOC reveals the use of a number of innovative technologies and solutions. Along with network monitoring and recognition of cyber events, which are at the core of startup companies, BDO's SOC managers have written scripts that allow automated event detection and processing.
Market Consolidation
“We monitor large client networks,” says Dori Fisher, Head of the Firm's Managed Cyber Services. “These networks record many events, most of which are legitimate and do not flag a cyber incident. A SOC is only as good as the incoming alerts and the processes that handle them. So if the client infrastructure does not report properly, and/or their monitoring systems fail, then the SOC is not receiving the information to work with".
“Today,” Fisher continues, “there is no universal measure of SOC service standards that can be applied, so we are committed to meeting standards set by BDO clients. Hence, we calibrated the system from the outset to reduce false alarms in the SOC, because large and multi-national companies cannot tolerate a volume of false alarms that interfere with their normal business operations.”
What happens when a possible cyber event is detected? “When we become suspicious, we inform the client and begin an in-house investigation,” explains Dori. “The SOC's expert analysts work across all findings to form a picture of the event. We share this picture with the client, and together we then decide how to proceed. Clients do not allow us to intervene in their processes, and we do not want access that may lead BDO to become a potential point of failure. After the discovery and identification phase, we issue the appropriate warning and together try to solve the problem remotely. To this point, we have not had an incident that required the deployment of an on-site response team. We have managed to solve all events remotely.”
Zilbiger explains that if a response team is required in any specific country, it will be formed with the help of the local BDO office and will provide services to clients under the guidance of the SOC. “The international deployment simplifies response to cyber events that cannot be solved remotely, but to date, we have not encountered such an event,” he says.
There is no doubt that BDO's move in cyberspace, as well as that of other accounting firms in Israel, marks a significant change in the field of cyber services and technological services in general. The combined attributes of a ‘trusted’ partner with international coverage and strong financial foundations, which is not reliant only on the cybersecurity market and has many long-established client relationships, provides an advantage over ‘pure’ cyber service companies which are focused solely on consulting or providing MSSP services. If this trend continues, it is possible that the market forces will pave the way for accounting firms to capture a larger portion of the managed cybersecurity services market in Israel and around the globe.
