MSP Blog Logo


Business Growth


Help Desk



Sales & Marketing


Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

Putting the S in MSSP Part 3: Examining the Lifecycle of a Cyber Attack

Posted June 14, 2017by Meaghan Moraes

Putting the S in MSSP Part 3: Examining the Lifecycle of a Cyber Attack

Putting the S in MSSP” is a weekly blog series that aims to set up MSPs to succeed as managed security services providers (MSSPs) by offering the insights and recommendations you need to profit from this new and important line of business. Throughout this six-part series, you’ll learn how to become a comprehensive MSSP who can secure small- and medium-sized businesses (SMBs) with the tools needed to tread the modern threat landscape without fear.

In the first part of this series, we offered tips on how to begin defining and deploying the three pillars of cybersecurity. In part two, we went on to talk about the three major pitfalls of managing multiple security vendors. In this post, we will examine the lifecycle of a cyber attack, providing insight on how to devise a solid remediation plan and manage vulnerabilities.

What You Don’t Know Can Hurt You

Today, many SMBs don’t understand how the threat landscape is evolving, what types of threats are out there and, most importantly, how to combat them. Cyber attacks keep slipping through the cracks due to inadequate training and education. In fact, 47 percent of SMBs do not have employee security awareness and training programs in place, causing 42 percent of SMB employees to not know what to do if their business experiences a cyber attack. This leaves businesses dangerously vulnerable, especially with ransomware rampantly on the rise and virtually every device now hackable. All it takes is one wrong click.

What happens next? That curious click on a phishing email unleashes the ransomware, which then locks down the employee’s files. Then, if not properly secured, it spreads to other desktops and servers on the network. What’s more, your valuable data will be encrypted until the ransom is paid, and possibly marked for deletion—with portions of your business data deleted permanently. Without vigilant vulnerability management, an entire business could shut down in a matter of hours.


A Plan for Remediation

To survive an attack such as this, it’s crucial that businesses prepare for threats in accordance with their requirements, risk tolerance and resources. MSPs should encourage their clients to create a roadmap for reducing cybersecurity risk that is well aligned with organizational and sector goals, considers legal/regulatory requirements and industry best practices and reflects risk management priorities.

The image below, from the NIST Framework for Improving Critical Infrastructure Cybersecurity, demonstrates an effective framework for meeting cybersecurity risk management objectives across an organization.

As you can see, this remediation plan flows down from the senior executive level to process and operations, as priorities inform framework profiles and drive the progress of vulnerability management implementation. When all parties remain aligned and can proactively adapt to changes in the threat landscape, the organization will be able to remain vigilant and manage risk. This approach to risk planning allows an organization to determine the activities that are most important to critical service delivery. Also, it enables them to prioritize expenditures to maximize the impact of the investment—which is particularly useful for SMBs.

It is important to note that no matter how well prepared for a cyber attack a business may be, cyber attacks are likely to slip through. It’s simply the nature of today’s threat landscape. However, you can properly outline a plan of attack, isolation and remediation with the following three tips:

  1. Directly after the infection is detected, disconnect from the network and stop backing data up immediately. This will stop the malicious software from overwriting clean backups with infected files.
  2. Remove the ransomware and clean computers of malicious software. If you have a good restore, remove all traces of ransomware using antivirus software or an appropriate malware remover. This way, you are effectively forfeiting your ability to unlock files by paying the ransom.
  3. Restore from the most recent clean backup.

Achieving Business as Usual

True vulnerability management enables businesses to withstand the inevitable cyber attacks that threaten their profitability. As an MSP working to offer true security to your clients, your only scalable option is a comprehensive approach to protecting your end users’ businesses, using the ability to quickly detect, prioritize, remediate and report on every cyber attack in order to avoid disaster. With a well thought out cybersecurity framework fit to the organization’s needs and multiple layers of defense, an attack doesn’t have to be disastrous. Following the aforementioned tips will help your clients achieve business as usual: no ransom paid, no files lost and no extended downtime.

Come back next week to take this knowledge a step further by uncovering the most effective ways to speak to your clients about the topic of cybersecurity.

Handpicked for you:

Download Cyber Security Sales Success Kit 2018

Meaghan Moraes is Continuum's Blog & Social Media Manager, managing the MSPblog and Continuum's social platforms. With several years of inbound and content marketing, B2B tech marketing and corporate social media management experience, Meaghan specializes in engaging and nurturing audiences with strategic and creative digital content. In her spare time, she enjoys writing poetry, playing the piano, boxing, and exploring Boston’s best restaurants.

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus