Today, new cyber attacks seem to be occurring daily—never failing to one-up the last and deepen the fear among modern businesses. The biggest cyber scares in recent news involve Equifax and Kaspersky, two major companies that handle extremely sensitive data. The lack of cybersecurity in these two stories is particularly chilling because they bring to the forefront that everything—including personal identity and homeland security—is at risk.
So, how can MSPs step in and provide their clients the assurance that they’re keeping them protected—and how can this be best communicated? As MSPs march bravely into MSSP territory, the right approach to security will prove they can handle the cyber threats that continue to surround their clients’ networks. Let’s take a deeper look into these recent attacks and explore how MSPs and MSSPs can take control of cybersecurity threats such as these.
Cybersecurity Risks in Recent Headlines
Antivirus and spyware software leader, Kaspersky, was recently banned by the U.S. government because its origins in Russia have fueled suspicions about cyberespionage. For a company responsible for the security of so many PCs, tablets and smartphones, the risk attached to this headline is significant.
In addition, the recent Equifax incident—when hackers gained access to sensitive data on 143 million American consumers, including Social Security numbers and driver’s license numbers—demonstrated the largest risk to personally sensitive information in recent years.
According to Continuum’s CISO, Hunter Smith, “We are seeing more and more serious hacks because we are paying more attention now. People are understanding the need to be more diligent. If you don’t realize you’re being hacked, you’re still being hacked. It’s all about identifying and managing vulnerabilities so you can learn, adapt and get stronger.”
In the case of Equifax, the hack happened because proper management and remediation were missing. Criminals gained access to the company’s data by exploiting their open-source software, a vulnerability that could have been better managed.
“The Kaspersky incident is also an exhibit of vendor risk,” added Smith. “Companies like Kaspersky need to be especially aware of physical risks, as well as risks to the reputational integrity of their products. If you know something but do nothing about it, you’ve assumed the risk fully.”
The modern threat landscape is really a dog eat dog world—which means companies need to outrun hackers as best they can. Cyber attackers always go for the easy targets, so even though businesses will always be at risk of being breached, they can employ a security solution that makes it harder for threats to get through—and if they do, recovery can be quick and easy. It’s now the MSP’s job to provide their clients with the tools they need to achieve a higher level of cybersecurity.
Why a Winning Cybersecurity Solution is Comprehensive
After taking a good look at why a big breach—such as the one Equifax experienced—happens, it’s clear that you need to have layered controls in place to help limit damage from an attack of this nature. There needs to be a balance of due diligence (identifying vulnerabilities) and due care (managing vulnerabilities) in order to remain secure. From periodic vulnerability assessments to patching and user management, MSSPs should aim to offer a multi-layered approach to cybersecurity.
Traditionally, MSPs have viewed security as one big issue to tackle, rather than breaking it down into the various layers that comprise security. Ransomware, malware, phishing and other viruses all have different components to them, so preventing each requires a comprehensive approach.
Since security is evolving so quickly, it can be difficult for end-users to effectively absorb the preferred route to cybersecurity. As an MSSP, the way you communicate with your clients is huge. It’s important that they understand real risks without feeling overwhelmed. You can bridge that gap with cybersecurity best practices they can regularly digest and put into practice (with your guidance). People will only be able to adjust their tactics when they fully understand what they’re dealing with, so be sure to keep your clients on the pulse while assuring them that you’re there as their trusted advisor and protector.
In the land of security, there will always be uncertainty tied to cyber attacks that no end-user can completely control. Yet, MSSPs can assume the role as their guide, helping them focus on what they can control through a multi-layered security strategy.
By Lily Teplow
By Lily Teplow
By Brian Downey