Image Above: Nuspire Security Operations Center (SOC) helps provide MSPs and their customers human analytics for threat detection, investigation and response needed.
Each day a new story hits about another massive breach on a large enterprise, but what you don’t hear about are the millions of data breaches that occur in small and medium sized businesses (SMBs).
Even with the daily bombardment of security threats, security concern by most organizations go largely unnoticed, or at a minimum, not responded to. There could be many reasons to explain the apathy towards security. Many customers still feel they are not a target and others still feel they are unlikely to be hit. Many also believe they are not vulnerable because they do not “see” a breach on their network.
Still, the facts ring true; businesses large and small are targets.
According to the National Center for Middle Market, 43% of cyber-attacks are against small businesses. Every month, multiple incidents evade traditional security measures, and customer data is stolen. 53% of businesses have experienced a cyber-attack in the last year. On average, it takes over 206 days to find out. Our customers are under attack, and most are frankly unaware.
As technology providers, customers may turn to us for help and guidance and it’s often after it is too late. Still, there are some things we can do to leverage our position as technology subject matter experts (SMEs) to help protect our customers.
Nuspire has found that over 1/3 of security incidents originate from within the network.This could be due to phishing scams, downloading unapproved software, or even clicking on a malicious link. As service providers, we can provide guidance, training, and policies to help head off security issues before they start. Having a policy that explains where employees can go on the network, what employees can access, and how to handle account creation and decommissioning can stop a whole host of issues and exploits. Providing basic training and best practices can stop the majority of threats to a company and also provides guiderails for employee behavior and productivity that can benefit the organization beyond traditional security concerns (think HR and bandwidth challenges).
The security landscape is a game of attrition. Hackers figure out ways to evade security technology. The industry responds with signatures, bulletins, and new technology to stop this new threat and hackers respond with new ways to get around this new technology, or find brand new threat vectors. In this game of attrition, your customer will always lose. Our technology has set rules, signatures, and procedures to follow. They have people who know how to get around these tools. For example, there is a common security control that will lock you out if your password if it’s input incorrectly three times in five minutes. There are programs that will guess a password twice in five minutes, forever. Or simply, a hacker may send a phishing email to obtain the password from the user, so they don’t even need to guess. Because the bad guys have people on their side, they know the rules, and how to circumvent them. The only plausible way to get a leg up is to also have people playing defense. People that aren’t concerned with signatures, but with what is actually happening on the network. Day after day of incorrect password? A person can pick up that threat. Suspicious activity on an endpoint? A person can find that.
Many companies don’t have the people on staff to assist, but managed service providers (MSP’s) do. They can turn to monitoring software, outsourced security operations centers, and internal experts to provide the people part of the equation to solve this problem.
Even with the best security posture, there will come a time when security resources are needed. No security system is airtight, and even normal events might require a second set of eyes to validate safety of the activity. When that time comes, MSP’s have valuable resources that they may not be able to find elsewhere. However, they don’t have to do this alone. Partnering with a Managed Security Service Provider (MSSP), outsourcing a Security Operations Center (SOC), or simply providing security information event management (SIEM) technologies can provide the customer with the tools and people need to help navigate an indication of compromise.
After discovering a breach, coming up with a plan is too late. Organizations need a documented response plan, a process for threat management, and a procedure for after action reporting and remediation. However, many companies are too tied up in their core business to put these measures in place. An MSP is an ideal resource to help with planning, preparation, and response activities. This also ensures that when the time comes, the MSP is a trusted resource, and a part of the team.
Sometimes the best thing we can do to ignite change is to lead by example. MSPs are often quick to send unencrypted emails, send a username and password in one (unencrypted) email, or share a quick tip to get around common security mechanisms. A security culture needs to start with the MSP. If a customer understands the MSP is always conducting business in the most secure way, it will translate to a culture of security at the customer’s organization.
It’s a fact that customers large and small are targets for data breaches, and there is not much an MSP can do to stop that fact. However, MSPs can help. Educating customers, providing resources, and instituting policies, procedures, and culture of security is the best way to help mitigate cyber security threats for your customers.
If you're interested in learning more about your opportunity to help customers with security offerings, here is a GreatAmerica webinar that I recently participated on as a security expert panelist discussing the "State of Managed Security Services."
 The nationwide survey, released by The Hartford Steam Boiler Inspection and Insurance Co. (HSB)
Dan Hoban serves as the executive vice president and chief strategy officer (CSO) at Nuspire, a state-of-the-science Managed Network Security Services Provider (MSSP) for some of the largest and most distinctive companies around the world. Hoban is a cybersecurity analysist dedicated to security industry research, innovation, education, and advocacy. Hoban has authored and contributed to many organization/industry standards and has been featured in industry-related blogs and articles. He has also been a guest speaker at numerous national industry events. Additionally, Hoban is the President of the Twilight Benefit Foundation, a charitable organization that helps metro-Detroit children with catastrophic illnesses or disabilities.