MSPs face a multitude of challenges when it comes to cybersecurity today: more advanced threats, security tools that have become complex and difficult to manage and hiring and retaining cyber talent.
There are no easy answers to any of them, but help is available and now’s the time to start treating cybersecurity with the importance it deserves to best protect your company and customers, according to Todd Thibodeaux, CompTIA CEO, and Scott Barlow, vice president, global MSP, for Sophos, during a State of the Industry address at the CompTIA EMEA Member & Partner Conference in London.
Unfortunately, many MSPs aren’t where they need to be regarding their cyber prowess, Barlow said. “It varies significantly. I talk to partners who are still using free antivirus on healthcare customers. It blows my mind.”
Challenges from All Directions
Sophos completed a study of more than 3,000 businesses and found the No. 1 way companies got breached was through exploited vulnerabilities—which could have been prevented by simple patching/updating of systems and applications, Barlow said. “The second biggest reason was compromised credentials. How do you fix that? Just change your password, and add multifactor authentication. In other words, they’re not breaking in. They’re logging in. When you think of that, it’s scary.”
Thibodeaux asked Barlow if smaller MSPs are at more risk than larger companies because they don’t have the same expertise or resources to defend properly, Barlow said it wasn’t really the case. All it takes is one employee to click one wrong link, anywhere.
“Part of our study was showing that the ‘dwell’ time of a hacker (how long they’re in a business’s network) has gone from 15 days to 10 days. That’s good news and bad news. More advanced tools and personnel are helping to identify and block those attackers, but in the recent MGM attack, they locked out the attack on day 10 and it was still enough,” Barlow said. “It just goes to show that you can implement all the tools but the last line of defense is still the employee. If you’re not providing more advanced training and certifications for your employees, they’re not going to know that it’s not OK to miss one piece of personal information.”
Making Sense of Complex Tools, Risks
The complexity of the cybersecurity space today, including a so-called alphabet soup of acronym technologies, makes it particularly challenging for MSPs to have everything in place to best protect markets.
“You have ZTNA, SIEM, XDR, EDR, MDR and on and on and on," said Barlow. "From an MSP perspective, what are you implementing and what signals do you get from a customer environment to do active threat hunting? Passive hunting is no longer good enough. MSPs using managed detection response (MDR) are more protected than those just using antivirus, but only 32% are using that in the UK. That’s shocking.”
In particular, MSPs should have strong log management tools deployed to ensure they have all the information needed to identify and then block the root causes of cyber incidents, Barlow said. “Without that, MSPs will block threat actors but relics of what they did are still on the system that could provide future access to a customer’s environment.”
Also, MSPs need to recognize they don’t have to go it alone. There are many companies to outsource some cyber functions to, especially if you don’t have the resources internally.
“The first question to ask is do you have the capabilities to identify and filter out the noise, get the alerts you need to respond, and then respond to the customer?” said Barlow. “If you can do active threats on your own, fantastic. If not, can you outsource that to vendors? Having a third party to watch 24/7/365 is a way to sleep at night. That’s the way the entire industry is going because MSPs don’t have the capabilities and don’t have the talent.”
Outsourcing some cyber functionality can also offset an MSP’s struggle to find and retain tech talent.
“Increasing number of positions that require certain cyber knowledge has been the biggest gap compared to other areas. Not everyone has a team of NSA experts in their basement. There are a lot of initiatives focusing on high-level jobs but really the talent gap is at the mid-level,” Thibodeaux said, noting that CompTIA is introducing a series of entry-level courses on Coursera, including CompTIA a+_ cyber to help fill the void. “We need to have more efficient entrances to get started in a cybersecurity career. This is a worldwide challenge,” he added.
Advice for MSPs to Get Started
The first step an MSP should take is identify all the assets in both its own organization and its customer base.
“A lot of companies take snapshots of every file before it gets encrypted and if ransomware attack occurs, you can roll it back,” Barlow said. “Also, you want layers of defense. Do you put up a fence around your house? Do you change the locks on your door? Do you make sure windows are secure? When you put it all together, if something does happen you are prepared.”
MSPs also should make sure they are protecting mobile devices and have an incident response plan—printed out. “I had a close friend that had an attack. I said don’t you have an incident response plan? He said, yeah but it’s on the server, not encrypted,” said Barlow. “There are so many active attacks coming through Chromebooks now. Can you containerize what’s on a mobile device to be immediately wiped?”
Barlow and Thibodeaux also suggested conducting a tabletop exercise to simulate a cybersecurity attack that allows MSPs to walk through their incident response plan and figure out gaps or confusion in processes and responsibilities. CompTIA’s board of directors completed a similar exercise recently.
“I left that super excited,” said Barlow, a member of CompTIA’s board. “One thing that stuck with me: do you have an alternative communication plan. If you or your customer get breached, how are you going to communicate externally and internally?”
Thibodeaux said his big takeaway was to cordon off or take certain data offline. “We’re also thinking about should we do tabletops with our major vendors so that we have defined communications with those companies. The ability of you as an MSP to do an exercise so you know my role in this is this, or that. It helps you be more transparent with your partners and customers so you know what everyone’s responsibilities are.”
Get the latest insights and trends!
Download CompTIA's State of Cybersecurity 2024 research report.