The Ins and Outs of Defending Against Internal and External Threats: What MSPs Should Know

What comes around, goes around—at least in cybersecurity, according to XeneX CEO Kevin Nikkhoo. Read more and catch his session at ChannelCon 2024.
The Ins and Outs of Defending Against Internal and External ThreatsCybersecurity threats have come full circle. The cycle of hackers focusing on external attacks to internal attacks has come around again—with a twist.

Today, MSPs really need to concern themselves with attacks from both vectors because hackers can get into client environments through a number of new and unprecedented ways, according to Kevin Nikkhoo, CEO of XeneX, a Los Angeles-based SOC-as-a-service provider.

It’s a lot to process and cybersecurity needs a holistic approach that combines tech solutions, proactive monitoring, employee training and a robust incident response strategy. And nothing is static, of course, notes Nikkhoo, who will discuss the subject during a session called Cybersecurity is Going Full Circle: What Comes Around Goes Around at ChannelCon 2024 in Atlanta.

We asked Nikkhoo about the current cybersecurity climate, cybersecurity misconceptions and what MSPs should know to stay protected. Here’s what he had to say.

Your session is called Cybersecurity is Going Full Circle: What Comes Around Goes Around. Can you explain what that means?

In the evolving landscape of cybersecurity, the concept of "Cybersecurity is Going Full Circle: What Comes Around Goes Around" highlights the cyclical nature of threats and defenses. As old vulnerabilities resurface and new ones mimic past tactics, cybersecurity strategies must continuously adapt. Lessons from historical breaches inform current best practices, emphasizing the importance of staying vigilant and proactive. This full-circle approach underscores the necessity of learning from the past to anticipate future threats, ensuring robust defense mechanisms. The right strategy embodies this philosophy by integrating historical insights with cutting-edge new technology to provide comprehensive protection against ever-evolving cyber threats.

What’s the No. 1 thing you want MSPs to come away from your session?

The No. 1 takeaway for MSPs from this session is understanding the importance of a "full circle" approach to enhance their cybersecurity offerings. By leveraging the expertise, advanced threat detection and comprehensive security solutions provided by a qualified SOC, MSPs can deliver superior protection to their clients, stay ahead of emerging threats and position themselves as trusted advisors in the competitive IT services market. This strategic view of cybersecurity enables MSPs to explain the need for higher value services, how to meet compliance requirements and provide continuous monitoring and incident response, ultimately driving growth and long-term success.

What is the biggest misconception or thing MSPs aren’t doing right now in cybersecurity?

The biggest misconception or oversight by MSPs in cybersecurity is that a limited cybersecurity offering and monitoring (e.g. EDR) does protect customers. Cybersecurity is in layers. MSPs need to address “full circle” and continuous, real-time monitoring and proactive threat detection. MSPs must shift from a reactive to a proactive cybersecurity strategy, with a view on all security vectors, leveraging continuous monitoring, advanced threat detection and comprehensive security solutions. Partnering with a qualified SOC is essential to stay ahead of emerging threats, provide superior protection to clients and drive sustainable growth in the cybersecurity landscape.

How should MSPs pivot their thinking around risk?

By pivoting their thinking around risk, MSPs can better manage the full circle of cybersecurity challenges. This involves shifting from reactive to proactive strategies, adopting a holistic view of security, leveraging historical insights and partnering with a qualified SOC. Educating and engaging clients, integrating compliance into risk management and focusing on continuous improvement are essential steps in this evolution. Embracing these strategies will enable MSPs to provide superior protection, build long-term client relationships and drive sustainable growth in the cybersecurity landscape.

What’s the biggest thing MSPs should look for in a cybersecurity product/solution? i.e., integration capabilities with other products, etc.

For MSPs, the key to effective full-circle cybersecurity lies in selecting products and solutions with robust integration capabilities. This agnostic integration ensures comprehensive threat visibility, streamlined operations, enhanced security posture, scalability, improved compliance and advanced threat intelligence. By prioritizing integration, MSPs can provide more effective, efficient and scalable security solutions to their clients, ultimately driving growth and success in the competitive cybersecurity landscape.

Stay in the know.
Subscribe to CyberWeekly: This Week in IT Security

Newsletter Sign Up

Get CompTIA news and updates in your inbox.

Subscribe

Read More from the CompTIA Blog

Leave a Comment