Today, one of the primary concerns of any Managed Service Provider (MSP) is the security of its customers—their systems, applications, and data. Organizations exist in a world where cyber attacks are not only present, but imminent. And, by imminent, I mean they're either going to happen, or they already have (whether your customer knows it or not).
For example, over three-quarters of organizations say the severity of attacks has increased from the previous year.1 And they’re right; in the past 12 months, 33% of organizations have experienced a ransomware attack.2 These are companies that have put measures like antimalware, endpoint threat protection, and user training in place!
The smaller organizations—that are perfectly sized to be your customers—are the primary target of cyber criminals3, and the data shows SMBs are simply not prepared:
It’s more a when than an if, really.
This makes it the service provider’s job to ensure every part of a customer’s network is proactively protected. It’s no longer just about securing the common attack avenues of entry—such as the network perimeter, email, and websites. Sure, those things need to be in place, but the real challenge is to proactively eliminate risk as part of your ongoing management.
The answer lies in looking at the threat activity itself. Is it the fact that a cyber criminal compromises an endpoint on your customer’s network that is the threat? How about if they somehow obtain domain admin credentials? In reality, the real risk isn’t found in either of these actions. Think about it; you’ve never read a headline like, “Cyber criminal obtains domain admin rights… and does nothing with them!” Instead, the headlines look more like, “10K healthcare records stolen!”
Now you’re probably seeing where I’m going. The risk is found not in the access to your network, but in the access to and theft of your organization’s data.
While you definitely need to secure your network’s periphery—which would include solutions like email security, application firewalls, and endpoint protection—the real risk-reducing work is found at the intersection of valuable data and vulnerabilities. This intersection may exist at those very same endpoints you already worry about, or it may exist on a server somewhere deeper within your network. The challenge is understanding what lies deep within your network and its endpoints, well beneath the assumptions of security.
To answer this, let’s look at three elements that make up the calculation for determining the dollar cost of risk (an article you should definitely read) in an organization:
In the dollar cost of risk calculation, the three values above are multiplied to give you a total risk for a given endpoint. But in the case of this article, where we try to determine what’s lurking beneath the surface of the network that’s creating risk, the calculation spells out the two areas you need to be addressing: unprotected data and vulnerable endpoints.
Recall that I mentioned earlier in this article, “The real risk-reducing work is found at the intersection of valuable data and vulnerabilities.” Now you see why.
There are a few actions you can take to reduce the risk that’s lurking beneath:
This is one of those cases where “you don’t know what you don’t know.” Scanning endpoints, for both valuable data (that probably shouldn’t be there) and the lack of proper protection against vulnerabilities, brings the unseen risk that’s been there all along—just beneath the surface—to the forefront of your attention.
This is no simple feat. Sure you can do some level of scanning/patching with free tools, but gaining visibility into both the current state of a given endpoints’ unprotected records and level of vulnerability—and then being able to do something about it—is going to require a third-party solution.
1. Ponemon, State of the Endpoint (2016)
2. KnowBe4, Endpoint Protection Ransomware Effectiveness Report (2017)
3. National Cyber Security Alliance, National Small Business Survey (2016)
Nick Cavalancia has over 20 years of enterprise IT experience and is an accomplished executive, consultant, trainer, speaker, and columnist. He has authored, co-authored and contributed to over a dozen books on Windows®, Active Directory®, Exchange™ and other Microsoft technologies. Nick has also held executive positions at ScriptLogic®, SpectorSoft® and Netwrix® and now focuses on the evangelism of technology solutions.
Follow Nick on Twitter® at @nickcavalancia
Find out how SolarWinds® MSP Risk Intelligence can help you reduce risk on your endpoints and secure your customers’ systems. Click here to start your free trial today.
© 2017 SolarWinds MSP UK Ltd. All rights reserved.