I don’t often make up statistics; but when I do I tend to let my audience know I am making them up. At the MAX 2015 Customer Conference in Manchester I said something that I wanted to try and backup with some numbers. On this particular occasion I said: “IT Security is IT Admin”.
It turns out this is partially true and hinges on an analysis of common IT tasks, such as a password reset. A Gartner group study on help desk first level support revealed that about 20-30% of all calls for service could be fixed by a password reset.
My assertion starts to carry some weight.
So, to dig deeper, I turned to our MAX Service Desk team and asked them to search the entire database of tickets for some keywords.
Of the tickets processed, around 14% are what I would call “hard core” security incidents. However, one thing that shocked me was just how small reports of ransomware and cryptolocker appeared to be (at least in the text of a Service Desk ticket).
Higher rates of security breaches in US
The jaw-dropper for me with this high level data was the difference between the US (17%) and other regions (11%) when it comes to security incidents – this was made more compelling by the fact that less US customers are using LOGICNow’s MAX ServiceDesk. This tells me there are many security incidents in our US customer base. The fact aligns with the narrative being bandied around that US end users are being increasingly targeted by cybercriminals, and falling victim more frequently to the tools of the illicit crime as a service industry.
Here’s another point to consider to put this data into perspective: MAX Service Desk went live in December 2013, and in that time it has counted 1.47 million “hard core” security incidents. This equates to more than 61,600 IT security incidents per month. Taking that number and dividing by the number of users of service desk gives us 18 security incidents per service desk users, per month. The power of analytics like this is not in what they tell us about the current state, but what they can tell us about the future state and the incidents we may face down the road.
An intriguing snap shot
Of course, making analytical judgments and forecasts on somewhat ambiguous data like this is fraught with peril. The most useful data actually comes from trend analysis over a longer period. This does however represent an intriguing snap-shot of our popular MAX Service Desk offering, and some of the challenges our users face with security. Over time the power of this data will continue to grow.
One of the core benefits of service desk adoption is providing consistent, reliable support to customers or business units. Realistically, it is also about accounting for the time spent on IT issues and what the cost of those issues are. However, even moving your MSP or end user to a service desk is not going to answer the “how long will it take” question. That requires historical analysis, and that’s where data like that listed above will really help you.
This will provide you with an indication of the frequency of certain events occurring and the estimated downtime; providing the issue has occurred before. Viruses and malware are some of the more difficult and potentially time-consuming calls you will get as an MSP as they may require restoration of files and re-loading of systems. So, it’s important to track that data, to know how much a malware incident costs. Properly updated and implemented, a service desk can give you great insights into how long it takes to fix an issue; and time equals money for any business.
Clearly, I owe people an apology: IT Admin is not necessarily IT Security from the perspective of the PSA ticketing system we sell. However, what is apparent is the Internet is a hostile place and IT Admins and MSPs are spending 14% of their time dealing with serious security issues, and a heck of a lot more of that is taking place in the USA. With the data from a service desk function, MSPs can plan ahead for this and build it into their pricing and their offerings.
Ian Thornton-Trump, CSA+, CD, CEH, CNDA is CTO at Octopi Managed Services Inc. Ian is an ITIL certified Information Technology (IT) consultant with more than 20 years of experience in IT security and information technology. He enjoys and maintains a strong commitment to the security community. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013.
You can follow Ian on Twitter® at @phat_hobbit.