3 must-have tools
- Data protection
Having strong backup in place is level 101 when it comes to limiting the impact of a breach. It’s simple: when a company’s data is locked down by ransomware, you need to be able to recover it fast and with as little data as possible lost. Failure to do this could result in heavy financial losses for the company. This is where backup comes in—by having systems backed up regularly and being able to recover quickly, you limit the impact that a breach will have.
To do this, you need to know exactly how much data the company can afford to lose (recovery point objective, or RPO) and how long they can afford to be offline for without incurring major financial losses (recovery time objective, or RTO). Find out more about RTO and RPO here. Once you know the acceptable limits, you can setup SLAs to help keep your customers happy, while at the same time ensuring you limit the impact of any outage.
- Endpoint detection and response (EDR)
Today, antivirus is not enough to protect against the growing tide of malware and ransomware. This is where EDR comes in. EDR solutions go beyond antivirus solutions. Instead of using traditional signatures, they analyze activities on an endpoint to spot suspect behavior. Instead of waiting for a signature to be discovered and pushed to an AV solution, EDR tools use artificial intelligence and machine learning to spot anomalous behaviour that other solutions wouldn’t catch. For example, if a connection is made via RDP to reach out to a command and control network to download a virus, EDR could note this as weird behavior and attempt to shut it down automatically.
MSPs using EDR can help reduce the risk of a major breach and resolve security issues before they become catastrophic. For example, if ransomware attempts to encrypt files on a customer’s machine, a product like EDR can kill and quarantine the offending process and quickly rollback the endpoint to a safe state, replacing encrypted files with pre-attack, healthy versions. This helps prevent downtime, lost productivity, and angry phone calls from your customers.
- Threat monitoring
Increasingly, when it comes to cybersecurity, data is king. The more intelligence you have about your network and the threats in the wild, the better—providing of course that intelligence is relevant and actionable. Threat detection and monitoring solutions leverage multiple intelligence feeds to help detect threats in the wider landscape and sound alarms. The threat monitoring solution can automate much of the process and help place your threat intelligence into context alongside other data, like logs. You can then use this information to detect threats and, hopefully, remediate them as soon as possible.
This can help you detect anomalies in your network environment before they wreak havoc. You may want to ramp up the monitoring profiles on admin users and investigate any strange actions. For example, if you notice multiple failed login attempts on an admin account, investigate whether it’s from a legitimate user or malicious actors.
3 must-have processes
- Security awareness training
Your and your customers’ employees are your greatest assets, but they can also be your weakest link when it comes to cybersecurity. If people do not understand the importance of things like strong passwords and not clicking on attachments in potentially rogue emails, you are leaving a big backdoor open into your company networks. Holding regular training sessions can help reinforce the basics of cybersecurity and turn employees into a deterrent rather than a vulnerability. However, the training needs to be engaging and not simply paying lip service to the concept—read our blog on Security Awareness Training to help make sure you’re getting it right.
- Penetration testing
Testing any process or product is a vital part of creating a successful business. The same should be said about your security. Penetration testing should be considered a core part of any security strategy as it allows environments to be stress tested in a controlled manner. This can help companies prepare for cyberattacks, malware, and more by continually and regularly checking for weaknesses, vulnerabilities, and bad user behavior on apps, services, and networks. And this applies to your network, too. Get someone to pen test your own network. The last thing you want is for your infrastructure to leave your customers vulnerable. With criminals increasingly targeting MSPs, you have to make sure your own house is in order. If you can’t do pen testing on your own, you may want to partner with a managed security services provider (MSSP) to help you.
- Incident response
Reports suggest that one of the breached MSPs actually resorted to paying the hackers in a bid to unlock data, but this is a very risky strategy and we don’t know whether it was successful in this case. Very few companies admit to having paid-up following a ransomware attack, so data on whether it actually works is sketchy. You can cite the hospital in Hollywood that hit the headlines for paying $17,000 to get back its critical files, but beyond that there is very little evidence that it works. In this case, the criminals did unlock the hospital’s files and normal service was quickly resumed, but there is no guarantee this approach will work. Remember these people are criminals—would you trust them?
This means having a proper business continuity plan in place, which needs to include effective data recovery strategy (see data protection above), the ability to shut down or quarantine off areas of your network, and an understanding of how to handle disclosure in the event of a breach to ensure you are compliant with key data regulations that cover your business and your region. It’s critical that your team knows how to handle any incidents as they arise, quickly and effectively.
Safe, not sorry
These days anyone can fall victim to a cyberattack. However, MSPs represent a lucrative target for many hackers due to the value of the data and sheer number systems they control. As for when the next attack will come and what form it will take, we don’t know. Cybercriminals are constantly innovating. But you should expect to be attacked and you must be prepared. Even if you’re not providing security services, you must keep your house in order. You absolutely do not want to be the weak link in your customer’s defenses.
Try these tips for starters, and make sure to look out for other security articles coming from us. We'll do our best to keep you informed and help you lock down the fort.