By Steven Schwartz, ECI
Heartbleed, Kaseya, SUNBURST, and now Log4j—cybersecurity attacks are becoming ever more pervasive and sophisticated. As a result, companies and the MSPs who serve them must take aggressive and proactive stances to prevent future threats and be ready to quickly mitigate them when—not if—they occur.
Here are seven steps you should take to ensure your clients are well protected before the next major vulnerability emerges.
- Make Sure Your Clients Have The Right Tools
As an MSP, you’re not just a technology provider; you also need to be a consultant! In that role, there are certain cybersecurity tools and processes you should consider recommending to your clients.
For example, multi-factor authentication on endpoints, accounts, and external-facing portals is essential, especially for companies that feature remote work environments. Of course, additional measures such as antivirus protection and firewalls should also be part of your clients’ cybersecurity strategies.
If you’re servicing financial services organizations, each of these components will likely soon become requirements—not just suggestions—for your clients. That’s because the SEC recently issued new cybersecurity rules for investment advisers and funds. These rules will probably take effect later this year, so it’s best to prepare your clients now.
- Protect Yourself While Consulting With Your Clients
In some cases, a client may not wish to implement some elements of these fundamental tools, at least not until they are required to do so. Respect their position, but protect yourself, too. If possible, ask the client to sign a waiver that states their reasons for not implementing the suggested solutions.
More importantly, consult with your client to help them understand the value behind the solutions you’re suggesting. Tell them you’ll work with them to mitigate possible damage in the wake of a breach but show them that the best defense is preventing the breach from happening in the first place. Doing that will require some combination of the proactive tools and measures outlined above.
- Lock Down Remote Management And Monitoring
The Kaseya attack, which impacted thousands of businesses around the world, including MSPs, may have gotten the most press last year, but it was far from the only threat related to remote management. Remote work is expanding an organization’s networks and likely were significant contributors to the success of various attacks.
Ensure your remote management and monitoring capabilities are locked down to prevent clients from being impacted if your firm is breached. In addition to implementing end user authentication and verification, leverage a Security Information and Event Management (SIEM) or Remote Monitoring and Management (RMM) partner to continuously monitor endpoints for anomalies and be ready to mitigate threats through playbooks and automation when they occur.
Finally, always keep an open line of communication between you and your SIEM and RMM partners so you’re able to easily share and assess information. Have them provide you with a clear understanding of their security and incident response procedures.
- Leverage Your Experts
Automated systems are great and necessary, but there’s no substitute for human expertise. In the event of a crisis, it’s likely your clients will want to lean on your knowledge to guide them through.
Augment your automated response technologies with input from your internal security experts and leverage their expertise to help clients navigate potential worst-case scenarios. Their invaluable experience can be the difference between successful mitigation and catastrophe.
- Apply Defense In-Depth Strategies
A defense in depth strategy is a winning cybersecurity posture that incorporates several layers to ensure better protection. Think of it like a medieval castle, where the moat is the firewall, the turrets are the antivirus, the drawbridge is the web access firewall, and the knights are the last line security experts.
Defense in depth has been a hallmark of the physical world for decades, and we’re continuing to enhance it through a cyber perspective. As cybersecurity tools become easier to deploy and use, defense in depth will become more viable. You’ll want to ensure your clients adopt this strategy to strengthen security in a world that’s rapidly evolving toward SaaS-based applications and cloud environments.
Prior to implementing any additional technologies into your stack, make sure you can operationally support them and that they will be able to scale to the masses. Without accomplishing this exercise your operations’ overall productivity will take a significant hit and you’ll constantly be reacting to fire drills.
- Prioritize Data Restoration And Resiliency
Unfortunately, despite your best efforts at a multi-layer defense, an attack will likely happen to your clients at some point. When it does, every moment counts. Remember the six-hour Facebook outage in 2021? It’s estimated to have cost the company $164,000 per minute.
Develop well-documented incident response and disaster recovery plans so you know exactly how you will spin your clients’ environments back up if they’re hit with ransomware. Thinking about these types of situations during the actual event could be catastrophic to recovery efforts.
You may run into a situation where backups indicate they’re being completed as anticipated, only to discover upon restoring from backup that the files are corrupted. To minimize this issue, conduct regular backup restoration and disaster recovery tests for your clients that subscribe to this aspect of your service.
- Show Your Value
Your importance to clients will only increase as they consider steps to take to improve cybersecurity in the wake of Log4j and other newsworthy vulnerabilities. They subscribe to your services because they trust your organization to take care of their technology requirements. Expect them to continue to look to you to ensure they are well protected against increasingly sophisticated threats. Be there for them as their cybersecurity needs increase and take this opportunity to show your value.
About The Author
Steven Schwartz is director of security consulting at ECI. He has spent more than 15 years in the cybersecurity industry with the past five at ECI. At ECI he helps clients understand the shifting cybersecurity landscape and to plan, prepare, and respond to cyber-related events. Steve also works to bridge the gap between business and security priorities, helping organizations make sense of their investments. Before joining ECI, Steve spent five years in the U.S. Navy onboard a submarine and has worked with several boutique consulting organizations in addition to S&P Global Markets and PwC. Steve’s prior experiences primarily revolve around penetration testing and security assessments. He has worked with a variety of different security standards and frameworks and has multiple industry-recognized certifications. Steve’s educational background consists of holding a Masters of Science degree in National Security with a concentration in Cyber Security from New Jersey City University.