Why Cybersecurity Is Going To Save Your MSP

By Ben Nowacky, Axcient

Ransomware has had a dramatic impact on the MSP business. Statistics show that 78 percent of all ransomware attacks are in the SMB space, is costing businesses approximately $700,000, and it is taking on average 280 days to recover from these attacks. These are monumental costs to any single business, but as a point of aggregation, a cyberattack on an MSP can result in a business-ending event that can’t be recovered from. With incidents increasing 58 percent year over year, the sustainability of an MSP is dependent on a well-planned, multi-layered cybersecurity plan.

So, what does all that mean? If you ask five companies what their cybersecurity plan is, you will get seven different answers. With quality talent harder to find and retain, it’s not enough to purchase solutions and think you are covered. Ongoing training and validation have to be included in any program and choosing vendors that are ‘secure by default’ is a critical component to ensuring a strong security program that is repeatable and defendable.

As an example, Axcient’s Replibit solution is configured by default with AirGap, our solution to protecting MSPs from ransomware attacks by providing a barrier to bad actors, and the data they are attempting to encrypt or delete. The users aren’t required to configure, confirm or turn on anything. By adopting a security-first approach, our solutions require less technical training, are not as prone to human error, and provide the MSP with an extra layer of protection in their security matrix.

To help MSPs, we put together 10 tips to help frame or evaluate your cybersecurity plan.

1. It’s not a matter of if, but when. Plan on someone clicking a malicious link, getting spear phished, or someone leaving a port open on the network. Focus on minimizing dwell time, which is mean time to detect plus mean time to response or resolution. The less time you are exposed, the less damage that can be done. With that in mind, things like malware scans running every 12-24 hours will reduce detection time.
2. It’s not static. Any cybersecurity plan should be revisited quarterly to ensure your controls still match up with the industries you service, threats your seeing, your team, and co-workers and vendors you work with. A stagnant cybersecurity plan suffers entropy extremely rapidly, so a quarterly review is critical.
3. Identify and catalog your assets. It’s critical to have an accurate understanding of all the data on your system and its criticality and sensitivity. Understanding the data also will help in creating a compliance program to ensure data is properly classified.
4. Record and keep current all hardware and software assets on your system. In the event of a breach, it’s vital to understand what systems where are compromised to know the exposure you face.
5. Ensure you have a multi-layered security plan in place. MFA is a solution but should not be the only solution. While you should enable MFA for everyone, don’t become over-reliant thinking you’re protected. Simjacking is still a real and growing threat. MFA should also be layered in with strong endpoint security, firewall and backup solution to provide multiple walls a bad actor has to scale.
6. Plan for a breach. Often cybersecurity plans focus on preventing a breach, and no time on what happens if they are breached. By logging changes to infrastructure applications, you’ll have invaluable information for forensic analysis after an event to provide to authorities, mitigate risk, and liability and help identify weak points in systems.
7. Monitor what matters. What’s coming into your network matters, but not as much as what is leaving your network. Create and maintain your Egress Traffic Enforcement Policy and make sure you have monitoring in place to catch anomalies in data trying to exfiltrate your network.
8. Backup is not set and forget. Make sure you have a reliable backup solution that is tested regularly and protects you if an attacker were to gain access to the backups. Axcient’s AutoVerify feature performs your DR tests in the cloud daily giving you peace of mind, while AirGap provides a barrier to bad actors attempting to wipe out your recovery point.
9. Develop a training plan and stay current. New hires are not the only ones that should be trained. Employees should go through regular training to stay up to date with the applications they use and new threats surfacing. People are oftentimes the weakest link in the chain, and it’s important to run test phishing campaigns regularly and share results publicly with an organization. Tools like GoPhish (https://getgophish.com) are an invaluable asset in any training plan.
10. Find good partners. There’s no reason you should try to solve these problems in isolation. Peer groups are great sounding boards for feedback, but vendors can be just as valuable in helping make sure you are adopting best practices and care about your security as much as you do.

About The Author

Ben Nowacky is SVP of Product at Axcient.