Tough Times Require Strong Security
The Top 4 Critical Strategies To Keep Your Cybersecurity Up To Date
By Ranjan Singh
As an MSP , you face myriad challenges . You ’ re the IT “ jack of all trades ” on the hook for break-fix responses , network outages , cloud-based workflow migration , and cybersecurity . With this responsibility comes the varied management of digital transformation projects and the day-to-day IT operations that keep your clients ’ businesses up and running .
Not only are you managing your clients ’ IT infrastructure , applications , and workflow processes , but you also have to be a master of multiple tools unique to the trade , such as remote monitoring and management ( RMM ), professional service automation ( PSA ) software , and more . Topping it off , everything you do has to be secure .
Challenging this status quo is the realization that we face uncertain times . When economic challenges occur , the natural response is to cut back and take a “ wait and see ” approach . This leads to project stagnation , or worse , complete elimination of planned IT initiatives , resulting in unintended consequences . As businesses aim to cut IT expenses , they inadvertently cut cybersecurity too .
Hackers know this , as evidenced by the increase in attacks that targeted small businesses in 2008 when the recession began . Threat actors bank on small businesses taking a reactive approach to cybersecurity . They understand many small businesses believe a hacker wouldn ’ t target them because of their size . Also , they know from experience that small businesses use a hodgepodge mix of disjointed , non-enterprise security products . Lastly , cybercriminals aim to take advantage of the shortage of security professionals , which impacts both MSPs and SMBs . All of this culminates in hackers gaining a substantial advantage over small businesses .
The cybersecurity climate for businesses has been steadily heating up , even without the added pressure of an uncertain economy and tight labor market . Almost half the businesses that Kaseya surveyed for the “ Kaseya Security Insights Report 2022 ” told our researchers they had been victims of a successful cyberattack or security breach . One in five survey respondents said their organization had experienced at least one successful cyberattack or security breach in the past 12 months . These alarming statistics illustrate the pressure businesses and the IT professionals who secure them are under in today ’ s turbulent cybersecurity landscape , and that pressure won ’ t be letting up anytime soon .
The effects of a successful cyberattack on a business include lost revenue , reputation damage , downtime , and wasted productivity , not to mention the high cost of mounting an incident report and recovery effort . About two-thirds of the survey respondents ( 63 %) said if their companies experienced a cyberattack , like ransomware , they would likely recover from the incident , but they would probably lose data and incur expensive downtime .
The Benefits Of A Cybersecurity Framework
For these reasons , during tough times , MSPs must take a contrarian approach to IT reductions and instead push for greater investments , specifically in cybersecurity . A proactive approach to increasing cybersecurity spending is using a cybersecurity framework ( CSF ), such as the NIST Cybersecurity Framework , that touches upon four foundational security disciplines : Identify , Protect , Detect and Respond , and Recover .
By using a framework for client discussions , you can walk through the best security practices with non-security business decision-makers . The four elements present a road map to review and plan for needed changes and updates . Leveraging a CSF gives you insights into where too much spending has occurred , often in the Protect category , and conversely where gaps may appear , such as in the Detect and Respond category .
1 . Identify
You can ’ t protect what you can ’ t see . Generally , we focus on using RMM tools to identify assets on the network as well as automate patching and facilitate updates . Without question , this is critical , but an often overlooked element of identification includes spotting credentials on the dark web . Here , it ’ s imperative to leverage Dark Web Monitoring as part of your plans to reduce risk exposure by knowing what usernames and passwords are already in the hands of cybercriminals .
6 | MSPSuccessMagazine . com • VOLUME 4 ISSUE 2