When you work inside of a Security Operations Center (or SOC for short), the day never ends. It’s demanding and often a seven-days-a-week job, according to Sagar Vyas, the Global Cybersecurity Evangelist for Jolera Inc.
Working inside a SOC is a fast-paced environment where SOC professionals handle events such as alert notifications, triages, security incident responses, and explore how to contain threats that may occur in the future (also called Threat Hunting).
“You are doing multiple things and you have to be able to pivot quickly through them. This is a complex job and finding people with the right skillset for it is has been a challenge, especially in Canada,” Vyas added.
Associate partner, cloud, and security for CrucialLogics’ Claudio Damaso joined Vyas on a panel discussion for the ChannelNext Central Conference in Toronto on the topic of MSP Security, echoing Vyas with his own experiences in SOC.
“We have a dedicated team at CrucialLogics and they eat, breathe, and sleep security.”
Damaso emphasizes that one cannot get by in a SOC with just a background in a few security courses.
“Many people are in the game because they are passionate about alerts, analyzing threats and their intelligence, and predicting future threats,” Damaso said.
Increasing importance in SOCs has been prevalent in both business and government organizations of all sizes. Fresh research from Statista, Canada, found that the total addressable market for SOCs is projected to reach $30 billion USD by the end of 2021.
Over the course of the past 19 months of the Covid-19 pandemic, the thread volumes for SOCs significantly increased, predominantly due to the shift to remote and online work-related security challenges.
Operating a SOC during the pandemic was anything but easy, as “the Internet [doesn’t] stop at the Canadian border,” Damaso explained.
“You need to [be] proactive and preemptive [about threats] before they reach your customer. It’s a constant battle!”
For Managed Services Providers (MSPs), operating without a strong SOC can be detrimental to cybersecurity. Partnering with a skilled SOC provider is the primary suggested strategy for mitigating the high risks of cyber-attacks before they affect customers.
Vyas cautioned that the blurred lines of responsibility of things like handling data and responding to security breaches requires the navigation and reliability of a well-vetted SOC partner. Well-trained SOCs reduce the costs associated with security and malware and can support MSPs in long-run with security intelligence reporting.
IBM recently published a report titled ‘Cost of a Data Breach Report 2021’, illuminating the average cost of a data breach this year: $4.24 million, an almost 10% increase from the previous year.
So where does this leave MSPs? Many are speculative of automation and machine learning as a way of both preventing and reducing the costs associated with cybersecurity. Both Jolera and CrucialLogics are SOCs committed to advancing the way the industry understands cybersecurity; Jolera recently released an AI-driven Endpoint Detection Response (EDR) solution targeting this exact area of developing technology.
Vyas said it simply: “The time for advanced and effective cybersecurity and SOCs is now.”
By Paolo Del Nibletto
The ChannelNext Central conference recently concluded, leaving the industry buzzing with ways to boost their Managed Service Providers (MSP) security offerings and intelligences. Claudio Damaso, associate partner, cloud, and security for Hillsburgh, Ont. based CrucialLogics and Sagar Vyas, the Global Cybersecurity Evangelist for Jolera Inc. are two of the country’s leading cyber security experts who both agree that for MSPs to obtain and build the latest, state-of-the-art cybersecurity, it can’t simply be searched on Google!
Damaso referenced this summer’s massive ransomware attack in July that left close to 1,500 organizations stunned. This attack infiltrated specific remote management software from a company that produces it for the MSP market. ‘REvil’, a group of well-known, highly-trained hackers were able to successfully penetrate the security of close to 50 MSPs. This sort of attack was made easy for REvil, as they used the company in question’s products to gain access to almost 50 MSPs.
What this hack has revealed is that MSPs are largely not designed to handle the triage of the breach. Damaso’s direct advice for MSPs: “if you are going to play the security game, you can’t fake it until you make it.” The point both Damaso and Vyas convey to both the ChannelNext Central’s studio audience and live streamers of the event is that you need to be differentiated and unique in your approach in order to set yourself aside from other industry players who, when it comes to security protection, “Google it.”
Referencing a recent research study on global cyber security, Vyas said that in 2021 alone, cybercrime is up 600% – more than double the number of attacks the previous year. He added that at Jolera, his cyber security team sees this type of activity on a daily basis and ransomware attacks have rapidly evolved in the last five years. The sophistication of ransomware attacks has dramatically increased in today’s environment: Large groups of organized, established hackers who run their teams like a business.
Vyas firmly stated that any hack, breach, or ransomware attack is not a matter of ‘if’, but ‘when.’ The MSP community is best prepared when they enlist the right people, processes, and technology — all ensuring that the security of their service offering is as air-tight as possible. Vyas continues the discussion by explaining that MSPs with underdeveloped protection strategies should engage with a cyber security partner whose expertise can provide the right support. “Again, you cannot Google your cyber security partner.”
Vyas advised MSPs to specifically seek a security partner who understands the many securities policies organizations are looking to implement, along with the correct technology designed for endpoint detection and response in a fully monitored and managed solution.
With so much knowledge and understanding of this landscape, Vyas and his team have recently released a high-level, enhanced Endpoint Detection and Response (EDR) security offering. EDR is designed to predict, prevent, and recover all forms of malware from end-to-end, making it harder than ever to penetrate or to go undetected under their protection. Powered with advanced AI technology, this fully autonomous platform is currently available and can be modified to meet an array of individual needs.
Other technology areas MSPs should focus on are multi-factor authentication, security identification and event management systems, or SIEM, and incident response units that have action plans in place for any kind of security attack.
For Damaso, his advice to MSPs is to make it their duty to protect all their customers.
“There are fundamentals with security that can be implemented to better protect yourself and your customers’ business. But far too often, they push the boundaries of negligence when it comes to breach consequences. Nothing can be guaranteed because of all the factors out there, but can the MSP say [that] they have done enough?”
Other security strategies to consider for MSPs are assessing a risk tolerance level and then mapping out a strategy based on that. Damaso concluded that every organization will have a unique risk tolerance level and having a backup plan is necessary to ensure the damage to the pocketbook and the brand are minimized.
In the end, the two security experts conclude that their tenure and success in the industry can only further drive home the fact that you cannot Google your security needs. The most effective, cost-efficient, and headache-free method for MSPs to protect their offerings is to find a partner in the industry that both understands the climate of cybersecurity and has the right tools to mitigate the ever-present malware risk.
By Paolo Del Nibletto
October is Cybersecurity Awareness Month, so it’s almost mandatory to explore one of the biggest cyber threats known to date. Phishing scams are amongst the greatest cyber security threats that businesses and organizations face today. 75% of organizations around the world experienced some kind of Phishing scam in 2020. According to the FBI, there were nearly 11 times more phishing complaints in 2020 than in 2016. Phishing attacks are only rising with the increase in remote work. The attacks are becoming popular because they are easy for hackers to conduct and can potentially lead to large payouts. Phishing scams can lead to devastating costs for many parties involved. Below we will examine some of the biggest and most costly phishing scams that have happened in the last decade.
In January of 2016, FACC, an Austrian Aerospace and Defense company lost around €50 million from an email phishing scam. The scam was believed to be a Business Email compromise scheme, in which the attackers impersonate a finance official in the company and attempt to trick the email receiver into transferring a large amount of money into the attackers’ account. After the loss, FACC decided to vote off their CEO as a consequence, and also fire their Chief Financial Officer. It is unclear what their roles were exactly in this scam, but it is evident that the consequences of falling for such a phishing scam can be very severe and detrimental – not only financially.
2. Sony Pictures
In November of 2014, Sony Pictures was hacked by a group called “The Guardians of Peace”. Numerous consequences occurred; one of them being that 100 Terabytes of unreleased data and pictures were leaked. CEO of Cylance, a large computer security firm, stated that the hacking group was able to infiltrate Sony’s system through phishing scams they planted months earlier. Employees of Sony Pictures, including the CEO, received ID Verification emails that appeared to be from Apple. Once Sony was hacked, the attackers also demanded Sony to withdraw their movie “The Interview” which was a comedy about a planned assassination of Kim Jong-un, the North Korean leader at the time. Many cinemas refused to screen the film as the group also threatened terrorist attacks at the openings. It is difficult to calculate the full scope of damages of this phishing attack, but the estimated costs to the company were over $100 million.
3. Facebook and Google
Between 2013 and 2015, over $100 million was stolen from Facebook and Google through another clever phishing scam. The hackers created fake email accounts which looked like they were sent by employees of Quanta, an infrastructure supplier in Taiwan that both Facebook and Google worked with. The hackers then sent phishing emails with fake invoices to financial officers at Facebook and Google who were used to conducting such large transactions. Once the scam was eventually discovered, both companies took legal action and the hacker was identified as Evaldas Rimasauskas, a Lithuanian man who was then sentenced to 5 years in prison.
4. Colonial Pipeline
The most recent and largest phishing scam occurred earlier this year, in May 2021 to Colonial Pipeline in the U.S. Although Colonia Pipeline was hit with ransomware, the attackers only gained access through an employee’s email which was most likely accessed through a phishing attack, as the U.S. government believes. The exact source of the attack is still being investigated. It is impossible to determine how costly the cyber-attack really was, as effects have been felt in many countries that dealt with Colonial Pipeline and are still being uncovered. The company has already paid $4.4 million to the hackers. As the organization provided half of the oil supply to the U.S.’ east coast, the effects were felt publicly when gas prices soared after Colonial Pipeline was shut down for two weeks.
Phishing scams are not going anywhere, and the best way to stop and detect them is through your front-line employees. Regular phishing training should be conducted to help employees become aware of the severity of the attacks, as well as to know what to look for in everyday emails.
By: Joanna Ambros, MBA
By Paolo Del Nibletto
The ChannelNext East conference in Montreal was my first in-person event since January of 2020 and it hosted local channel partners and MSPs from the area as well as several more who live-streamed the show. The one-day event was held at the Riverside Event Venue in the city, and it provided the best backdrop for an in-person event under strict COVID-19 restrictions. Riverside is an indoor-outdoor facility that enabled the conference organizers TechnoPlanet to provide a safety-first, social distancing format for all attendees, speakers, and event staff.
TechnoPlanet president and show host Julian Lee said the IT industry needed to re-start in-person events after such a long layoff.
“The channel needs to get back to work and we see in-person conferences as an important part of a get back to work strategy. The main objective of the ChannelNext East event was to rethink the conference showcasing interesting areas that are more suited for the current situation,” he said.
This meant that a hotel, where most conferences usually take place, was out of the question. Hotels have plenty of moving staff going from event to event and the chances of cross-contamination would be high. For Lee and his team, they needed to adapt to a new situation that could best meet the new model, while having a hybrid approach so that it can interest a bigger audience. Another factor for Lee was his desire to support local businesses hard hit by the pandemic and subsequent lockdowns. This is why TechnoPlanet chose the Riverside indoor-outdoor event venue in the Saint Henri district of Montreal.
ChannelNext East featured a talk show format highlighted by opening keynote Q&A with Chris Fabes, the Canadian Channel Chief of Lenovo. Fabes talked about how Lenovo Canada would be helping channel partners and MSPs pivot from the pandemic, what investments they were making in the channel community and how they were scaling towards an as-a-service model.
This was followed up with a panel discussion on how to best approach the Digital First Economy which featured leadership consultant Glynis Devine and myself. I spoke about how MSPs can get a leg up on the digital economy with fixed cost, as-a-service solutions in security, backup, and cloud.
The show also featured an expo and a Lion’s Den competition with executives from Datto, Cyber Power, Net2Phone, SherWeb and ViewSonic squaring off in three-minute segments. Show attendees in-person and online could vote for who had the best pitch.
Finally, Randall Wark, the co-created of the Channel Partner Alliance took the stage to outline the benefits of the Mastermind programs along with bringing actionable strategies and insight on digital best practices to MSPs and channel partners.
Lee added the ChannelNext East hybrid event says there is help if the channel wants it.
“The struggle is real in the channel, but there is help out there either virtual or in-person.”
The ChannelNext East event may have been the first in-person show so far this year, but it will not be the last. Lee and his team are working on the next event that will be staged on Oct. 20th in Toronto.
The decision to outsource some or most IT operations to an external MSP (Managed Service Provider) is one that could directly benefit your entire company. MSPs can bring value by allowing your company to focus on what it does best without sacrificing time on managing their Information Technology infrastructure. The first step is to choose the right MSP for your company. Once your company has taken the plunge and committed to the right Managed Service Provider, here is how to make sure you get the most value for your money.
Being completely transparent in terms of what your business goals and priorities are will be mutually beneficial to both your company and your Managed Service Provider. An open discussion about aligning your business goals and needs with the strengths and services of the MSP will only enhance the results you get.
Build a Relationship
As you will most likely be working with your Managed Service Provider for a long period of time, ranging from months to years, it is important to establish a professional relationship with your MSP. Your Managed Service provider should essentially be a business partner that will not only enhance your IT software and services, but introduce you to external connections and broaden your company’s network.
Involve your Managed Service Provider in Planning Stages
If you have a specific vision for your company’s IT services, it is best to inform your Managed Service Provider early on so you can be on the same page. For example, do you want to focus on cloud-services only? Do you plan on improving your entire outdated IT infrastructure within one year or less? Or are you more focused on creating a fool-proof cybersecurity plan for your business? Determine your specific goals and priorities and include your MSP in the initial planning stages. Not only will you benefit from your provider’s expert opinion in IT, but you may also cut costs down the line by discussing your projects ahead of time and budgeting accordingly.
Utilize All Available Services
Your Managed Service Provider can provide a multitude of services, such as 24/7 Tech Support, Cybersecurity Services, Employee training programs, or Disaster Management. Find out from your representative what other services they think your company may benefit from. Even if you only commit to one plan when signing a contract early on with your MSP, down the line you may require more services and help managing as your business grows and scales. You may be surprised at the variety of ways an MSP can help your company that you have not thought of before.
Managed Service Providers can tremendously enhance your company’s operations. To get the most of your experience, it is important to establish a solid relationship with your MSP, have open communication about your business goals and plans and trust your MSP to provide you with the tools to succeed. Establishing a partnership with your Managed Service Provider will bring your company long-term enterprise success.
By: Joanna Ambros, MBA
Now that your company has decided to start performing regular IT Security Audits to ensure compliance and enhance cybersecurity, the next step is to find the right Security Auditor. Although it can seem like a stressful and daunting task, it is important to find an Auditor who is a suitable fit for your company. Focusing solely on low price may result in a poorly matched Security Auditor for your team. The right Security Auditor will be able to understand the specificities of your product and the challenges your company’s IT systems may be up against.
What are some factors to consider when choosing a Security Auditor?
Auditors may be qualified to perform different levels of tests. It is first important to determine what compliance certifications your nature of business needs; it is common to see cloud-based service businesses needing SOC 1, SOC 2 and ISO 27001 as well as CCPA as compliance necessities. Do your research beforehand to see which Audit companies are qualified to run the tests you require.
The key to vetting an Auditor’s reputation is to do thorough customer reference checks. You will want to ask those who have worked with the auditor a few of the following questions:
- How flexible has this auditor been while working with you?
- How would you rate them compared to other Security Auditors you have worked with?
- Did their services and delivery measure up to what they promised?
It is usually well worth the price to partner with a reputable, more expensive Audit company and known brand than an unknown auditor with no references at a lower price.
3) Time Commitment
Your engagement with a Security Auditor could range anywhere from three months to several years as most security accreditation standards require annual renewals. It is relatively uncommon for companies to switch auditors once a match is made. The bulk of the work for an auditor is in the first year, and it reduces over time. It is a good opportunity to also consider long-term pricing arrangements which can either start low with a good deal and increase or lower over time.
What kind of tools and programs will the Security Auditor be using? Are these programs up to-date and in full support of cloud-based services? If your company uses modern infrastructure and software, your auditor needs to fully understand those. Likewise, it is important that your own IT department understands these tools, and that they are scalable and easy to use.
Choosing the right IT Security Auditor can lead to a long-term beneficial partnership and relationship for your company. While evaluating choices, it is crucial to consider not only the price, but the timeline of the relationship, the Auditor’s reputation and reliability, their qualifications and the programs that they will use to maximize the value of the audits specific to your company’s needs.
By: Joanna Ambros, MBA