The ChannelNext Central conference recently concluded, leaving the industry buzzing with ways to boost their Managed Service Providers (MSP) security offerings and intelligences. Claudio Damaso, associate partner, cloud, and security for Hillsburgh, Ont. based CrucialLogics and Sagar Vyas, the Global Cybersecurity Evangelist for Jolera Inc. are two of the country’s leading cyber security experts who both agree that for MSPs to obtain and build the latest, state-of-the-art cybersecurity, it can’t simply be searched on Google!
Damaso referenced this summer’s massive ransomware attack in July that left close to 1,500 organizations stunned. This attack infiltrated specific remote management software from a company that produces it for the MSP market. ‘REvil’, a group of well-known, highly-trained hackers were able to successfully penetrate the security of close to 50 MSPs. This sort of attack was made easy for REvil, as they used the company in question’s products to gain access to almost 50 MSPs.
What this hack has revealed is that MSPs are largely not designed to handle the triage of the breach. Damaso’s direct advice for MSPs: “if you are going to play the security game, you can’t fake it until you make it.” The point both Damaso and Vyas convey to both the ChannelNext Central’s studio audience and live streamers of the event is that you need to be differentiated and unique in your approach in order to set yourself aside from other industry players who, when it comes to security protection, “Google it.”
Referencing a recent research study on global cyber security, Vyas said that in 2021 alone, cybercrime is up 600% – more than double the number of attacks the previous year. He added that at Jolera, his cyber security team sees this type of activity on a daily basis and ransomware attacks have rapidly evolved in the last five years. The sophistication of ransomware attacks has dramatically increased in today’s environment: Large groups of organized, established hackers who run their teams like a business.
Vyas firmly stated that any hack, breach, or ransomware attack is not a matter of ‘if’, but ‘when.’ The MSP community is best prepared when they enlist the right people, processes, and technology — all ensuring that the security of their service offering is as air-tight as possible. Vyas continues the discussion by explaining that MSPs with underdeveloped protection strategies should engage with a cyber security partner whose expertise can provide the right support. “Again, you cannot Google your cyber security partner.”
Vyas advised MSPs to specifically seek a security partner who understands the many securities policies organizations are looking to implement, along with the correct technology designed for endpoint detection and response in a fully monitored and managed solution.
With so much knowledge and understanding of this landscape, Vyas and his team have recently released a high-level, enhanced Endpoint Detection and Response (EDR) security offering. EDR is designed to predict, prevent, and recover all forms of malware from end-to-end, making it harder than ever to penetrate or to go undetected under their protection. Powered with advanced AI technology, this fully autonomous platform is currently available and can be modified to meet an array of individual needs.
Other technology areas MSPs should focus on are multi-factor authentication, security identification and event management systems, or SIEM, and incident response units that have action plans in place for any kind of security attack.
For Damaso, his advice to MSPs is to make it their duty to protect all their customers.
“There are fundamentals with security that can be implemented to better protect yourself and your customers’ business. But far too often, they push the boundaries of negligence when it comes to breach consequences. Nothing can be guaranteed because of all the factors out there, but can the MSP say [that] they have done enough?”
Other security strategies to consider for MSPs are assessing a risk tolerance level and then mapping out a strategy based on that. Damaso concluded that every organization will have a unique risk tolerance level and having a backup plan is necessary to ensure the damage to the pocketbook and the brand are minimized.
In the end, the two security experts conclude that their tenure and success in the industry can only further drive home the fact that you cannot Google your security needs. The most effective, cost-efficient, and headache-free method for MSPs to protect their offerings is to find a partner in the industry that both understands the climate of cybersecurity and has the right tools to mitigate the ever-present malware risk.
By Paolo Del Nibletto