As cyber threats evolve and proliferate business systems, MSPs are vital in helping businesses counter attacks by adopting a comprehensive strategy for risk mitigation. This includes preparation, response, and recovery, while also understanding the organization’s cybersecurity risk profile.
It’s Not ‘If’ — It’s ‘When’
Barracuda’s recent Cybernomics 101 report showed that over half of the 1,900-plus IT security practitioners surveyed had experienced an incident in the past year. So, it’s not a matter of if an incident will happen but when.
It takes practice to bounce back from a major incident. Conducting periodic risk assessments, using data points through tabletop exercises, and role-playing incidents inform security policies. They also highlight the significance of employee education on AI security.
This multilayered approach to risk mitigation also features a well-tested incident automation tooling and communication plan. This helps MSPs ensure cyber resiliency.
Another important tactic is to create a detailed risk register that identifies risks to business goals, critical assets, and regulatory/compliance issues. Revisit your risk assessment annually. Involve subject matter experts to review the frameworks and account for new threats and changing business landscapes.
Security as an Enabler
Cybersecurity has evolved into a powerful business enabler. A robust security posture protects an organization from threats and opens doors to new opportunities and competitive advantages.
Once the risk assessment and your threat modeling show that an account takeover is a critical risk, look into Zero Trust network access (ZTNA) or hardware security keys. These are inexpensive ways to remedy a high-risk issue.
Riaz Lakhani
You can also use AI and machine learning for threat detection and response or deploy XDR systems for comprehensive visibility across the client’s IT environment.
Educate Employees
Cybersecurity must be an ongoing process. Educate your employees about what could cause an account takeover and update them on the risks frequently.
As AI becomes more mainstream in the workplace, it introduces new security risks. Shadow AI and large language models (LLMs) are becoming a concern as employees or departments often use them outside a company’s IT governance.
However, you must treat shadow AI the same as any other risk. Build standards into existing policies on how employees can access generative AI tools as part of the company’s broader security strategy.
Best Practices
MSPs have an opportunity to help their clients establish incident response strategies with best practices and prescriptive measures to avoid the most common mistakes.
Tabletop exercises and incident response tests validate that your program works as you expected. Also consider a runbook, which outlines the procedures and processes for handling routine operations and security incidents in a security operations center (SOC) and provides team members with the knowledge and steps to resolve issues quickly. More importantly, a runbook also creates a customer communication strategy beyond technical issues. Often, the business stakeholders don’t realize they have as much of a part to play in the recovery process as the security team.
Unfortunately, many businesses struggle to communicate effectively with customers. Security professionals need to incorporate an end-to-end incident response plan as well as a communication plan in their strategy.
Finally, test your backup system, do threat modeling, and perform a restore. If SMBs are your customer base, these are rudimentary yet foundational practices.
Overcoming Challenges
Executive buy-in is likely one of the biggest challenges MSPs face, mainly because upper management doesn’t understand the threat landscape. They don’t know what they don’t know, so channel partners must educate them.
Give them real-world attack scenarios with similar companies. Get them to understand the cost of an incident and how long it will take to recover from it.
Build that relationship and help them realize what needs to be done. Make them part of your threat modeling exercises and discuss what must happen in a cyberattack. Hands-on, data-backed education is the way to get executive buy-in.
Final Thoughts
Your best defense is proactive defense. First, do an assessment. Then, find the gaps, build your roadmap, and look at past breach data. Use other organizations’ breach incidents as cautionary tales.
Know that you’re not alone. We’re cybersecurity practitioners and professionals. We can share information and use our experiences to help one another build a resilient, secure, and compliant future.
Riaz Lakhani is chief information security officer at Barracuda. He handles setting the strategy, managing implementation, and driving all aspects of Barracuda’s information security program.
Featured image: iStock
