Cybersecurity solutions that leverage artificial intelligence (AI) and machine learning can improve a company’s security posture. These technologies offer enhanced protection via automation and the ability to identify threats that may pass through traditional firewalls or email filters — including new AI-enabled cyberattacks. However, companies that don’t maintain effective cyber hygiene when protecting applications and securing data will face additional risks when utilizing AI-enabled applications.
MSPs can play an essential role in educating their customers about these risks. A knowledgeable service provider can help its clients deploy mitigation strategies and new applications.
This presents a lucrative opportunity for MSPs seeking to monetize their AI offering by providing services focused on cyber hygiene and readiness. Using tools that can automate threat detection, monitor network activity, manage alerts, and create real-time reports, MSPs can help clients reduce their exposure to new threats.
Empower Resource-constrained Businesses
Small and midsized businesses (SMBs) often lack the internal resources to manage a security infrastructure and comply with regulatory requirements. The nonprofit Center for Internet Security (CIS) published guidance on how these companies can benefit by partnering with an MSP. The MSP could provide services to improve cyber hygiene, such as:
- Backup and recovery
- Network monitoring
- Patch/update management
- Software/hardware provisioning and implementation
As the CIS document points out, MSPs must also strengthen their own processes and implement governance and compliance measures to protect their internal infrastructure as well as their customers. The CIS document encourages businesses to examine how the MSP protects its infrastructure and ask what types of controls it offers clients.
As cyber hygiene becomes more important, automation-enabled by tools like managed extended detection and response (XDR) and 24/7 security operations center (SOC) services can help MSPs better protect themselves and their customers while reducing the impact on their internal resources with centralized monitoring and automated response.
Greg Saenz
Cyber Insurance Is Vital for Safeguarding Businesses
Cyber insurance is another essential part of an AI-based security strategy. This is because qualification is often tied to meeting compliance with governance requirements, which can help MSPs determine if their customers are prepared to adopt and secure AI-enabled applications.
MSPs can offer various cyber hygiene and readiness services as part of their portfolios. Those can include foundational services like password management, patches/updates, antivirus, and awareness training.
There are also opportunities to provide:
- In-depth security assessments to identify vulnerabilities
- Comprehensive and recurring security awareness training and education
- Network scanning and vulnerability management
- Compliance consulting and management
- Virtual CISO services
- Traditional services like backup and disaster recovery and managed detection and response (MDR)
By providing cyber hygiene and readiness services, MSPs will gain recurring revenue opportunities and potentially gain new clients. They can also increase the effectiveness of the AI-enabled security technology solutions they offer.
Get Your Own Security House in Order
Internally, MSPs must invest in staff and training. This positions them to provide these services and establish technology partnerships with vendors that can provide the level of automation and support necessary to scale the initiative across their entire client base.
MSPs should also follow some key best practices around establishing a cyber hygiene program. Some of that includes:
- Work with clients to outline all the assets and applications requiring protection, from their customer databases to mobile devices and users at the network edge.
- Establish real-time monitoring and visibility with a 24/7 SOC that can provide real-time alerts and rapid response. MSPs who lack the resources to build and staff an SOC can team with a vendor who offers SOC-as-a-service solutions to provide comprehensive protection for their clients.
- Follow the “cyber kill chain” method of creating concentric rings of security around data. The security solution should be able to identify threats and isolate them before they can move through the network. That should require multiple levels of detection and protection.
- Establish service levels regarding response. Map out how alerts should be shared, and identify individual roles in response and mitigation. Establish an action plan with metrics to help gauge effectiveness.
- Use standardized frameworks based on cybersecurity standards like the NIST Cybersecurity Framework. This provides an easily understandable roadmap for deployment and a way to measure performance.
A Security-first Strategy for AI
As more companies adopt AI for their general business applications and security solutions, cyber hygiene, security readiness, and training will be even more important. MSPs can help their clients protect against attacks while ensuring the success of their AI deployments through the types of cyber hygiene programs outlined above.
Greg Saenz is vice president of channels for the Americas at Barracuda.
Featured image: iStock
