Our cyber security products span from our next gen SIEM used in the most secure government and critical infrastructure environments, to automated cyber risk reporting applications for commercial and government organisations of all sizes.
MSSPs should seek to educate rather than scare their customers about cyber attacks. Take your customers on a security journey by educating them on the threats facing their unique kind of business rather than presenting them with irrelevant facts and figures.
As a managed security services provider (MSSP), your operations centre is continually monitoring all sorts of threats and issues and building rules to detect thousands of attack patterns that could be targeting any your customers. It’s important, therefore, you don’t perpetuate the sensationalism that overwhelms them since this can be dangerous as it serves only to instil fear and nihilism.
Data breach media announcement
It’s a fact that in the next calendar year, a number of businesses will not be hacked. Your MSSP business could go the entire year without a single security incident, especially if you have a small number of clients. Of course, the media will be shouting about the biggest incidents, such as those large Anthem or Sony-sized breaches affecting millions of customers and costing millions of dollars. Whilst this coverage is helpful context for small businesses it is not always directly relevant.
Educating your customers on what the real threat environment is for them and showing them the value of a trusted security advisor will serve to build a strong working relationship.
Attention grabbing headlines and news reports, such as an article from Forbes in 2018, makes the mission of MSSPs much harder, since these headlines serve to sensationalise and exaggerate the true cost cyberattacks. One Forbes article says, “Globally, the impact of a data breach on an organization averages $3.86 million.” The issue for most MSSPs is that these figures are meaningless when calculating the potential cost of a data breach to their business. Yet businesses are scared when they see these headlines as even small companies feel their exposure is an existentially large amount of money.
Averages like these are always skewed towards the high end since mega-breaches cost so much to rectify. For most businesses, however, such as a medium sized manufacturing company or high-street travel agency, they may have an annual revenue $5 million and a small number of customers. They would likely store that customer data, such email addresses, invoices and contact details, as hardcopies in a cabinet, with electronic copies potential stored in a cloud service used for invoice and account management – something like SalesForce perhaps. A breach certainly wouldn’t cost them anywhere near $3.86 million in terms of notifying customers, providing compensation, as well as incident response and systems recovery.
In fact, if the company notified the privacy commissioner (where required) and already had some reasonable security controls installed on their systems, the cost of this breach might be in the lower thousands. This is the reality that you should be explaining to organisations, while pitching the value of your services as a trusted advisor.
Rather than distracting your prospects with news of mega breaches they can’t relate to, show them exactly what security controls they should focus on and why. By detecting and responding to the threats in their environment, whether they are insider or external threats, will reduce risk.
Making the decision to reduce risk
If you are a service provider already offering managed ICT to organisations it is likely you already support Internet firewalls, antivirus software and computer operating systems. You may also offer additional security services such as taking regular backups (and ensuring they are recoverable), managing remote access systems and ensuring users can only get to the data they are supposed to.
Since most Managed ICT service providers include all of these security controls, it’s not too much of a step to take on the core security service that turns an MSP into an MSSP. In doing so, the customer can come to you with the confidence that you are providing sound, specific and relevant advice to them and they no longer need to worry about unquantified, erroneous and irrelevant threats.
The one security control that really defines a managed security services provider above all else is protective monitoring. Using a security technology, known as a SIEM (security information and event management), you can take all the logs provided by customers firewalls, servers, authentication systems, cloud services, network appliances and applications, and make sense of them.
The next step up to providing a joined up picture of security isn’t as hard as you may think, since the SIEM does most of the heavy lifting. You can model the basic threats, such as ransomware attacks, attacks on databases and applications, and even malicious insiders stealing data in a way that doesn’t scare the customer, rather the customer begins to understand these safeguards and gets into the mindset of helping model the threats in context of their own business.
Over time, you can introduce more rigour and detailed threat modelling into the SIEM so that more complex and esoteric threats can be detected. Your customers will develop an understanding of security in a more structured way and won’t be beholden to media sensationalism, so they will see the true value of engaging with your services, while dismissing the fearmongering for what it is.
Next-generation SIEM software provides many advanced security profiling and threat detection capabilities right out of the box. For example, Behavioural Anomaly Detection (BAD) builds a profile of the network and user behaviour and notifies the SOC when something unusual occurs. You can demonstrate this to your customers once the profile has been established (baselining takes a few weeks to learn what normal looks like).
If you’d like to learn more about next generation SIEM, download the guide below.
<<< Part 2a: Australia’s Essential Eight: Beyond Endpoint Control <<< Part 2b: Activating UK NCSC & US NIST Guidelines: Beyond Endpoint Control Part 4: Systematic Measurement of Cyber Controls >>> As much as we invest into cyber security controls, external threats are inevitable. In a recent Notifiable Data Breaches Report from the Office of the […]Read more
Keen campers, scouts and even the Swiss Army know – that a good penknife is indispensable. This simple device has mitigated many a disaster at one point in time or another. Whether it’s to cut through a bit of string, tighten a screw or simply to solve the problem of no bottle opener in the […]Read more
Supply chain risk is an area of cyber security that demands the ongoing attention of every enterprise; because it can make the difference between being resilient or not. It’s no surprise that insurers warn that the vulnerability of supply chains is potentially a systemic risk that can quickly propagate across supply chain dominated industries. Organisations […]Read more
It took a “tripartite cyber assessment” by the Australian Prudential Regulation Authority (APRA) to identify that a sample of financial organisations had inadequate cyber security: poor security control management, a lack of business recovery planning and inadequate 3rd party risk assessment. Why were there gaps? Where is the failure? Clearly the common practice of unsubstantiated […]Read more
The discussion over data-driven vs qualitative cyber security assessment has been going for some time. Nowadays, it is at the top of the priority list for many security and senior executive teams. Managing cyber security has always been a noble ambition but without reliable measurement, the lack of actionable information makes evidence-based management decisions almost […]Read more
Attack Surface Management (ASM) characterises a business’s security risks as the monitoring and risk mitigation of a constantly changing and vulnerable “risk-surface”. Importantly, this attack surface extends to both internal and external assets and services. Some ASM solutions deliver clear visibility across both Internet facing and internal assets. Others do not. Instead, they assess external […]Read more
The UK Government has released its annual “Cyber Security Breaches Survey 2023”. It provides some valuable insights into how cyber security is currently being managed in the UK, by a range of organisations. It also speaks to how current competing economic priorities are impacting the effectiveness of some cyber security management efforts. The full report […]Read more
Solving the mismatch between cyber security reporting and directors’ requirements You are undoubtedly familiar with the headlines; you may have even become in part desensitised to them: ‘Cyber-attacks are increasingly damaging’, or ‘large amounts of personal data are most at risk’. The important take-away, however, is that modern day thieves can easily gain access to […]Read more
A system to address the untrustworthy security environment Zero trust approaches to security have been talked about for a while; but in recent times they have certainly gained more currency. As a model for protecting data and services, the simplicity of the concept is its biggest strength – assume, as a default position, there is […]Read more
The ongoing protection of Critical Infrastructure from cyber-attacks has implications for us all – whether it’s supporting our health, well-being or simply our way of life, there is good reason to reflect on the effectiveness your cyber security. Cyber security risks are nothing new and the vulnerability of critical infrastructure to them (and the heightened […]Read more
Read by directors, executives, and security professionals globally, operating in the most complex of security environments.