Introduction
Key Takeaways
Doing business has inherent risks and our expanding threat landscape, supply chain issues, and increased cybercrime create turmoil for modern businesses. Unfortunately, many organizations just don’t have the skilled staff, resources, or experience to keep up with our rapidly changing environment.
Two years ago, most organizations would have put pandemic impacts on the list of Black Swan disruptions, but today, it’s a reality further compounded by multiple disruptive events happening simultaneously while our teams are still improving their pandemic response capabilities.
As an MSSP, your organization has a unique set of risks. Not only are you responsible for maintaining your own compliance and security programs, you must do the same for your clients.
As your organization grows, your internal security management issues expand exponentially as you win new business and help existing clients succeed and scale.
So, how do you keep up? How do you build proactive response programs, while managing existing threats?
The Risks for MSSPs are Real
The risks are vast and it’s impossible to anticipate and plan for every disruption that might affect your operational resilience. What you can do is develop robust, flexible cybersecurity and compliance plans that respond to any type of disruption that may occur, while focusing some attention on those you can expect. It’s also helpful to have an understanding of your threat landscape, especially when cybercrime often tops risk-managers’ lists of concerns.
Cybercrime is on the rise around the globe. We’ve seen an uptick in successful breaches and records exposures in many industries, with healthcare and other critical services operations caught in attackers’ crosshairs.
Positive Technologies released its Penetration Testing of Corporate Information Systems report during the first year of the pandemic that revealed that penetration testers could successfully breach network perimeters for 93% of companies.
Another report from Check Point Research paints an even more grim picture, saying that there were 50% more attack attempts per week against global corporate networks in 2021 than the year before.
And not only are there more successful breaches and attempts, the costs of these breaches continue to rise. IBM’s Cost of a Data Breach Report found that 2021 had the highest average data breach cost in the past 17 years, reaching $4.24 million in 2021. New risks and exposures from pandemic driven remote workforces are likely to play a role.
Let’s take a look at the top four security threats MSSPs face and what you can do to help mitigate them.
Increased ransomware
In the same vein as cybercrimes, ransomware is a growing threat for MSSPs. Attackers target interconnected systems and hope MSSPs managing multiple clients have a security vulnerability somewhere they can exploit and make lateral movements, undetected, across multiple systems. That means not only are you at risk, but so are your clients.
In fact, AT&T cites in its 2021 Cybersecurity Insights report that ransomware is a feared adversary, where attackers are refining their tactics beyond credential stealing or shutting down a system or two. Today, attackers quickly take out entire networks in a matter of minutes or they linger undetected moving through systems exfiltrating data and credentials for months or longer before they’re discovered.
As we mentioned with the cybercrime issue as a whole, the move to fully remote or hybrid remote workforces has fueled ransomware proliferation, making it harder for most organizations to keep up with all the risks.
The solution: Wrap your services around a cybersecurity management platform to manage your cybersecurity frameworks. A multi-tenant GRC platform will help you build or employ specific frameworks and controls for each client to meet their unique needs.
Additional business interruptions
Business interruptions have always been an issue for organizations. But many still struggle with getting their arms around practices that strengthen their business continuity and operational resilience programs.
Some organizations focus exclusively on building business continuity plans around natural disasters. But the reality for businesses today is that the potential for an unpredictable business disrupting event is ever-growing and it is the new normal.
It's not surprising then that Gartner found that 70% of CEOs say that by 2025 they will mandate a culture of organizational resilience so they’re better poised to survive these mounting coincidental threats such as cybercrime, civil unrest, political instability, and weather.
The solution: Using a GRC platform to manage all of your business continuity and related frameworks, controls, and sub-controls helps you manage business interruptions more efficiently.
More laws, more regulations, more compliance
The list of legal, regulatory, and compliance mandates for organizations around the globe is growing. Gone are the days where industries may have one or two requirements to adhere to. In the U.S. there are overarching regulatory mandates on the federal, industry, and state levels for privacy and cybersecurity.
As requirements grow, it’s going to be increasingly difficult to manage your own MSSP requirements, let alone all the requirements and standards that will be unique to each client. If clients operates across multiple states or internationally, the list of requirements is even more complex.
Not only will you be expected to keep up with managing all of those requirements, you’ll need to be hyper aware of any changes and what those changes mean for your growing client base.
The solution: Managing your business continuity and disaster response programs on spreadsheets or word processing tools means you’re doing twice the work for half the return. A GRC platform would help you manage frameworks and controls and ensure operational resilience not just for your organization, but for all the clients you manage.
Increased large, complex breaches
We’re not just seeing more breach attempts and record exposures across industries; today’s attack vectors are complex and breaches are more frequent.
This in itself increases risk for your organization AND your clients.
Fully-remote or hybrid work environments increased organizations risks of successful breaches because modern business is no longer contained inside a single building or within a protected network. Today, employees work from a range of locations—offices, homes, cars, and places like restaurants and coffee shops. And, unfortunately many do so without a real understanding of the risks those environments introduce into the business.
As such, cyber hygiene best practices will be paramount for MSSPs and their clients today and in the future. Splunk’s Data Security Predictions 2022 report emphasizes this, saying organizations will need consistent security practices such as full-patching, multi-factor authentication (MFA), and asset identification among other best practices.
The solution: Your needs as an MSSP and each of your client’s needs will be unique, varied, and always evolving. A GRC platform gives you insight into all your cyber hygiene practices to identify issues for your organization AND each client—preferably with intuitive, customizable dashboards.
Conclusion
If the past two years are our baseline, we can deduce going forward security threats for MSSPs and their clients are only going to increase, evolve, and become more complex. If you’re waiting for an audit or assessment to identify where you have security issues, you’re already many steps behind your potential attackers. Don’t be left scratching your head when your clients ask you how it happens. Keep security for all of your clients top of mind with a GRC platform that helps you build manage and report on your cybersecurity programs.
Have questions? Want to know more about how you can work harder, not smarter for your clients and improve their cyber hygiene? Contact Apptega to learn more about how to ride the GRC wave today.