Help! We’re being attacked!
An interview with an MSSP on how MSSPs can help
According to a research study published in Help Net Security, malware had increased by 358% and ransomware by 435% in 2020 compared to 2019. And new malware is continually being churned out – Comparitech reported that as of June 2021, there were 92.45 million new malware compared to 137.1 million in 2020, with a new high expected before the year’s end. To make matters worse, 93.6% of malware in 2019 was observed to be polymorphic – meaning they could constantly change their code to evade detection.
It is no longer a question of IF or even WHEN, but HOW OFTEN a cyberattack will occur. If you think that such attacks occur mainly in the US or Europe, think again: according to the Cisco/Cybersecurity Ventures 2019 Cybersecurity Almanac, companies in Asia Pacific received 6 cyber threats every minute. And you are mistaken if you think that only the larger companies are targeted – Cybersecurity Ventures estimated that more than half of all cyberattacks are made against SMBs.
With the threat landscape constantly growing and evolving, organizations are increasingly finding it difficult to keep their cyber security up to scratch. It is no wonder then, that more and more of them are turning to MSSPs (Managed Security Service Providers) to beef up and supplement their IT security, with MSSP Alert reporting that roughly 70% of organizations are planning to outsource their security to an MSSP or MSP (Managed Service Provider) in the next 12 months.
But which type of organizations would best benefit from using an MSSP, and just how can an MSSP help? To find out, NetGain Systems spoke to Mr Cedric Lim, Managing Director of Embrio Enterprises Pte Ltd, a Singapore-based company that is both an MSP and an MSSP to Asia-based clients with a global footprint.
WHO SHOULD ENGAGE AN MSSP
Mr Lim seconds the notion that every organization, regardless of its size or business, is open to cyberattacks so long as it is connected to the Internet or receives external email. But, as Mr Lim explains, the seriousness of a potential cyberattack would depend on its Impact and Severity:
- Impact – the extent of the organization’s system resources affected by an attack
- Severity – the extent of the damage caused by an attack
These two taken together will help determine the seriousness of a cyberattack, and whether it warrants getting additional help like engaging the services of an MSSP. “The organizations that would benefit best from using an MSSP would be those with high impact and high severity,” says Mr Lim. This would include those with systems involving real-time transactions, eg, airlines and financial institutions, those with public-facing front-end systems, and those dealing with sensitive and classified data.
WHAT TO ENGAGE AN MSSP FOR
But because MSSPs offer a wide and modular range of services, any organization can easily benefit from their offerings by picking and choosing an MSSP’s services to augment their cyber defenses. According to Mr Lim, an MSSP offers services that cover 4 broad areas:
- Ensuring a security framework is in place
This includes drawing up security policies and SOPs that would be in compliance to security standards, and industry or government regulations.
- Prepping the IT network and systems for Security Management
This involves security consultancy services to ensure that the organization’s IT security can be effectively and comprehensively managed.
- Security Operations and Management
An experienced threat response team using appropriate tools would monitor and respond to threats encountered by the organization, including threat correlation, threat notification, and threat resolution or mitigation.
- Audits and security re-alignment
Penetration testing and tools that scan and check for vulnerabilities are used to check an organization’s cyber defenses. Patches and updates are applied to deal with new threats, and recommendations to manage the changing threat environment or to be in line with new security standards are suggested or implemented.
“Because an MSSP’s services are modular, organizations just need to subscribe to those services that they want,” says Mr Lim. “There is no compulsion to get the full suite of services.” That said, Mr Lim believes that an organization would derive the greatest help and benefit from an MSSP by engaging its Security Operations and Management services. “The monitoring, tracking and resolution of security incidents forms the most important part of an organization’s cyber defense,” he says, “and I would always encourage an organization to trust an MSSP to do this best.”
HOW TO ENGAGE AN MSSP
In engaging an MSSP, and in particular for an organization wanting to manage some aspects of its cyber defenses while engaging the MSSP for others, Mr Lim says it is important to have clearly defined SOWs (Statement of Works) and SLAs (Service Level Agreements) that spell out the objectives and measurements of what the MSSP is to cover. He also suggests having a secondary, non-legal, operational-level type agreement specifying areas of responsibility, dispute resolution, and what constitutes satisfactory completion of work. He adds, “For a successful MSSP engagement, it is important for both parties to have good communications at the outset and throughout the engagement, and to continue to seek ways to work better together.”
WHY ENGAGE AN MSSP
Mr Lim believes that MSSPs will continue to play an important role in securing the IT network and systems of organizations. He points out that an MSSP has the breadth and depth of many experts focused on cyber security, with the accumulated experience of working with many customers across different industries. This is something not many organizations other than the really very large ones can match, and allows an MSSP to secure organizations, big or small, a lot better than if the organizations were to do so on their own.
WHEN TO ENGAGE AN MSSP
Mr Lim says that it is never too early for an organization to engage an MSSP to help put up defensive measures. “There will always be organizations who are not so well trained or organized in cyber security,” he says, “and they may want to engage an MSSP to set up their security properly and manage their security operations.” He adds that when an organization is ready and would like to, it could disengage the MSSP and have the MSSP hand over all or part of its security operations back to it.
Cyberattacks are here to stay, and continue to grow in frequency and sophistication. As you prepare and manage your organization’s cyber defenses, it is reassuring to know that with an MSSP, help is at hand and you need not face cyberattacks alone!
Embrio Enterprises uses NetGain Systems’ software solutions to keep their customers secure.