Alex Bransome, CISO at Doherty Associates discusses what MSPs can do in order to provide an enhanced service offering and best in class cybersecurity service for SMBs in challenging time
Ensuring the basics are covered is critical for any SMBs’ security program. Without the foundational basics in place, more advanced tools and services may be ineffective, allowing gaps to remain despite investment in more advanced controls. Cyber Essentials for example is a great foundation for SMBs which can significantly help to reduce their exposure to the most common threats.
MSPs are uniquely placed to deliver effective security services due to the context they already have around their customers’ people, processes and technology. This context becomes critically important when it comes to taking the right response to security incidents and helping improve security posture. Combining this context, with a holistic security toolset like the Microsoft XDR stack, that correlates alerts across key pillars such as identity, cloud services, on-premises infrastructure, and data, you start to see how this can become very powerful for SMBs.
The quality of the response when a security alert is first presented to the service desk team can make the difference between a small incident that is contained with speed and accuracy, vs something turning into a major breach. Therefore, MSPs must begin upskilling their existing 24/7 support teams with security expertise, to ensure they can recognise and respond effectively to the threats their customers face.
Key areas of focus
Traditionally, MSPs have focused mainly on protective technologies, such as anti-malware and firewalls, to protect their customers against cyber-attacks. However, as we have seen time and time again, we know that to defend against the modern cyber-attacks of today, organisations require more than just protective solutions. We would recommend that MSPs work with their customers to frame their security programs through the lens of the NIST Cyber Security Framework, which looks beyond just protective controls, and consider equally important areas. This starts with identifying the risks that are applicable to them, and in addition to applying protective controls, equally focusing on areas of their program that allow the business to detect, respond and recover from threats that will, inevitably, bypass protections. This concept of “assume breach” is very important and is not something reserved for the enterprise.
The right capabilities
Not all MSPs are in the position to deliver security detection and response services. Those that have already invested in 24/7 support teams, internal security expertise, and the right holistic security technologies, are however, certainly very well placed. We have seen an increase in holistic security platforms that are targeted for use by IT teams, not just dedicated security personnel. This empowers IT teams, and MSPs to provide effective security services to the SMBs they support.
Security capabilities available to SMBs today are now more attainable than they have been in the past. Programs like Cyber Essentials provide cost effective ways of ensuring the basics are in place and periodically reviewed.
Finally, taking it back to the NIST CSF framework, MSPs should help their SMB customers focus on identifying the risks that are critical to their businesses, through risk led discussion, and threat modelling. Once the ‘crown jewels’ have been identified, and the potential ways of stealing them have been mapped out, SMBs can prioritise their security programs based on cost, benefit, and risk.