Putting the S in MSSP Part 3: Examining the Lifecycle of a Cyber Attack
“Putting the S in MSSP” is a blog series that aims to set up MSPs to succeed as managed security services providers (MSSPs) by offering the insights and recommendations you need to profit from this new and important line of business. Throughout this six-part series, you’ll learn how to become a comprehensive MSSP who can secure small- and medium-sized businesses (SMBs) with the tools needed to tread the modern threat landscape without fear.
In the first part of this series, we offered tips on how to begin defining and deploying the three pillars of cybersecurity. In part two, we went on to talk about the three major pitfalls of managing multiple security vendors. In this post, we will examine the lifecycle of a cyber attack, providing insight on how to devise a solid remediation plan and manage vulnerabilities.
What You Don’t Know Can Hurt You
Today, many SMBs don’t understand how the threat landscape is evolving, what types of threats are out there and, most importantly, how to combat them. Cyber attacks keep slipping through the cracks due to inadequate training and education. In fact, 47 percent of SMBs do not have employee security awareness and training programs in place, causing 42 percent of SMB employees to not know what to do if their business experiences a cyber attack. This leaves businesses dangerously vulnerable, especially with ransomware rampantly on the rise and virtually every device now hackable. All it takes is one wrong click.
What happens next? That curious click on a phishing email unleashes the ransomware, which then locks down the employee’s files. Then, if not properly secured, it spreads to other desktops and servers on the network. What’s more, your valuable data will be encrypted until the ransom is paid, and possibly marked for deletion—with portions of your business data deleted permanently. Without vigilant vulnerability management, an entire business could shut down in a matter of hours.
A Plan for Remediation
To survive an attack such as this, it’s crucial that businesses prepare for threats in accordance with their requirements, risk tolerance and resources. MSPs should encourage their clients to create a roadmap for reducing cybersecurity risk that is well aligned with organizational and sector goals, considers legal/regulatory requirements and industry best practices and reflects risk management priorities.
The image below, from the NIST Framework for Improving Critical Infrastructure Cybersecurity, demonstrates an effective framework for meeting cybersecurity risk management objectives across an organization.
As you can see, this remediation plan flows down from the senior executive level to process and operations, as priorities inform framework profiles and drive the progress of vulnerability management implementation. When all parties remain aligned and can proactively adapt to changes in the threat landscape, the organization will be able to remain vigilant and manage risk. This approach to risk planning allows an organization to determine the activities that are most important to critical service delivery. Also, it enables them to prioritize expenditures to maximize the impact of the investment—which is particularly useful for SMBs.
It is important to note that no matter how well prepared for a cyber attack a business may be, cyber attacks are likely to slip through. It’s simply the nature of today’s threat landscape. However, you can properly outline a plan of attack, isolation and remediation with the following three tips:
- Directly after the infection is detected, disconnect from the network and stop backing data up immediately. This will stop the malicious software from overwriting clean backups with infected files.
- Remove the ransomware and clean computers of malicious software. If you have a good restore, remove all traces of ransomware using antivirus software or an appropriate malware remover. This way, you are effectively forfeiting your ability to unlock files by paying the ransom.
- Restore from the most recent clean backup.
Achieving Business as Usual
True vulnerability management enables businesses to withstand the inevitable cyber attacks that threaten their profitability. As an MSP working to offer true security to your clients, your only scalable option is a comprehensive approach to protecting your end users’ businesses, using the ability to quickly detect, prioritize, remediate and report on every cyber attack in order to avoid disaster. With a well thought out cybersecurity framework fit to the organization’s needs and multiple layers of defense, an attack doesn’t have to be disastrous. Following the aforementioned tips will help your clients achieve business as usual: no ransom paid, no files lost and no extended downtime.
Come back next week to take this knowledge a step further by uncovering the most effective ways to speak to your clients about the topic of cybersecurity.
Bonus: Sell more of your cybersecurity services with Continuum’s sales success kit! It includes custom, white-label content you can leverage to tailor your pitch and grow revenue by cross-selling existing clients or attracting new business. Get the kit here!