• Expert Comments
  • Security Articles
  • News
  • Study & Research
  • How To
  • ISBuzz Expert Panel
    • InfoSec Expert Biographies
  • Security Videos
  • Security Education
  • Information Security Buzz

    Information Security Buzz

--

  • April 25, 2018
  • Follow us on Facebook
  • Follow us on Twitter
  • Follow us on YouTube
  • Follow us on Pinterest
  • Follow us on Linkedin
  • Events and Conferences
  • InfoSec Companies
  • InfoSec Training Providers
  • Cyber Insurance Providers
  • Advertise With Us
  • Free Resources
  • home
  • Hacked
  • IoT
  • Cloud Security
  • Mobile Security
  • Network Security
  • Application Security



  • Information Security Buzz
  • Expert Comments
  • Security Articles
  • News
  • Study & Research
  • How To
  • ISBuzz Expert Panel
    • InfoSec Expert Biographies
  • Security Videos
  • Security Education

Identifying Security Blind Spots For You And Your Customers

By Brian Downey
March 16, 2018

The security landscape is a minefield for small businesses, and their service providers. After a year of high-profile cybersecurity stories – from WannaCry to Equifax to Spectre and Meltdown – providers are facing difficult conversations with their clients about their preparedness against attacks.

But, those conversations will be far more complicated if they’re brought on by an unexpected security event. Providers need to work quickly and confidently to identify potential security blind spots not only for their clients, but in their own organizations, to maximize the security opportunity and prevent those difficult conversations from becoming business-ending ones.

Blind spot #1: Alert fatigue

The widespread perception of security alerts is that they flash on a technician’s screen like a ‘red alert’ on the command deck of a naval submarine, prompting a rapid response to remediate the issue. In reality, the average service provider’s technician spends their day managing all sorts of alerts – patches, system faults, and new user requests – all of which are often presented as urgent and immediate.

Amid this deluge of alerts could be the early warning signs of a breach, but a technician can’t easily process the red herrings from the early symptoms of an attack. By the time they do detect a threat, there may have been a handful of warning signs that went unnoticed, such as protections not running correctly or multiple issues impacting the same resource.

Technicians are only human. If providers are to eliminate this blind spot, they need to arm their technicians with smart, intelligent tools to help them sort the wheat from the chaff when managing endpoints. Powered by automation and machine learning, these tools could flag the earliest symptoms of a threat and recommend remediation steps before a breach occurs.

Blind spot #2: Mismatched expectations

Picture this: A burglary takes place at your house, and you contact your home security company to ask them why your alarms weren’t triggered. They tell you that the alarms you purchased are working fine, but that the burglar entered your home using a new technique, and your existing system doesn’t protect you against that.

How likely are you to retain the services of that security company?

Much like homeowners turning to home security to protect their loved ones and their belongings, businesses look to their service providers to protect their infrastructure from potentially catastrophic attacks. But, thousands of providers and their clients are in a dangerous position today, with mismatched expectations over what those clients are protected against.

The changing threat landscape makes this particularly dangerous: MSPs may offer protection against new attack vectors, but existing SLAs may need to be adjusted to accommodate that protection. Service providers must be clear with their clients regarding what they are protecting against, and what they may need to change to protect against new threats. And, those providers must ensure they have a clear understanding of their own security capabilities, or they risk overpromising protection to their clients.

 Blind spot #3: Untrained employees

All the tools in the world can’t protect an organization from a user dropping their guard and clicking a suspicious link in an email, downloading a malicious file masked as a well-known application, or creating easily-cracked passwords. Attacks designed to trick users have been well-publicized for years, yet they remain the biggest ongoing threat to businesses: a successful phishing attack, for example, costs mid-sized businesses $1.6 million on average.

Service providers need to make their clients aware that their employees could be security blind spots within their own organizations, and build programs that help educate users about the changing threat landscape. What’s more, illuminating this blind spot creates multiple opportunities for service providers, as they maintain client relationships through regularly scheduled trainings on new threats, and expand the number of touchpoints within their client organizations.

Shining a light before it’s too late

 Security is likely to be the leading reason why service providers will be hired – and fired – in 2018. This could happen in a number of ways: a client may question their existing protections as they learn more about a recent high-profile attack, or they may demand answers from their provider in the wake of their own damaging breach.

Service providers must examine their own tools and practices, as well as their clients’, to identify any security blind spots. They should do so not just out of fear of losing their existing client base, but in pursuit of the new opportunity to build revenues by selling a more complete security offering. We can be certain, though, that as the cybersecurity threat grows and diversifies, these blind spots threaten the survival of today’s service providers.

About Brian Downey
Brian Downey, Continuum

OUR INFORMATION SECURTIY NEWS CHANNEL





RECOMMENDED CONTENTS






Recent Posts

  • Malware-Virus-2-165x60.jpg
    New Lastline Report Finds That 90 Percent Of Malware It…
    Lastline Inc.
  • LinkedIn-165x60.png
    LinkedIn Autfofill Plugin Flaw Allowed Hackers To Steal Users Personal…
    Martin Jartelius
  • security-4-165x60.png
    Atlanta Spending $2.7 Million On Ransomware Cyber Attack; Ransom Was…
    Ilia Kolochenko
  • threat-intelligence-1-165x60.jpg
    What Exactly Is ‘Cryptojacking’, And How Can Businesses Respond To…
    Ben Williams
  • vulnerability-12-165x60.jpg
    FDA Majorly Concerned Over Cybersecurity Vulnerabilities In Medical Devices
    Lamar Bailey

InfoSec Jobs From ISbuzz Dot Jobs
ISPs In Turkey, Syria, Egypt Installing Mining, Surveillance Malware
Previous
Smaller businesses not protecting Over 360,000 Affected By Florida School Data Breach
Next

isbuzz logo

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the best in breaking news for the information security community.


Follow Us

Connecting InfoSec with News

ABOUT US

CONTACT US

CONTRIBUTING AUTHORS

Connecting You with InfoSec

ADVERTISE WITH US

BE PART OF OUR INFOSEC AUTHOR COMMUNITY

DIRECTORY LISTING (INFOSEC COMPANIES TO WATCH)

PUBLISH YOUR INFOSEC EVENT OR CONFERENCE

TRENDING THIS WEEK

  • SANS Experts Share Five Most Dangerous New Attack Techniques
    SANS 
  • Botnets Remain A Persistent Cyber Threat
    CenturyLink
  • Russian Cyber Threat
    Security Experts
  • Grenfell Data Breach
    Jon Fielding
Back to top
  • Expert Comments
  • Security Articles
  • News
  • Study & Research
  • How To
  • ISBuzz Expert Panel
  • Security Videos
  • Security Education

Copyright © 2016 ISBuzz News.