The security landscape is a minefield for small businesses, and their service providers. After a year of high-profile cybersecurity stories – from WannaCry to Equifax to Spectre and Meltdown – providers are facing difficult conversations with their clients about their preparedness against attacks.
But, those conversations will be far more complicated if they’re brought on by an unexpected security event. Providers need to work quickly and confidently to identify potential security blind spots not only for their clients, but in their own organizations, to maximize the security opportunity and prevent those difficult conversations from becoming business-ending ones.
Blind spot #1: Alert fatigue
The widespread perception of security alerts is that they flash on a technician’s screen like a ‘red alert’ on the command deck of a naval submarine, prompting a rapid response to remediate the issue. In reality, the average service provider’s technician spends their day managing all sorts of alerts – patches, system faults, and new user requests – all of which are often presented as urgent and immediate.
Amid this deluge of alerts could be the early warning signs of a breach, but a technician can’t easily process the red herrings from the early symptoms of an attack. By the time they do detect a threat, there may have been a handful of warning signs that went unnoticed, such as protections not running correctly or multiple issues impacting the same resource.
Technicians are only human. If providers are to eliminate this blind spot, they need to arm their technicians with smart, intelligent tools to help them sort the wheat from the chaff when managing endpoints. Powered by automation and machine learning, these tools could flag the earliest symptoms of a threat and recommend remediation steps before a breach occurs.
Blind spot #2: Mismatched expectations
Picture this: A burglary takes place at your house, and you contact your home security company to ask them why your alarms weren’t triggered. They tell you that the alarms you purchased are working fine, but that the burglar entered your home using a new technique, and your existing system doesn’t protect you against that.
How likely are you to retain the services of that security company?
Much like homeowners turning to home security to protect their loved ones and their belongings, businesses look to their service providers to protect their infrastructure from potentially catastrophic attacks. But, thousands of providers and their clients are in a dangerous position today, with mismatched expectations over what those clients are protected against.
The changing threat landscape makes this particularly dangerous: MSPs may offer protection against new attack vectors, but existing SLAs may need to be adjusted to accommodate that protection. Service providers must be clear with their clients regarding what they are protecting against, and what they may need to change to protect against new threats. And, those providers must ensure they have a clear understanding of their own security capabilities, or they risk overpromising protection to their clients.
Blind spot #3: Untrained employees
All the tools in the world can’t protect an organization from a user dropping their guard and clicking a suspicious link in an email, downloading a malicious file masked as a well-known application, or creating easily-cracked passwords. Attacks designed to trick users have been well-publicized for years, yet they remain the biggest ongoing threat to businesses: a successful phishing attack, for example, costs mid-sized businesses $1.6 million on average.
Service providers need to make their clients aware that their employees could be security blind spots within their own organizations, and build programs that help educate users about the changing threat landscape. What’s more, illuminating this blind spot creates multiple opportunities for service providers, as they maintain client relationships through regularly scheduled trainings on new threats, and expand the number of touchpoints within their client organizations.
Shining a light before it’s too late
Security is likely to be the leading reason why service providers will be hired – and fired – in 2018. This could happen in a number of ways: a client may question their existing protections as they learn more about a recent high-profile attack, or they may demand answers from their provider in the wake of their own damaging breach.
Service providers must examine their own tools and practices, as well as their clients’, to identify any security blind spots. They should do so not just out of fear of losing their existing client base, but in pursuit of the new opportunity to build revenues by selling a more complete security offering. We can be certain, though, that as the cybersecurity threat grows and diversifies, these blind spots threaten the survival of today’s service providers.
About Brian Downey
Brian Downey, Continuum