7 Lessons Learned from Cybersecurity Experts in 2021

Cybersecurity incidents continue to dominate headlines and threats continue to escalate and get more complex. All companies need to stay cyber resilient, learning from other security leaders and those with experience mitigating and defending against the latest threats.

To help that cause, MJ Shoer, CompTIA senior vice president and executive director of the CompTIA ISAO, recently completed the second season of his Shoering Up Security YouTube series, interviewing weekly guests about challenges and trends in the cybersecurity space and what MSPs should know. Here are some highlights and lessons learned from each Season 2 episode, all available now on YouTube:

How to Use an ISAO: One MSP Use Case

In a fast-paced industry like cybersecurity, it can be difficult to stay on top of every new incident. Initiatives like the CompTIA ISAO can provide threat intelligence, alerts, and other timely information to help you stay ahead, but how should organizations use it? Matthew Lang, CISO with IND Corp., a Whippany, N.J.-based MSP, told Shoer that his company uses the ISAO to stay on top of threats in real time, which helps mitigate damage for some customers and prevent incidents for others.

MSPs can collaborate with other professionals in the ISAO to brainstorm strategies for mitigation and resolution. “It allows me to drive action quickly,” said Lang. “It’s definitely contributing to making our clients more secure.” The forum and notification tools are also helping to raise awareness across the industry.

Compliance is another issue that MSPs must take seriously, according to Lang. CompTIA ISAO membership can show MSPs their adherence to compliance regulations while building resiliency. “Resiliency isn’t about fixing the problem, resiliency is about explaining risk and figuring out how to remediate that risk,” said Lang.

You’ve Been Breached, Now What?

Many cybersecurity experts have noted that it’s a case of when, not if, businesses—including MSPs—will be targeted in a cyberattack. Chris Loehr, executive vice president and CTO with Solis Security, an Austin, Texas-based cybersecurity and tech services firm, sees up to 10 breaches a day, including many targeting MSPs. “When it comes to ransomware, MSPs are the big fish,” he said. “It’s just too easy.” Attacking an MSP gives threat actors access to customer data from multiple customers at once. Shoer noted that the problem is akin to an inverted funnel. “You attack an MSP at the neck of the funnel, and you get access to the whole wide mouth that’s out there,” he said.

A large part of preparation means putting appropriate policies and procedures in place, but each should be treated as separate initiatives, Loehr said. Policies demonstrate what you do as education for your customers and your procedures tell your internal people what to do during a breach.

How One MSP is Showcasing Cybersecurity Credibility

MSPs run the gamut in terms of cybersecurity prowess, so it can be difficult to demonstrate credibility in that area to customers. Corey Kirkendoll, president and CEO of 5K Technical Services, an MSP in Plano, Texas, uses the CompTIA ISAO to showcase its dedication to cybersecurity protocols. “In this game, it’s all about information,” mentioned Kirkendoll. “Having access to the ISAO is important to us because we are able to get some really good information and really good insight from others to help weed out the news.”

Kirkendoll asserts that access to real-time information sets his MSP apart from others because his team is better equipped to manage incidents. His customers see that his team is actively managing incidents and providing updates when that isn’t possible. “Even if we’re not actively participating, I hear my peers going through things that we just got out of, or that we haven’t gone through. It’s very helpful,” he said.

The Value of Cybersecurity Threat Intelligence

Highly publicized cyber incidents can make it difficult for security pros to manage through an event if they have to sift through all the information streaming in from many directions. Vetted threat intelligence allows security pros to share valuable information about response techniques and mitigation, which enables faster resolution for others who are affected.

“MSPs and MSSPs really have to become more proactive in their approach to protecting their customers and threat feeds make that possible,” said Scott Williamson, vice president of information services with True Digital Security, a security and IT management services firm based in West Palm Beach, Fla.

Williamson and Shoer noted that security is a team sport—and success comes through working together to share information. As lessons are learned, will we improve our collective response capabilities. “The learning from threat feeds and the automaton come together to improve our ability to become more proactive,” said Shoer.

Lessons Learned: SolarWinds CISO Details 2020 Incident from Realization to Response

The SolarWinds incident earlier this year was unique because it targeted the supply chain and was eventually determined to be a state-sponsored attack. Tim Brown, CISO at SolarWinds shared some key moments and lessons learned from the incident. “It was not a hack in the traditional sense,” said Brown. “Our focus was getting the customers good information and ensuring they were safe.”

Brown recommends that companies prepare for the worst by assuming they are already breached. This mindset will help organizations “up their game” so they are ready for more sophisticated attacks when and if they do actually occur. He also suggests that MSPs have a communications plan prepared in case primary methods become obsolete. If you have already been breached, he advocates for bringing in someone who has dealt with a similar breach to help you work the incident.

Buy, Build, or Partner: Providing Managed Security Services to Your Customers

Because security is a persistent area of concern, many MSPs see opportunity to provide security services, but it isn’t as easy as adding an ‘S’ and branding themselves as MSSPs. Shoer firmly believes security is a distinct area of expertise that requires dedicated knowledge. “I personally have a lot of hesitation with adding MSSP to MSP because they’re different disciplines,” he said.

Rob Boles, president of Blokworx, a well-known MSSP, suggests that MSPs perform an internal evaluation before making the decision. “I suggest looking at your own in-house services and identifying what your gaps are,” he said. “You will not become a full MSSP for less than a million dollars, so it’s a serious commitment.”

If you decide not to make the transition, Raffi Jamgotchian, founder and CTO of Triada Networks, urges that you find the right partner. “It’s important to find a partner that’s going to mesh well with how you want to represent yourself,” he said. “Ultimately the client is going to call you as the MSP.”

If you do choose to partner, the relationship should be transparent and collaborative to ensure success, the executives said.

Cybersecurity Insurance 101 for MSPs

The inevitable nature of cyberattacks and the need for MSPs and solution providers to protect themselves has helped bring cybersecurity insurance to the forefront. As a relatively new category, it can be difficult to understand what you need to have. Jacob Ingerslev, head of global cyber risk at The Hartford, discussed the importance of cybersecurity insurance and how to build a policy that makes the most sense for your business.

There isn’t a one size fits all when it comes to cybersecurity insurance, Ingerslev said. Growth of cyber incidents and the blending of attacks is prompting companies to opt for enhanced coverage. “There’s been a huge shift over to ransomware simply because it’s the most effective way for threat actors to monetize their cyber efforts,” he said. As a result, he encourages companies to bundle different options to ensure they are covered regardless of the attack. He recommends selecting additional options such as cyber fraud, extortion, and technology errors and omission coverage to ensure all aspects of an incident are covered.