The Evolution of Cybersecurity: Is Your MSP Keeping You Secure? (Part 6)
Not only are cybersecurity threats growing in number, but they’re evolving too. As discussed throughout the cybersecurity series, businesses have to watch out for a variety of tactics which cybercriminals employ, ranging from malware attacks, to eavesdropping, to phishing. Cybercriminals are constantly developing more advanced methods of sneaking into your infrastructure and stealing your data, and unfortunately this means you need to spend more resources on refining your cybersecurity to combat the situation.
However, it already isn’t financially feasible for the average Canadian business to tackle their IT needs, let alone their cybersecurity, on their own. As the threats become more advanced, the solutions become more complicated, and a more experienced team of personnel is required. Therefore, many Canadian businesses often rely on a managed service provider (MSP) to oversee everything IT related, including their cybersecurity.
But, the priority shouldn’t be cost savings. After all, the repercussions of failing to secure your business from threats are extremely harsh, as the average cost faced by Canadian businesses for a data breach amounts to around $7 million.
Although you may have no other option, handing over your network and devices to a third party MSP seems to require a whole lot of trust. In some instances, an MSP will focus solely on basic IT needs, and will stray away from providing cybersecurity. On the other end of the spectrum, your MSP may specialize in cybersecurity and may make it a priority that your business is protected from modern threats. But, when it comes to cybersecurity, and ultimately your businesses’ reputation, verifying what is being provided by your MSP is always recommended.
In other words, you shouldn’t just assume that your current MSP has you fully protected. Just because you have an MSP doesn’t mean your cybersecurity needs are taken care of. Thus, it is important to develop a comprehensive understanding of the cybersecurity which your MSP has in place—because they could be leaving you vulnerable.
In order to define what sort of protection is provided by your MSP, here is a list of questions you should ask which are referenced throughout The Evolution of Cybersecurity series:
What sort of security measures besides simple antivirus software does your MSP have in place to protect against threats?
Recall, the takeaway from Part 1 of The Evolution of Cybersecurity series is that antivirus software alone is insufficient to ensure your business is protected. The problem is that antivirus relies entirely on a list of existing “virus definitions”. This is a list of software which the antivirus blocks because the software has performed an action in the past which fit the criteria of something harmful, like a malicious virus manipulating files. But, the problem is that this harmful software has to have been seen before in order to have been condemned to the list in the first place. Therefore, any new threats, which haven’t been seen before, are extremely dangerous because they aren’t recognized by the antivirus to be a threat, and as such they are free to manipulate the system.
What’s more is that when cybercriminals do attack your system, they tend to have their data encrypted. However, antivirus programs are proven to be ineffective against encrypted files, and the attack goes unnoticed. Furthermore, encrypted files are very common, so when a cybercriminal sends them your way they aren’t noticeable—they remain hidden in the crowd. This is why your SP must offer additional security measures besides antivirus to protect against cyber attacks.
Does your MSP have endpoint protection in place?
Antivirus is installed on, and monitors, an individual device. Whereas endpoint protection is managed for, and scans, an entire network of devices. Technically, antivirus is just a single component of endpoint protection, of which it is often coined the “lowest common denominator”. Thus, endpoint protection is simply more sophisticated security for both individual devices and the local network. Following Part 2 of The Evolution of Cybersecurity series, ideal cybersecurity measures include some form of advanced endpoint protection.
There are various types of endpoint protection. Firstly, next generation antivirus (NGAV) pays attention to the actions of various files and using artificial intelligence, machine learning, and predictive modeling techniques, it determines if those actions warrant the file to be quarantined. This elevates the cybersecurity to recognize that never-before-seen threats are actually dangerous, as it no longer just relies on a list of previously blacklisted entities.
Additionally, endpoint detection and response (EDR) compiles system-level data and adds contextual information to aid the AI in determining if an entity is a threat. EDR guards all the endpoints of a network. However, so much data is generated when using an EDR that it is often necessary to employ a third party to manage, interpret, and summarize the network activity. As such, this is the purpose of managed detection and response (MDR), where a Security Operations Center (SOC) is employed to handle the overwhelming amount of data.
Lastly, extended detection and response (XDR) entails that data is automatically collected and shared across the various connected security measures. For instance, endpoint, firewall, email, server, network, and user data are all agglomerated and analyzed automatically to improve the detection and remediation of threats. This is commonly coined as a “holistic” approach to endpoint protection, where activity between the various facets of digital infrastructure is correlated.
Each of these methods of endpoint protection relies on and improves its predecessor. Ultimately, the most ideal form of endpoint protection is a combination of these measures unique to your business’ infrastructure.
Is multi-factor authentication configured by your MSP for all log-ins?
Part 3 of The Evolution of Cybersecurity series stresses the importance of not only creating more complex passphrases, but requiring at least two authentication factors for a successful log-in. Remember, there are three categories of authentication factors; knowledge, such as passphrases; possession, such as one time authentication tokens sent to your phone; and inherence, such as a biometric fingerprint or face scan. Multi-factor authentication ensures that if someone bypasses one authentication factor (like if they stole your passphrase, for example) then it is useless without the other authentication factors. The Canadian Government strongly recommends this cybersecurity feature.
Does your MSP have additional cybersecurity practices in place for people working from home?
Although it is recommended that employees use corporately owned devices when working remotely, in truth this is often not the case. It is very easy for people to download the same productivity applications on their personal devices as would be found on their work computers. Simply for convenience, people choose to use their personal devices for work, but this entails repercussions for cybersecurity.
Corporately owned computers are far more easy to manage given that they all use universal software and cybersecurity which the IT team is familiar with. On the other hand, when employees are allowed to use their own devices this introduces a grab-bag of hardware, software, and cybersecurity of which the IT team is likely unfamiliar with.
Furthermore, when personal devices are restricted, then there is a set number of company computers which can access internal data. However, when employees are able to use any device they choose, then there is no restriction on the number of devices which can access internal data—which is far more difficult to manage.
To remedy the security concerns of people working from home the zero trust model may be consulted, which is introduced in Part 4 of The Evolution of Cybersecurity series. The first principle of this model entails that an organization assumes that all network traffic, both inside and outside their borders, has the potential to be harmful. This is known as the assume breach mindset. The second principle is to extensively verify users and entities. The commonly held expression is to “never trust, always verify”. The third principle is that users be given least privilege access, which means that any user will only be authorized to perform actions which are necessary for their specific tasks, during prespecified times. Ultimately, the zero trust model entails that if a user does perform a harmful action, whether intentional or not, the blast radius will be minimized.
How often does your MSP perform tests & assessments to determine the integrity of your security?
Part 5 of The Evolution of Cybersecurity series highlights that a virtual penetration test will either prove to you that your defenses are sufficient, or it will identify the areas which are vulnerable and will show you what needs to be improved. Either way, a virtual penetration test is beneficial to perform, and is a critical component of any successful cybersecurity strategy. If you don’t test your defenses, then vulnerabilities would only come to your awareness only after they’ve been exploited, which is already too late.
The takeaway here is that it is important to clarify with your MSP what cybersecurity services are being provided, and to make sure that regular virtual penetration tests are being performed. After all, there is only one way to truly tell if your MSP is keeping you safe and secure—by putting their defenses to the test. Experts say that penetration tests should be performed at least once a year. If your current MSP isn’t running penetration tests, then chances are some vulnerabilities are going unnoticed.
With this being said, if you are currently with an MSP that fails to offer essential cybersecurity services, or who is unfamiliar with penetration testing, then it is in your best interest to look for a replacement. The consequences of poor cybersecurity practices are far too high to remain with the same MSP out of pure convenience.
If your MSP seems to be doing a fine job, but you’re still curious as to whether or not you’re protected, then reach out to us, because currently Cloud Metric is offering a free cybersecurity assessment. Our cybersecurity specialists will examine your network configuration, will evaluate the provisions of your MSP, and will replicate the actions of a hacker to determine whether or not your defenses are sufficient. Ultimately, if we can gain access to your system, then criminals can too.
Multi Part Series: The Evolution of CybersecurityPart 1: What Poor Endpoint Protection Entails Part 2: Ideal Endpoint Protection Part 3: The Need for Multi Factor Authentication Part 4: The Risks of Working from Home – A Zero Trust Approach Part 5: Running Virtual Penetration Tests Part 6: Is Your MSP Keeping You Secure? |
Featured Download |