The cost of protecting data has never been higher. What many experts fail to say is that the financial liabilities associated with poorly secured systems are on the rise as cybercriminals target both MSPs and their clients. Estimating the cost of downtime and remediation support and the reputational damage from these attacks can be difficult for any business. For MSPs, those incidents are even more concerning as the experts in all things cybersecurity – a poor response can undermine their credibility in the business community.
That’s why dealing with cyber risk has become a team sport.
Cybercriminals are running businesses too, so they must continue refining and escalating attacks to maximize their revenue opportunities. For example, a recent IBM study found that the average incident takes 280 days from the point of access to conclusion and costs each company approximately $3.86 million.
Cybercriminals understand that most SMBs don’t have the internal resources to prevent cyberattacks. Ransomware purveyors target those businesses indiscriminately and rely on poor defenses, application vulnerabilities (vendors and suppliers) and inattentive and lazy employees – perhaps even a little luck – to gain entry.
Combined with the ever-increasing creativity of the cybercriminal community, it’s increasingly more difficult to protect businesses of any size today. As the amount of data they create, collect and store continues to grow, their financial and legal risks increase proportionally, and MSPs must work even harder to lock it all down.
A Complete Game Plan
Good teams produce more than the sum of their individual parts. Successful cybersecurity collaborations typically involve a tremendous amount of planning, training, evaluating, and, perhaps most importantly, communications. Most MSPs excel in most, if not all, of those areas, as are many of the specialists in their partner communities.
Building and executing cybersecurity “game plans” require that commitment. From conducting assessments and highlighting areas of concern to strengthening defensive measures and contracts, MSPs need to lead the way. That push begins (and ends) with finding the right partners.
Draft Highly Skilled Partners
Protection is truly a team sport. Building a ‘fantasy dream team’ by “drafting” quality partners can help minimize liability for MSPs and their clients. Collaborative relationships with complementary subject matter experts − those with knowledge and skills in different aspects of cybersecurity, liability and compliance requirements − will elevate the defensive game to new heights.
The “team cybersecurity” approach focuses on risk aversion to limit financial and legal exposure for both clients and providers. Together, they provide more comprehensive coverage, as each is an expert in their respective area. They may collectively review existing processes and systems to identify and quickly address high-risk vulnerabilities and then develop plans for resolving other potential breach points or areas of concern. Potential “players” and their responsibilities include:
- Vendors − MSPs typically partner with a number of suppliers to comprehensively protect clients’ networks, devices, data, applications and other systems. From end-point protection and data back-up and recovery providers to Security Operations Centers (SOCs), these “players” are focused on the cybersecurity game and many can even chip in during the off hours to give MSPs a well-deserved break.
- Auditors/Remediators − these firms help MSPs identify and fix potential vulnerabilities following a structured approach. These professionals often serve a dual role: mitigating cybersecurity threats before they can cause harm to clients or providers and addressing similar issues following an attack.
- Cyber Insurance Experts −every team needs a coach to measure the threat environment and guide game plan development. DataStream Cyber Insurance offers that level of support to MSPs with a Cyber Risk Assessment that evaluates the defensive posture of each client and a 24/7 Hotline to call when they first suspect a compromise. A tech assessment on each policy helps expedite claims and payments, eliminating potential stressors for providers and the business they support.
- Attorneys with IT Specialization – every cybersecurity team needs legal representation to minimize risk on the front end, writing air-tight legal agreements and contracts, and on the back end, supporting the response when things go bad. Those professionals should get the first call following a breach to review strategies and ensure MSPs properly execute their remediation plans.
- Public Relations Firms −messaging matters before and after a breach. Every MSP should have a crisis communications expert on their team to interpret the key points of the situation and help craft verbal and written responses. Information management is crucial. MSPs may need to share details of the compromise with different audiences, including clients, government agencies, law enforcement, and media. Releasing the right information to the appropriate people helps ensure the success of the response plan and prevents additional exposure.
- Cyber Forensics Experts − these companies or individuals step in after a breach, analyzing the evidence and reviewing each incident step-by-step to determine what went wrong. More importantly, the information they provide allows MSPs and other team members to mitigate vulnerabilities and prevent future attacks.