7 Lessons from Cybersecurity Experts for 2021
MJ Shoer is the executive director of CompTIA ISAO. He recently completed the second season on his Shoering Up Security YouTube series. This series features weekly guests discussing cybersecurity trends and challenges. Here are some highlights and lessons. Cybersecurity incidents continue dominating headlines, and threats continue to escalate. All companies must be cyber resilient. Learn from security leaders and others who have experience defending against new threats.
MJ Shoer, CompTIA senior Vice President and executive Director of the CompTIA ISAO recently completed the second season his Shoering up Security YouTube series. He interviewed weekly guests about cybersecurity trends and challenges and what MSPs need to know. These are some highlights and lessons from Season 2, all now available on YouTube:
How to Use an ISO: One MSP Use Case
It can be difficult to keep up with every new incident in a fast-paced industry such as cybersecurity. Initiatives such as the CompTIA ISAO provide timely information, alerts and threat intelligence to help you stay ahead. But how can organizations use it? Matthew Lang, CISO at IND Corp., a Whippany-based MSP, explained to Shoer that his company uses ISAO in order to keep track of threats in real-time. This helps mitigate damage for certain customers and prevents incidents.
MSPs can work with professionals from the ISAO to come up with solutions and mitigation strategies. “It allows me to drive action quickly,” said Lang. Lang stated, “It’s certainly contributing to making our clients safer.” Notification tools and the forum are also helping to increase awareness in the industry.
Lang says compliance is another important issue that MSPs should take seriously. CompTIA ISAO membership is a way for MSPs to demonstrate compliance and build resilience. Lang stated that resilience is not about fixing the problem. It is about explaining risk and finding ways to mitigate it.
You’ve been beaten, now what?
Many cybersecurity experts have noted that it’s a case of when, not if, businesses–including MSPs–will be targeted in a cyberattack. Chris Loehr is the executive vice president and chief technology officer at Solis Security, a Texas-based cybersecurity and tech service firm. He sees as many as 10 breaches per day, including many that target MSPs. MSPs are the big fish when it comes to ransomware,” he said. It’s too easy. Attacking MSPs gives threat actors access multiple customers’ customer data at once. Shoer pointed out that the problem is similar to an inverted funnel. Shoer stated that you can attack an MSP at its neck to gain access to the entire wide mouth.
Loehr stated that a large part of preparation involves putting in place the appropriate policies and procedures. However, each should be considered as an independent initiative. Your policies are education for your customers. Your procedures are what your internal people should do in the event of a breach.
How one MSP Showcases Cybersecurity Credibility
MSPs can have a wide range of cybersecurity skills, making it difficult for customers to trust them. Corey Kirkendoll is the president and CEO at 5K Technical Services in Plano, Texas. He uses the CompTIA ISAO as a way to show his commitment to cybersecurity protocols. Kirkendoll stated, “In this game it’s all about info.” “Having access the ISAO is important for us because we can get some really good information from others and help weed out the bad news.”
Kirkendoll claims that his MSP is different because he has access to real-time data and his team is better equipped for managing incidents. His customers can see that his team actively manages incidents and provides updates when it isn’t possible. “Even though we aren’t actively participating, I can hear my peers going through things we just got out from, or haven’t. He said that it was very helpful.
Cybersecurity Threat Intelligence: The Value
Security professionals can find it difficult to manage highly publicized cyber incidents if they have too much information. Security professionals can share valuable information about mitigation and response techniques with other security professionals, which allows for faster resolution for those who are affected.
“MSPs and MSSPs need to be more proactive in protecting their customers and threat feeds make it possible,” Scott Williamson, vice-president of information services at True Digital Security, a security management and IT services company based in West Palm Beach.
Shoer and Williamson noted that security is a major concern.