Gaidar Magdanurov is the Chief Success Officer at Acronis.
According to CRN, some of the top challenges that managed service providers (MSPs) faced in 2022 included labor shortages, managing resources, unstable economies and supply chain attacks. While all of these are valid, through my time connecting with both small and large MSPs, I've discovered that a common and major underlying threat to MSP businesses is the retention of customers.
A major worry for MSPs is a conceivable, catastrophic and "unrecoverable" security event that can lead to customers going out of business or changing their managed service provider. The ever-changing threat landscape is leading to more concerns about this type of catastrophic event.
Check Point's latest research report states that the frequency of cyberattacks increased by 38% in 2022, and that number is growing, with the global volume of cyberattacks reaching an all-time high in Q4 of 2022. The statistics are bloodcurdling, and because many businesses rely on MSPs for their security solutions, the rising number of cyberattacks presents a true probability for cybersecurity gaps in MSP offerings.
A successful cybersecurity practice should achieve three primary goals: Protect the data and systems of the customers, ensure compliance with regulations met by location and build a higher level of trust with the customer. Following best-fit cybersecurity practices is a great reputation builder and can help create a competitive advantage if done right—then again, it can be an exterminator of business reputation if implemented poorly.
The first and most critical step is to define a cybersecurity strategy and implement a regular review cadence; the strategy may have to evolve with the market, customer needs and, of course, threat landscape.
A sound strategy should include:
• A cybersecurity framework. To do this, simplify documentation and management, choose a framework like NIST and use it as guidance to define the standard used to approach cybersecurity.
• Follow asset management and risk assessment. All types of data, applications and systems should be identified. It is especially important to identify the unique risks based on the customers served by the MSP. For example, some business systems can be exposed to public networks for collaboration with third parties, opening the opportunity for supply chain attacks.
• Updated security controls. Technology requirements should be defined based on the types of risks and procedures for deployment and management developed. For example, what kind of firewalls, antivirus software, EDR and intrusion detection systems will be used, and how will these tools be integrated?
• Meet compliance. Depending on the type of customers, you should define the required certifications and implement procedures for compliance. For example, the payment card industry data security standard (PCI DSS) should likely be utilized for businesses dealing with payment card information, or HIPAA adhered to for healthcare providers.
• Implement monitoring. Real-time network and device activity monitoring is necessary to detect threats and prevent or mitigate intrusion.
• Apply user training. I find that many MSPs neglect the importance of security training for end customers. Sending a link to a video is rarely a good way to train end customers. Higher efficiency of security requires regular exercise, including on-site training and retraining of employees.
• Deploy an audit plan. Your strategy should include timelines and checklists for the audit. As the infrastructure evolves and becomes more complicated, an audit allows you to discover new gaps in the security posture and close them.
• Adopt an incident response plan. It is critical to train the whole team on what to do if faced with an incident. Fast and coordinated response processes help prevent catastrophic consequences for the end customers.
• Consider cyber insurance. Finally, if everything fails, cyber insurance can provide reasonable coverage to minimize the financial impact on the customer.
After the cybersecurity strategy is defined, it is time to ensure it is implemented through the following steps.
• Identify the resources. Document human and technology resources available as well as the gap in what is needed to implement the cybersecurity strategy; execute a plan to allocate the necessary resources. This may include hiring new people, shifting existing team members' responsibilities, additional team training or partnering with third parties.
• Train your team. Knowledge in cybersecurity expires fast, and a continuous training process is mandatory for the team to effectively provide high-quality service to customers. Training is often neglected after the initial training, yet it must be continuous.
• Communicate your cybersecurity practices to the customers. This is a great time to get your customers on board with cybersecurity policies and build trust in them that your business, as an MSP, has their security needs covered. It is essential to implement regular updates for customers and remind them about the need for recurrent security training for their employees.
• Implement the technology and processes. Deploy the tools and start the execution of your cybersecurity strategy. Defining regular tests and updating the cadence for security measures is critical. Regular exercises on incident response help keep a high level of confidence in both your tools and team to ultimately confirm that the process will work in case of an event.
Overall, the key elements of a successful cybersecurity practice are regular reviews, updated tools and policies and continuous training of technicians and end customers. A successful practice is never static; it is dynamic and constantly evolving.
Due to the ever-increasing complexity of IT infrastructure and the evolving cyber threat landscape, I believe it’s important to implement proactive security measures. MSPs should establish a robust cybersecurity practice to defend their customer’s valuable assets and their reputation.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
CEO of DKBinnovative, a leading managed IT services firm that offers secure, reliable solutions to small and medium businesses globally.
As the complexities of cybersecurity evolve daily, it remains essential to grasp some fundamental principles. It can take time to figure out where to start. I always tell business owners who ask me about cybersecurity to start with patching and backups before they delve into the more tool- and process-heavy cybersecurity options.
Let's delve deeper into two fundamental protective measures instrumental in cybersecurity: patches and backups. Patches, predominantly provided by software manufacturers, are designed to fix weak points or "vulnerabilities" within the software that cyber criminals could capitalize on. This is an ever-evolving landscape, as new vulnerabilities are discovered and remedied continuously.
Timely installation of these patches is crucial in ensuring your data remains safe from these security threats. However, it's more complex than simply installing the patch as soon as it is released. Remember, each patch must undergo a thorough examination by an IT specialist in a test environment. This crucial step is to ensure that the patch itself doesn't inadvertently introduce new problems or exacerbate existing ones.
In an ideal scenario, a patch enhances the software's security without adversely affecting its functionality. That's why a meticulous evaluation of every patch is necessary before deployment. The role of the IT specialist is to authenticate that the patch operates as intended, thereby avoiding potential complications and disruptions resulting from an unvetted update.
On the other hand, backups are copies of essential files stored in a safe location, whether locally or in the cloud. Backups can restore your files in case of hardware damage, theft or malware infection. An IT expert can guide you to the most suitable storage location(s).
Your software provider, like Microsoft or iOS, facilitates automatic updates, installing patches and other updates as they become available. These features can be activated when setting up a new device; if not, patches can be manually sought and installed from the vendor's website.
Similarly, backups can be executed manually or through automated cloud backup services. You can back up your files manually daily to an external hard drive or even a cloud storage service. But isn't there a risk associated with this? What happens if you're in a rush one morning and forget to perform your backup? There are various backup software programs available, many of which are user-friendly. These include cloud backup services that can be set to store your data at regular intervals automatically.
This way, even if you need to remember, the backup process doesn't. Plus, you can securely access your files from any location with your files stored in the cloud. Automatic updates and backup software have demonstrated their reliability for decades.
Programmed automatic updates and backup software have been used for decades and have proved reliable. However, having duly recognized the DIY opportunities above is a crucial caution. While most systems will push notifications to a workstation, sending non-IT professionals to a website can set them up to get phished by a look-alike.
Still, a word of caution is necessary. Despite the ease of DIY, navigating to certain websites can expose non-technical users to phishing threats. Other methods of securing your IT assets include:
• Utilizing a firewall.
• Staying current with antivirus software.
• Regularly updating your software.
• Maintaining frequent backups.
• Using robust passwords or password management programs.
• Being vigilant about potential phishing attempts.
To many IT professionals, these steps are as commonplace as locking doors and windows is to most individuals. For people in the IT industry, all the above procedures are as much a part of everyday life as closing the windows and locking the doors at home at night is for regular citizens. These computer precautions are manageable.
The world of IT security, while relatively younger than traditional security, has developed similarly. Bad actors have always sought valuable targets, whether physical or digital. As global dependency on computer networks grew rapidly, the specialty profession of Managed Security Services Providers (MSSPs) emerged. It is not feasible to be a business owner and an IT manager at scale, just like it's unlikely to find success as a Wall Street trader and a heart surgeon. We trust professionals like doctors, lawyers and accountants with our health and finances, and MSSPs are similarly specialized and knowledgeable.
As electronic consumers, we have our hands on our computers for hours daily, but most don't know how they work. Information Technology changes by the hour in today's world, so being very good at it means equal time learning and hands-on doing.
We all know the adage, "An ounce of prevention is worth a pound of cure." As a technology user, you should know computer security basics, like why to accept patches and have scheduled backups. You should get new preventive services like password management software and two-factor authentication. You should pay attention to trending viruses and reported malware attacks. But beyond that, you should partner with an MSSP who has happily made your security their life's work.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
Def Con, the world's largest hacker conference, has long been a place for cybersecurity ninjas to put their skills to the test, from breaking into cars to discovering smart home vulnerabilities, or even rigging elections.
So it isn't exactly surprising that hackers at this year's Def Con in Las Vegas have turned their sights on AI chatbots, a trend that's taken the world by storm, especially since OpenAI released ChatGPT to the public late last year.
The convention hosted an entire contest, NBC News reports, not to identify software vulnerabilities, but to come up with new prompt injections that force chatbots like Google's Bard or ChatGPT to spit out practically anything attackers want.
According to the report, six of the biggest AI companies, including Meta, Google, OpenAI, Anthropic, and Microsoft, were a part of the challenge, hoping to get hackers to identify flaws in their generative AI tools.
Even the White House announced back in May that it's supporting the event.
And that shouldn't be surprising to anybody. These chatbots are technically impressive, but they're infamously terrible at reliably distinguishing between truth from fiction. And as we've seen again and again, they're easy to manipulate.
And with billions of dollars flowing into the AI industry, there are very real financial incentives to discovering these flaws.
"All of these companies are trying to commercialize these products," Rumman Chowdhury, a trust and safety consultant who worked on designing the contest, told NBC. "And unless this model can reliably interact in innocent interactions, then it is not a marketable product."
The companies involved in the contest gave themselves plenty of leeway. For instance, any discovered flaws won't be publicized until February, giving them plenty time to address them. Hackers at the event were also only able to access the systems through provided laptops.
But whether the work will lead to permanent fixes remains to be seen. Chatbot guardrails implemented by these companies have already proven to be hilariously easy to circumvent with a simple prompt injection, as Carnegie Mellon researchers recently found, meaning that they can be turned into powerful disinformation and discrimination machines.
Worse yet, according to these researchers, there's no easy fix for the root of the issue, despite how many specific issues a horde of Def Con hackers identify.
"There is no obvious solution," Zico Kolter, a professor at Carnegie Mellon and an author of the report, told the New York Times last month. "You can create as many of these attacks as you want in a short amount of time."
"There are no good guardrails," Tom Bonner of the AI security firm HiddenLayer, a speaker at this year's DefCon, told the Associated Press.
And researchers at ETH Zurich in Switzerland recently found that a simple collection of images and text could be used to "poison" AI training data, with potentially devastating effects.
In short, AI companies will have their work cut out of them, with or without an army of hackers testing their products.
"Misinformation is going to be a lingering problem for a while," Chowdhury told NBC.
More on chatbots: Supermarket's Meal-Planning AI Suggests Deadly Poison for Dinner
TL;DR: The Complete 2023 Cybersecurity Developer and IT Skills Bundle is on sale for £55.06, saving you 94% on list price.
If you are looking to make a career jump into a growth industry, look no further than the world of cybersecurity. This is a complex field that's on the rise. And if you'd like to test the waters, this Cybersecurity Developer and IT Skills Bundle is an affordable way to do it. It's on sale for just £55.06 for a limited time.
You'll be kept busy with comprehensive, high-quality content encompassing 26 courses and over 400 hours of training. It's all brought to you from the minds at Iducate (formerly iCollege), which exclusively partners with ITproTv.
Not just for those looking to move into a new job in cybersecurity, this bundle could also be useful for those looking to bulk up their credentials in their current job as well. The knowledge attained in these courses could give you an edge when it comes time for a promotion, a raise, or just some extra visibility.
With this deal, you'll get lifetime access to all the courses, including Microsoft Azure Security Technologies, Cisco CCNP Security SCOR (prep for test 350–701), Python for Security, Linux Security Techniques, Hands-On Hacking, Business Continuity and Disaster Recovery, CompTIA PenTest+ (PTO-002), among many others. And each course includes multiple lessons.
Get a comprehensive online education you can access anytime, anywhere with the Complete Cybersecurity Developer and IT Skills Bundle for £55.06.Complete 2023 Cybersecurity Developer and IT Skills Bundle
While IT security managers in companies and public administrations rely on the concept of Zero Trust, APTS (Advanced Persistent Threats) are putting its practical effectiveness to the test. Analysts, on the other hand, understand that Zero Trust can only be achieved with comprehensive insight into one's own network.
Just recently, an attack believed to be perpetrated by the Chinese hacker group Storm-0558 targeted several government agencies. They used fake digital authentication tokens to access webmail accounts running on Microsoft's Outlook service. In this incident, the attackers stole a signing key from Microsoft, enabling them to issue functional access tokens for Outlook Web Access (OWA) and Outlook.com and to get emails and attachments. Due to a plausibility check error, the digital signature, which was only intended for private customer accounts (MSA), also worked in the Azure Active Directory for business customers.
According to a report by vendor Okta (State of Zero-Trust Security 2022) 97% of respondents are already engaged in a zero-trust strategy or plan to implement one within the next 18 months. This has increased the percentage of Zero Trust advocates from 24% (2021) to 55% (2022). The security model known as Zero Trust is an overarching security strategy designed to continuously audit and verify access to resources, both internally and externally. Many organizations are embracing this security strategy based on the principle that network devices and users must constantly prove their identity, as they are not automatically trusted.
Zero Trust relies on continuous monitoring and dynamic control for applications, users and devices. It limits access to resources to the absolute minimum and all identities on the platform are evaluated using the same criteria as hosts. The overarching goal is to enhance security by granting access only to those who continuously prove their identity and whose behavior is under constant scrutiny.
Identity and access management (IAM) undoubtedly play a fundamental role in Zero Trust. Unfortunately, constant verification of users' identities proves ineffective in cases of stolen identity. Moreover, attackers can bypass these systems by manipulating meta-information, such as the geolocation of a potential login, using a spoofed VPN address. IDS/IPS systems are tasked with detecting suspicious or unauthorized activity, virus infections, malware and ransomware, zero-day attacks, SQL injection and more. However, IDS/IPS systems often only detect known signatures, such as previously identified malicious domains or IP addresses. If a domain hasn't been flagged as malicious beforehand, conventional security solutions may overlook it, allowing attackers to exploit the weak link in the chain. Consequently, traditional cybersecurity systems can sometimes falter when it comes to actualizing Zero Trust in action.
To implement a Zero Trust security strategy effectively, organizations are increasingly turning to network analysis tools, as recently recommended by the analyst firm Forrester ("The Network Analysis and Visibility Landscape, Q1 2023"). According to the Forrester report, security and risk professionals should employ Network Detection and Response (NDR) tools to monitor their networks, search for threats, detect applications and assets, and capture malicious data packets. These actions contribute to the effective detection of threats within IT infrastructures.
NDR solutions are vital for creating a resilient and effective Zero Trust architecture. They provide real-time visibility into network traffic, monitor user behaviour and device activity, and enable swift detection and response to suspicious network operations or anomalous activities. This visibility extends to all operating systems, application servers, and IoT devices.
Forrester has highlighted that the significance of enterprise networks in cyberattacks is often underestimated. Cybercriminals use fake identities or zero-day exploits to infiltrate corporate networks, then move laterally across the network to search for targets, gain access to privileged systems, install ransomware or other malware, and exfiltrate corporate data. NDR facilitates internal reconnaissance—where the attacker surveys potential targets—or lateral movement detection when the attacker is already in the network. NDR systems gather data from all switches and operate entirely without agents, which may not be installable in many environments.
With Machine Learning (ML), Network Detection and Response (NDR) systems are capable of detecting traffic anomalies without relying on pre-stored, known "Indicators of Compromise" (IoCs). These ML models are designed to be continuously trained, enabling them to detect new threats and attack techniques. This approach significantly accelerates the detection of malicious activities and enables early attack mitigation. Moreover, it aids in identifying unknown, suspicious behaviour and minimizes the time attackers can dwell unnoticed within a network, thereby enhancing overall security.
Machine learning algorithms establish the baseline of normal network behaviour by analyzing data and algorithms to learn what is "normal" for the network in communication patterns. These algorithms are trained to learn what constitutes "normal" activity for the network, thereby enabling them to detect deviations from this established baseline. Examples of such deviations include suspicious connections, unusual data transfers, traffic patterns that fall outside established norms, lateral movements within the network, data exfiltration, and more.
Exeon is a leading NDR solutions provider headquartered in Switzerland with a strong knowledge base and a foundation rooted in cybersecurity expertise. The NDR platform, Exeon Trace, offers comprehensive network monitoring powered by advanced Machine Learning technology. It enables automated detection of potential cyber threats, making it an essential tool for Security Operations Center (SOC) teams and Chief Information Security Officers (CISOs), who are committed to implementing and maintaining a robust Zero Trust security strategy.
Interested in seeing how NDR from Exeon fortifies cybersecurity and enables effective Zero Trust implementations? Consider booking a demo with Exeon to witness firsthand how Zero Trust and cyber resilience are brought into action!
The AI Security Challenge is open to researchers, academics, industry experts, and students from the US and allied countries. The contest will run for two years and will consist of three phases. The first phase will focus on developing AI models that can detect malicious activities on simulated federal networks. The second phase will test the models on real-world data from federal agencies. The third phase will evaluate the models on live federal networks and measure their performance, scalability, and robustness.
The contest is sponsored by the Office of Science and Technology Policy (OSTP), the Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST), and the National Science Foundation (NSF). The contest is also supported by several private sector partners, including Microsoft, Google, IBM, Amazon Web Services, and Intel.
Recent Chinese state-sponsored hacking of Microsoft email users, including leading U.S. officials, will be the focus of a review by the Department of Homeland Security’s Cyber Safety Review Board (CSRB).
Microsoft faced strong criticism last month after it revealed a hacking group had acquired and used a private encryption key to forge authentication tokens to access the cloud-based email accounts of more than 25 organizations.
Organizations targeted by the threat group, tracked as Storm-0558, reportedly included the U.S. State and Commerce departments, with Secretary of Commerce Gina Raimondo’s email account among those compromised.
In a statement on Friday, the DHS said the CSRB review would focus on approaches government, industry, and cloud service providers (CSPs) should employ to strengthen identity management and authentication in the cloud.
As well as looking into the Storm-0558 attacks, the board would carry out “a broader review of issues relating to cloud-based identity and authentication infrastructure affecting applicable CSPs and their customers,” the DHS said.
“The Board will develop actionable recommendations that will advance cybersecurity practices for both cloud computing customers and CSPs themselves.”
It will be the CSRB’s third investigation: its first report in 2022 focused on the Log4j security flaw and its second, made public last week, covered the Lapsus$ threat group.
News of the Microsoft/CSPs review was welcomed by Sen. Ron Wyden, D-Ore., who called for the CSRB to investigate the Storm-0558 attacks two weeks ago, and accused Microsoft of acting negligently by allowing its encryption methods to be compromised.
But in a statement, Wyden was also critical of the earlier direction taken by the CSRB, saying its first report should have investigated the SolarWinds campaign, as it was expected to do based on the 2021 executive order signed by President Joe Biden that led to the board’s establishment.
“Had the board studied the 2020 SolarWinds hack, as President Biden originally directed, its findings might have been able to shore up federal cybersecurity in time to stop hackers from exploiting a similar vulnerability in the most latest incident,” Wyden said.
“The government will only be able to protect federal systems against cyberattacks by getting to the bottom of what went wrong. Ignoring problems is both a waste of taxpayer dollars and a massive gift to America's adversaries.”
Rob Silvers, chair of the CSRB and undersecretary of Homeland Security for strategy, policy and plans, has previously said the board pivoted from SolarWinds to Log4j for its first report after discussions with the White House because it was felt that would be a more valuable initial investigation.
The CSRB does not have regulatory or enforcement powers, but is intended to be a body that identifies lessons from major cyber breaches so protections can be put in place.
Commenting on the Microsoft/CSPs review, Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency (CISA), said the security of cloud environments required a “persistent focus."
“The Board’s findings and recommendations from this assessment will advance cybersecurity practices across cloud environments and ensure that we can collectively maintain trust in these critical systems,” she said.