Credit: Sophos / Foundry
Australian enterprises remain under a colossal and constant threat of a cyber attack and many oraganisations and partners are still struggling to keep up.
Having spent the last three years transitioning themselves and customers to remote and hybrid work models, the country’s managed service provider (MSP) community remains endlessly challenged to fend off rapidly evolving threats.
Although MSPs now have access to innovative security solutions and services, they, like almost all Australian organisations, remain hampered by a chronic lack of qualified cyber security talent.
However, with the rise of vendor-owned managed detection and response (MDR) services, MSPs now have the option to offload some of their security services.
According to Ben Town, CEO of Hosted Network, MSPs are now facing new threats every day. “From what we see with our MSP partners, it's often the small things that get overlooked,” he said “Unfortunately, we see simple things like routers / firewalls not being patched as the MSP is focused on other fires.“
Jason Maricchiolo, managing director of ISO365, a consultancy dedicated to helping organisations reach the gold standard security posture, noted that untrained employees pose one of the most significant cyber security threats to businesses.
“Companies need to prioritise cybersecurity training and awareness programs to reduce the risk of human error,” he said. “Most data breaches occur when untrained staff unknowingly click on a malicious link within an email, and even if they suspect something is wrong, they don’t report it out of fear of losing their jobs.”
Sophos APJ MSP manager, channel sales, Cameron Reid, also echoed these concerns around human error and the risk of cyber security breaches.
“Many MSP partners and enterprises alike, report that they’re reasonably comfortable with the majority of ransomware they see and the tools they are using.
“However, most of them report they have key challenges linked to people and the processes involved in safeguarding themselves, or the customers they look after 24/7, then always having the right skill sets at hand to respond to the Increase sophistication of the types of attacks or breaches. Their ability to respond and investigate low-level signals is also a key area flagged by many that they feel leaves a gap.”
For customers wishing to minimise the risk of human error, third-party service providers are fast filling in the gap of providing MDR offerings either through their own security operations centre (SOC) or through one provided by a vendor.
According to a report by Gartner, 50 per cent of companies will be using MDR for threat monitoring, detection and response, which poses a significant opportunity for partners.
However, given the shortage and costs of highly skilled security talent, MSPs and MSSPs may be more included to leverage an MDR and SOC provided by a vendor, rather than build their own scratch.
For a number of MSPs, this offers both potential to offer watertight security to their customers while being more operationally efficient and profitable.
“Cyber security is right at the top at the moment, we're looking at a lot of ways to streamline our security operations and MDR plays a big role,” said Town. “Ultimately security is a complex beast and we leverage MDR to ensure we don't get bogged down in the operational side of dealing with threats and allows us to focus our security efforts in more strategic areas.”
“MSPs or MSSPs continue to look at ways to become more efficient,” Reid echoed. “Moving to cyber security-as-a-service helps free up their internal IT and security staff to focus on other business enablement needs for their customers.
“Often this is more lucrative from a profitability perspective for both the partner and customers they support. Threats are becoming more advanced, and the skill set required to contain these threats continues to become more specialised. Most within the industry realise how specialised this has become and are looking for ways to engage it as a service.”
According to Maricchiolo, MDR even provided a good first step for organisations improving their security posture.
However, he noted that there are many “organisational, people, physical and technological controls that create a holistic approach to mitigating cyber security threats”.
William Weatherall, group manager of UnicornX’s cyber and data practice, said the benefits of MDR also often depend on a customer's maturity.
“Generally, I'm in favour of a combination of both internal and external dependence. While it's a good idea to outsource some execution, it's a bad idea to outsource all the understanding as well,” he said.
A few simple questions
One of the biggest issues both Australian customers and partners must grapple with today is cyber insurance. This is effectively a policy with an insurance carrier to mitigate risk exposure by offsetting costs involved with damages and recovery after a cyber-related security breach or similar event.
Historically, signing up for insurance was a relatively easy process for partners. However, today, thanks to the heightened risk and complexity of compliance and IT infrastructures, this can encompass pages of documents.
But, according to Reid, MDR solutions may help partners reduce this workload. “These conversations are constant nowadays and many MSP partners are being asked to spend many hours completing questionnaires for customers around safeguards and compliance for insurance policies,” he said.
“Many partners comment that what used to be a few simple questions, has now turned into hours of work, lots of detail around exactly what’s being covered with most saying a Managed EDR or XDR solution is a minimum standard.”
Maricchiolo also echoed this sentiment, noting how the growing focus on Governance, Risk, and Compliance (GRC) and cyber insurance is influencing customers’ selection of MSPs.
“Prospective clients seek to transfer as much risk and responsibility as possible to MSPs. Meanwhile, insurance companies are looking for ways to minimize their risk by avoiding MSPs that do not meet the required standards,” he said.
However, Town pointed out that many small and medium-sized businesses (SMBs) are hesitant to invest in cyber security until they've been “stung” by an incident.
“Cyber insurance however and the increase in premiums, not to mention the question of if their insurance will actually pay out is generally part of most conversations these days,” he explained. “I've seen a quadrupling in the cost of some premiums, and this is enough for many SMBs to start to question what they are doing to bring their exposure levels down.”
Although Weatherall also argued that cyber insurance can be prohibitively expensive for some customers, there is one thing for certain and that cyber security is a problem shared by everyone.
“There is no doubt that it's a collective responsibility,” he said. “Either everyone's responsible or no one is.”
