Just about every company with an internet connection is vulnerable to data breaches and attacks; this includes even the smallest organizations you provide managed security services for.
As hackers continue to evolve their tricks and tactics, so too must your threat detection capabilities. New cybersecurity trends are emerging every day—whether it be the latest attack methods or security operations best practices—and in order to protect your SMB clients, you must arm yourself with the latest knowledge.
In this blog, we’ll unpack the following trends:
- The shift in hackers’ targets to SMBs
- Increased threats to MSSPs and SMBs
- New updates to managed detection and response
- The rise in human-powered threat detection
- Scaling your MSSP’s cybersecurity defenses
Who is Being Targeted By Hackers? Your SMB Clients
The shift in how hackers target their victims has fundamentally changed the way cybersecurity is managed. According to the 2020 Verizon Data Breach Investigations Report:
- 45% of data breaches involved hacking
- Human error, such as clicking on suspicious emails, and misconfigurations are on the rise and open the door for hackers to infiltrate
- Brute force attacks account for 8% of the top breach types within large enterprises but account for 34% of breaches for SMBs
And probably one of the more compelling statistics from the report is that 28% of data breaches directly targeted SMBs.
SMBs are the low-hanging fruit that hackers can easily go after. Why? Because they typically don’t have the budget-breaking cybersecurity posture that enterprises have, or they fall for that phishing email due to lack of security awareness training, or they simply don’t enforce strong password policies.
This has a direct effect on you, the experts who aim to protect these businesses. Cybersecurity has become a shared responsibility—and when a security incident does happen, you need to determine:
- The extent of the damage
- How it happened
- How to respond
In addition, MSSPs are finding themselves under new threats simply because of their position within the industry. As the central node in a network of SMBs, you have become a high-value
target. Hackers have recognized this and are even banding together to take advantage of these connections.
If an MSSP can be exploited, hackers can potentially gain access to each of the SMBs that depend on them for IT and security services. That opens up the door to a lot of liability.
The Evolution of Existing Threats To MSSPs and SMBs
Hackers and other bad actors that threaten us defenders are not a stagnant bunch. They challenge themselves, developing shady new ways to access networks and endpoints.
They're using more sophisticated techniques and tradecraft to bypass preventive security tools and make hunting them down more manual. And the worst part is that many hackers have begun working in concert with other bad actors. This has created a sort of B2B relationship between different groups that increases their odds of success by allowing them to attack targets from multiple fronts and with multiple techniques. In fact, 55% of breaches in 2019 were perpetrated by organized criminal groups.
Plus, it goes without saying that the COVID-19 pandemic has added yet another wrinkle to the existing threat landscape due to the new normal of remote work.
Networks have more external access points than ever before. The shift to working from home has moved employees—and other targeted endpoints—outside of existing security stacks and in-office safety measures. All of these factors combined provide a host of new attack vectors for hackers.
So, how can your managed detection and response strategy account for this evolution?
Fight Back with Threat Detection and Response
There’s no magic wand or silver bullet that’s going to keep threats at bay. In order to have a viable security stack, you have to combine the following managed detection and response measures:
- Network security basics (like antivirus, firewalls, DNS filtering, etc.)
- Email/O365 security
- Access controls
- Credential guards (like two-factor authentication)
- Secure user groups
- Endpoint threat detection
Together, these cybersecurity tools offer a signature-based prevention system combined with the least privilege to help stop attacks before they can do the most damage.
Managed detection and response should be the cornerstone of your offering. However, there are limitations to relying on software alone to do the job.
While an important aspect of cybersecurity, automated threat detection software can only scan for what it’s programmed to look for. And most fully automated solutions will default to letting 'unknowns' operate as usual rather than block or remove something that is potentially legitimate.
On the other hand, human threat hunters have the contextual awareness and know-how to manually differentiate between the good and bad that may be hiding in the depths of an operating system. This is why the human element is so critical to a successful and comprehensive cybersecurity strategy.
Read the rest of Huntress’ blog to dive into the last two trends: the human element to cybersecurity and scaling your MSSP’s cybersecurity defenses.