Organizations attacked by ransomware are never the same afterward. That comes courtesy of Sophos’ new Cybersecurity: The Human Challenge report, a survey of 5,000 IT decisionmakers from around the world, which found that being the victim of ransomware influences everything from an organization’s cybersecurity approach to confidence in their own preparedness. All of which underscores the need for managed security service providers (MSSPs) to provide a reassuring hand on the wheel while also prioritizing a proactive, human-led strategy of threat hunting for heading off ransomware attackers.
Ransomware victimization shifts cybersecurity priorities in the wrong direction
Hearing about ransomware in the abstract, and then actually being the victim of one, are two completely different situations, and it’s understandable that organizations that fall in the latter camp would feel at least a little shaken about their cybersecurity and preparedness measures afterward. The new Sophos research can even put a number on this mindset: by an almost 3-to-1 measure, IT managers at organizations that had been afflicted by ransomware were more likely to say they felt “significantly behind” on their understanding of cyber threats compared to organizations unaffected by ransomware. Also understandably, a brush with ransomware inspires an even more urgent need for skilled IT security professionals: 35% of those who were ransomware victims named recruiting and retaining those employees as their #1 cybersecurity challenge (just 19% of organizations who hadn’t been hit by ransomware felt the same way).
But rather than inspiring ransomware victims to take more proactive postures on these threats, victimized organizations appear to be moving resources in the opposite direction. Compared to organizations unaffected by ransomware, victimized organizations are likelier to spend more time on after-the-fact response measures (27% vs. 22%) and less time on threat prevention (42.6% vs. 49%). In other words, the organizations with firsthand experiences with ransomware attacks are more likely to pour resources into cleaning up the aftermath of such incidents than stopping them from occurring in the first place.
A more urgent need for MSSP protection
With over one-quarter of organizations calling a shortage of skilled cybersecurity officials their biggest impediment, and over half naming it at least one of their major challenges, there is a growing urgency for MSSPs to step in and fill that void.
And by all accounts, they are: 65% of organizations are already outsourcing some or all of their IT security efforts, a number that’s expected to rise to 72% over the next two years. During that same period, the share of organizations whose IT security relies exclusively on in-house resources is expected to fall from 34% to 26%.
The underlying message here is clear: organizations, particularly those who have experienced ransomware attacks themselves, do not trust that their own internal IT security resources – from personnel, to tools and practices, to general threat awareness – to be up to the task, and are increasingly reliant on outsourcing those efforts to MSSPs. At the same time, those ransomware victims are devoting too few resources to proactive, human-led threat hunting that can prevent attacks before they happen.
So as organizations turn to MSSPs for protection, it’s also incumbent on those MSSPs to deploy the necessary tools that ensure the safety and cyber resiliency of their clients. Tools that can identify the red flags of an imminent attack, go beyond simple threat notifications and neutralize even the most sophisticated active threats before they can afflict a client.
That’s where Sophos Managed Threat Response (MTR) comes into play.
Next-Generation, Human-Led Threat Hunting with Sophos MTR
Organizations increasingly see the urgent need for human-led threat hunting: 48% of those surveyed in the Human Challenge report said they’ve already implemented threat hunting, and another 48% plan to do so over the next year. So while there may be higher demand for MSSPs to provide this measure of proactive support, not all may actually have the tools and resources to do so.
Sophos MTR fulfills this need by combining cutting-edge, intelligent endpoint detection and response (EDR) measures with a world-class human-led threat hunting approach. This dual strategy of “machine-accelerated human response” works 24/7 to identify and neutralize potential threats before they can reach their targets.
Here’s what Sophos MTR brings to the table for MSSPs and their clients:
- 24/7, around-the-clock rapid response and monitoring, led by an expert team of real human threat analysts trained to triage, isolate and neutralize active threats within a client’s environment.
- Regular security health checks to optimize Sophos Central product performance.
- Enhanced telemetry that looks beyond the endpoint for a comprehensive overview of potential threats.
- Monthly activity reports and assessments capturing everything from attacker activity and corresponding responses, to organizational risks, to prioritized actions for next steps.
Organizations are understandably concerned and distressed about the threats posed by ransomware, particularly those with firsthand experience with such attacks. As those organizations increasingly turn to MSSPs to provide robust protections, threat neutralizations and a general peace of mind, MSSPs can draw on Sophos’ next-generation MTR strategy of human-led threat hunting to safeguard their clients and provide that reassurance.