COVID-19: time to review your outsourced Managed Security Services arrangements

Even before the current pandemic, as enterprises have adopted techniques and practices such as digital transformation, cloud and mobility, they have faced an increased risk from a range of established and emerging cybersecurity threats, such phishing attacks which seek to introduce malware capable of compromising sensitive business information, ransomware and other fraud campaigns. The risk of huge fines under the GDPR means that cyber security has become a board-level issue, as well as a focus for regulators.

The Covid-19 pandemic has turned many businesses ‘inside out’ as they rush to enable agile workforces, meaning increased cyber risk as criminals and fraudster look to capitalise on the rush to remote working. These risks include:

• • Rapid adoption of workplace collaboration tools, such as Microsoft Teams, Slack, Google Hangouts and Zoom, which are low effort targets for malicious attackers looking to gain access to enterprise tools.
  • Growth of ‘Shadow IT’ i.e. increased use of personal devices, collaboration tools and cloud storage for business purposes.
  • Increase in the number of users working in a less-than-secure home environment (security risks can include connected devices and poor network security) as businesses shut their doors and encourage agile and remote working.

Specifically, criminals are sending phishing emails which seek to exploit the fear and uncertainty that the pandemic is causing, and creating malware which poses as a legitimate Covid-19 resource or application whilst hiding ransomware which can infect devices on which it installed.

Managed Security Services (MSS) refers to the activities, functions and services necessary to manage an organisation’s cyber security needs. These activities include:

• • network monitoring and intrusion/breach detection,
  • anti-virus monitoring and management,
  • firewalls with email and web filtering,
  • patch management and system upgrades,
  • incident response – investigation and remediation,
  • security assessments and audits,
  • threat intelligence,
  • compliance management, and
  • training and consulting advice.

These basic cyber security services are increasingly being augmented by technologies which use artificial intelligence, machine learning, big data analytics and other similar techniques.

Whilst some organisations have the skills and other resources needed to set up, staff and run their own state-of-the-art security operations centre (SOC), many will look to outsource some or all of their cybersecurity requirements to a specialist Managed Security Service Provider (MSPP).

Outsourcing to a MSPP enables an organisation to focus on other areas of strategic focus, often coupled with cost savings. Other benefits can include:

• • robust, documented service levels and response times,
  • better threat management and mitigation,
  • improved reporting and management information,
  • access to specialist resources,
  • access to best-in-class technology and other leading practices.

And with many MSPPs delivering their MSS solutions via a multi-tenant cloud-based platform, on a Security-as-a-Service basis, set-up can be almost instantaneous and without capital investment.

Faced with increased and emerging cyber threats, whether due to trend likes digitalisation, cloud and mobility, or due to the novel coronavirus, organisations must learn to look at MSSPs as ‘trusted advisers’ and seek to leverage the knowledge that they glean across multiple client engagements, since a threat which impacts one client is likely to impact many more. MSS outsourcing contracts need to reflect this – whilst KPIs and service metrics which make a MSSP accountable for meeting an organisation’s requirements are important, the agreement must not simply describe the relationship in transactional terms but reflect and enable a wider strategic relationship between the organisation and its MSSP.