It was fitting that this year’s MSSP Alert Live Conference was held during Cybersecurity Awareness Month. The conference is designed exclusively for Managed Services Providers (MSPs), Managed Security Services Providers (MSSPs) and cyber professionals dedicated to safeguarding customer networks and data. As both an MSP and MSSP, the Hughes team was well represented. Here are my top three takeaways from the event––tips applicable to any organization seeking to protect their network and data.
The threat landscape continues to evolve
As in years past, the event highlighted the continuously changing threat landscape, with a particular focus on emerging threats. The two most discussed threats were polymorphic malware and social engineering tactics. Polymorphic malware is a type of malware that constantly changes its identifiable features in order to evade detection. Social engineering, on the other hand, exploits human psychology and behavior. It often involves the use of psychological tactics, manipulation and persuasion to deceive victims. Phishing is one of the most common instances. However, hackers are now using artificial intelligence (AI) to clone voices. For example, they use it to impersonate a “boss” via a phone call or voicemail and trick employees into divulging important data or corporate information. For MSPs, MSSPs and enterprise customers alike, it is crucial to stay updated and prepared for these and future threats.
Today’s modern streamlined cyber tech stack must provide complete coverage
Experts at the event said given the aggressive nature of threats, network security coverage should include real-time response capabilities, cloud monitoring and response, application control, vulnerability management, ransomware response, Endpoint Detection and Response (EDR) integrations and threat intelligence reporting. EDR integrations refer to the incorporation of EDR solutions with other security tools, platforms or systems to enhance an organization's overall cybersecurity posture. EDR solutions, like those provided by Hughes, monitor and protect endpoints (such as desktops, laptops, servers and mobile devices) from a wide range of threats, such as malware, ransomware and others. But EDR solutions alone are not sufficient for a strong defense, hence the need for a robust tech stack.
Tabletop exercises are a crucial practice for good crisis response
During the session titled “Cybersecurity for the Small to Medium-size Business,” panelists noted that with 94% of organizations experiencing at least one cyberattack in the last year, crisis response plans are essential. Tabletop exercises serve as a valuable tool for organizations to assess and enhance their readiness to respond to a wide range of cyberattacks and incidents. They help to validate the plans you have in place to identify, protect, detect, respond and recover. Typically, a facilitator guides participants through a discussion in one or more scenarios. Within each, there are multiple plans you can run through, such as your crisis response plan or your incident response plan. Utilizing different scenarios enables the team to identify specific threats, like a trusted insider threat, consider how that attack might play out and ensure that an appropriate response is documented. It is valuable to role play and explore within the context of possible scenarios when the environment is not emotionally charged and the team is not in crisis mode. Then, if an attack does happen, everyone already understands which protocols to follow and the appropriate actions to take. As one session speaker stressed, tabletops are not supposed to go perfectly. Instead, they provide you with a safe space to evaluate your preparedness, strengthen response plans and develop the skills and coordination required to effectively handle crises.
While the MSSP Alert Live Conference is designed to deliver insights to MSPs and MSSPs, much of the advice was well-suited for any enterprise and organization, since safeguarding networks and data are a top priority for businesses of all shapes, types and sizes.
Discover how Hughes can help you implement cybersecurity tools to defend your business.