As a managed security service provider, your customers rely on you to protect their business from cyber-attacks and breach-related disruptions. But what happens when one of your customers is breached? Should your business be held accountable? One law firm thinks so.
Earlier this year a lawsuit was filed against LanTech LLC, a Managed Service Provider (MSP), by the law firm Mastagni Holstedt, a LanTech customer. The lawsuit alleged that LanTech failed to protect the law firm's systems from a ransomware attack, which led to significant damages, including a hefty ransom payment. The law firm is seeking $1 million in damages.
While currently the exception and not the norm, this case raises the question of breach accountability — and liability. Managing an ever-evolving attack surface is challenging enough. A web of third-party vendors, cyber insurers and regulatory bodies is complicating how MSPs guide Attack Surface Management (ASM) strategy for their customers, and customer expectations. This lawsuit sheds light on the complexities of MSP-client relationships, emphasizing the need for clear contracts and shared responsibility in cybersecurity.
At the end of the day, breach avoidance is MSP credo. This is supported through a mix of best practices, a strong technology stack, and of course, a clear and comprehensive SLA. Evolving your service portfolio to align with increasing customer demands, complex threats and an ever-expanding attack surface, showcases your value, and crucially, helps you mitigate risk.
Implementing "Left of Boom" Strategies for Reduced Customer Risk
Drawing parallels from military tactics into cybersecurity strategies has proven effective. Much like military maneuvers, security providers are now employing strategies and tactics to preemptively manage risk, safeguard organizations against adversarial threats, and empower defenders in potential attack scenarios.
The "left of boom" strategy is a prime example frequently applied in cybersecurity planning. This approach emphasizes continuous risk management within the organization's risk tolerance. It acknowledges the likelihood of cyber incidents (the "boom") while advocating for the establishment of proactive best practices and processes to manage risks beforehand (left of boom) and mitigate impacts reactively (right of boom).
Implementing 'left of boom' principles can be simplified for smaller organizations and offers significant value. Here are examples of proactive 'left of boom' initiatives:
Risk Assessment and Analysis
Comprehensive risk assessments identify vulnerabilities and potential attack vectors within a customer’s IT environment. This includes evaluating systems, networks, applications, and user behaviors to pinpoint potential weak spots. By understanding each customer's specific risks, MSPs can tailor their services to address critical areas effectively.
Security Patching and Updates
Maintaining up-to-date systems and software is fundamental for managing attack surfaces. Assist your customers by implementing regular patch management processes. These processes involve testing and deploying security patches and updates promptly to minimize the risk of exploitation.
User Training and Education
Human error continues to be a significant factor in security breaches. MSPs now offer employee training programs to educate staff on cybersecurity best practices, social engineering tactics, and the importance of adhering to security policies. By enhancing user awareness, MSPs help reduce the attack surface related to social engineering attacks.
Endpoint Resiliency
Hybrid and remote work environments are here to stay. Add to that the proliferation of connected devices, and endpoint security has become a top priority. MSPs are now focusing on ensuring endpoint resiliency, implementing robust security measures to protect these endpoints and prevent unauthorized access.
These ‘left of boom’ initiatives are all closely related to attack surface management. They involve proactive measures taken to reduce vulnerabilities and strengthen defenses before cyber incidents occur, ultimately minimizing the organization's attack surface and increasing its resilience against potential threats.
Augmenting Attack Surface Management Initiatives
Here are 5 ways you can build on ‘left of boom’ principles with leveled-up attack surface management strategy:
- Continuously reassess your customers’ attack surface —Start by examining the digital assets and data the business uses, stores, and shares. Conducting an attack surface evaluation is crucial for tasks such as security strategy planning, cyber insurance renewals, and compliance alignment. An up-to-date assessment provides insights into understanding your customers' data and ranking their various data types in terms of risk.
- Reevaluate customer data protection use cases —Attack surface management and use case planning are intertwined—you can't effectively map and execute one without the other. While an attack surface assessment looks at the business's attack surface, use case planning defines the use cases that impact it. Examples include data discovery, data loss prevention, data permissions, data protection, compliance reporting, identity and access management, and incident response.
- Understand Your Customers' Business Outcomes and Support — During business outcome planning, security use cases or the need for unique services may emerge. These could include risk assessments, board and stakeholder reporting, or professional services.
- Tailor the Service Level Agreement (SLA) — Standard SLAs are common, but after an attack surface assessment and defining security use cases, a tailored SLA benefits both you and your customer — and it greatly helps in the event liability is questioned. It outlines the necessary engagement, support, and insights while emphasizing the value for money in the relationship.
- Conduct Reporting Cadences — With a clear understanding of your customer's attack surface, security use cases, and business outcomes, establish reporting cadences that offer meaningful value. Integrating benchmarks to measure the performance of your shared attack surface management strategy makes it easier to identify areas for improvement and promote greater security maturity.
How Cavelo Can Help
Led by asset discovery, identity access management and vulnerability management, the Cavelo platform can help you deliver continuous risk management for your customers. Take a self-guided platform tour today and see how the Cavelo platform can help your team — and your customers — build trust and achieve attack surface management goals.