What is a Managed Security Service Provider?

A Managed Security Service Provider (MSSP) is a trusted company that protects your valuable business assets from ever-escalating IT security threats.

Offering a robust and resilient cyber defence is critical for any company.

According to the latest UK government research, the average cost of an attack is more than £9,200, with many costing significantly more.

The 2018 Cyber Threat to UK Business Industry report, commissioned by the UK’s National Cyber Security Centre and the National Crime Agency, details how risks to businesses continue to grow.

Over 40% of UK companies and two in ten charities have suffered a data breach or cyber attack in the last 12 months.

The most common form of attack was fraudulent phishing emails, typically employed by hackers because it is so simple.

If an attacker can spoof your management or customer email addresses then it is relatively easy to tempt your staff into opening an unsafe attachment containing fast-spreading malware or viruses.

The impact of accidentally downloading malware onto your company’s network can be immediate and catastrophic.

Other common attacks include thefts from cloud storage, ransomware and crypto jacking, a browser injection hack where computer power on a network is hijacked to create cryptocurrencies like Bitcoin.

A basic cybersecurity stance is no longer enough, but most attacks can be repelled by organisations which prioritise their defences with managed security services.

Time to get proactive

If you aren’t proactive about protecting yourself, the government’s own assessment says that it’s only a matter of time before you are targeted.

If we look beyond official government figures, the numbers become even more sobering.

A staggering 92% of 250 UK companies surveyed by Carbon Black in September 2018 admitted they had been breached. 91% said attacks on their IT systems were now more sophisticated. The frequency of attacks is also rising: 44% said they have been attacked between three and five times in the last 12 months.

There is a public crisis of trust in institutions’ ability to keep their data secure. With this in mind, businesses need to shift focus away from reactive observation and towards active defence.

The best-managed security service providers will not only monitor incoming threats but also profile potential attack vectors and weak points in your cybersecurity systems, minimising potential damage and allowing your business to recover from an attack as swiftly as possible.

Financial pain is just the beginning

In a world where large-scale data leaks continue to dominate news headlines, insecure products and businesses will not survive against their competitors.

Looking beyond your balance sheet there is also the embarrassment of explaining to customers how or why their data has been compromised.

Reputational damage can be longer-lasting and wider-reaching than the initial intrusion into your systems.

Supermarket chain Morrisons, for example, will face ‘vast’ compensation costs for a data breach from 2014 in which salary and bank details of 100,000 workers were stolen and leaked to the press.

Morrisons argued they could not be held liable for the criminal misuse of employee payroll data, but in October 2018 lost a High Court bid to dismiss the charges.

The onus is now on companies to take control of employee and customer data.

Managed security services can help by offering proactive cyber defences, employing specialist teams with dedicated account managers feeding back information to you on a daily basis.

Who is at risk?

Hackers continue to find new and innovative ways to bypass traditional security systems, simply because the rewards are so lucrative. Whatever sector you operate in, your business information is extremely valuable.

Personally identifiable information such as credit card or bank account numbers, full names, home addresses, dates of birth can all be sold on to criminals.

There are stiff penalties for companies who do not take threats seriously enough.

Unlawful sharing or storing of this information has become more closely watched with the implementation of GDPR, the General Data Protection Regulation. This EU ruling came into force on 25th May 2018. Businesses that fail to abide by the laws or fail to secure customer data can face fines of up to €20 million or 4% of annual revenue.

The value of data rises in certain industries, too. Credit card information is regularly up for sale for around £5 on the dark web – illegal online marketplaces which buy and sell illicit data, often trading in untraceable cryptocurrencies.

Health data, in particular, is a goldmine if stolen and sold on, simply because it contains so many data points on an individual. A review by Kennedy’s Law suggests that stolen medical data is often worth 10-20 times more than credit cards on the black market, in the region of £63 per record.

Medical databases which are taken from healthcare facilities often involve many thousands of unredacted and plaintext patient records which show personally identifiable information including names, National Insurance numbers, phone numbers, gender and age.

One of the largest healthcare data breaches to date saw a single hacker swipe 655,000 patient records from institutions in Missouri and Georgia by exploiting a zero-day vulnerability in a remote desktop protocol, which would normally allow authorised IT technicians to remotely control computers for tech support. This tranche of data was put on sale for 643 Bitcoin (approximately £3.1 million).

How to choose an MSSP

The best-managed security service provider will work with you to build strong security to protect your business intelligence and customer data.

They should:

  • Take a target-hardening approach: criminals will focus on the easy victims first
  • Devise and test your cyber resilience strategy
  • Promote proactive defence as well as passive monitoring
  • Have dedicated Service Delivery Managers offering ITIL based world-class service, or better yet the IT IQ platform
  • Offer reliable daily information feeding back to you about the threats facing your business
  • Employ elite teams with closely-focused skills in dedicated areas, for example in threat detection or network penetration testing
  • Participate in interactive scenario planning

In short, your managed security service provider should be extremely well organised and dedicated to building a deep, fully engaged relationship with your company.