Explicit, Timely Communication from Your Managed Security Service Provider is a Critical Part of any Cybersecurity Defense Plan
The average number of days between when a data breach was discovered and reported was nearly 50 days in 2018, according to a report from security intelligence vendor Risk Based Security (RBS); and according to the Ninth Annual Cost of Cybercrime global study by Accenture, over the past 5 years, security breaches have increased by 67%. (Source: https://www.thesslstore.com/blog/80-eye-opening-cyber-security-statistics-for-2019/.)
Are you receiving timely communications about cyber attacks your company is experiencing, and if so, do those messages provide a clear indication of the severity of the threat and remediation actions that are necessary?
If not, it may be time to upgrade the how, what, when and why you need robust, two-way communications capabilities from your IT Department or Managed Security Service Provider (MSSP).
Messages from Your Managed Security Service Provider (MSSP)
There are basically two types of messages that DataSure24 uses to indicate a threat and its severity:
(1) Cybersecurity Notifications
A notification is a validated threat that is not as severe as a cybersecurity event, but one that does require quick action on the part of your IT team to resolve and mitigate. Validation on the part of your MSSP is critical, as it is an indication that a Tier 1 or Tier 2 cybersecurity analyst has reviewed the attack, assessed its criticality, and has a solution in hand to stop the threat now and in the future.
Companies may receive a notification three or four times per year – hopefully in the form of a phone call from their MSSP rather than an automated email - that you are under attack and need to act.
Examples of recent notifications that we delivered to clients include:
- Suspicious inbound IP address to the database server
- Known malicious redirected website
- Anubis sinkhole activity directed to the network
After mitigation comes remediation. You should have a plan or processes in place that can be executed within 24 to 48 hours for plugging the breach now and while preventing future recurrences.(2) Cybersecurity Event
A cybersecurity event message is deadly serious, requiring immediate and decisive action before any part of your company’s digital ecosystem is destroyed or held for ransom.
Once an attack is detected by a DataSure Tier 1 or 2 Analyst, and before being classified as “an event”, the analysts will validate the intensity, severity, and level of threat of the attack. About once a year, each of our clients will experience a threat that escalates into a cybersecurity event, triggering a phone call from the Analyst and a response that needs to be executed by the client with all due speed.
Examples of recent cybersecurity event notifications that we have delivered to clients include:
- Emotet Malware outbound communication from the customers network
- Phishing activity detected on an android device
- Remote code execution on a customer server
We always urge our clients to have a response and remediation plan in place, complemented by secure backup systems and tools, and a rigorous training program to deal with these major attacks.
An Ounce of Cybersecurity Prevention or a Ton of Anguish?
Being reactive to cybersecurity threats and incidents is no longer a luxury that your company can afford – regardless of size. Planning, monitoring, communicating and remediation assistance needs to be part of your cybersecurity defense plan.
We’re happy to be part of those discussions and would be pleased to give you an initial assessment of your situation and suggestions for dealing with exposed problems. Call me at 716.600.3724 to schedule an appointment, or click on the button, and complete and submit the contact form, to learn more about our managed cybersecurity services today.