Many small and midsize businesses (SMBs) fail to prioritize cybersecurity due to a lack of resources or the misconception they won’t be targeted.
It’s up to MSPs to not just fight against this perception, but also adopt strategies that help their resource-strapped customers optimize their protections.
However, maintaining customers’ cyber defenses in a sophisticated threat landscape is more difficult amid IT labor shortages and rising threats. By aligning their cybersecurity priorities with the tactics, techniques, and procedures (TTPs) that today’s adversaries commonly employ, MSPs can equip their SMB customers to counter the most pressing threats with confidence.
Turning Data into Defenses: Actionable Insights for MSPs
It can be difficult to keep pace with adversaries’ ever-changing tactics. Here are some of the most common TTPs among active adversaries, highlighting several key areas to prioritize in the fast-moving threat landscape:
No. 1: Basic security hygiene is the best first line of defense.
Cybercriminals are capable of sophisticated attacks on difficult targets — but when given the opportunity, they usually prefer to go after low-hanging fruit. In 2023, 16% of network break-ins stemmed from exploited vulnerabilities, i.e., attackers taking advantage of a security flaw in victim’s software. You can reduce customers’ risk by implementing basic measures that aim to minimize these types of risks, such as regular patching and software updates.
Scott Barlow
Implementing email security solutions and anti-phishing tools is another straightforward, highly effective strategy. Most attacks (56%) in 2023 stemmed from credential compromise, so fending off social engineering attacks is key. An organization’s employees are its last line of defense — and just one unintentional click of a phishing link can expose sensitive data.
That’s also why boosting awareness of cybersecurity best practices is a critical part of your job. Consider collaborating with security leaders at your customers’ organizations to create and facilitate end-user training, which may include phishing simulations and tabletop exercises to put employees’ knowledge to the test.
No. 2: It’s time to ramp up multi-factor authentication (MFA) adoption.
MFA was enabled in just 57% of cases analyzed by Sophos in 2023 — a concerning fact given the uptick in attacks stemming from compromised credentials.
Though MFA adoption may seem like an obvious security tactic, end users at SMBs often see it as unnecessary or an inconvenience. In some cases, organizations may enable MFA only for certain applications, but mistakenly believe this makes their entire network secure.
It’s your job to educate each of your SMB customers about the importance of MFA and to ensure that their entire IT ecosystem is secured. Emphasize that it’s much more costly to fall victim to an attack than to invest in MFA and consider using an asset discovery tool to help identify unprotected devices. It’s also smart to help customers configure their MFA solution and encourage the use of strong passwords.
No. 3: Active adversaries don’t take time off; neither can your customers’ defenses.
The median amount of time ransomware actors remained undetected in a network (i.e., dwell time) dropped to around six days in 2023. Adversaries aren’t just acting faster — they’re also executing many attacks outside of standard business hours, making them more difficult to remediate.
The confluence of these trends underscores the need for 24/7/365 vigilance, which is a tall order for SMBs, even with your help. Many MSPs complement their services with managed threat detection and response (MDR). Outsourcing services like MDR helps customers maintain an “always-on” approach to security, providing SMBs with dedicated expertise and resources they would otherwise lack.
This vigilance should also extend to the depth of customers’ defenses. Aligning security priorities with adversary tactics is crucial, but it’s also important to recognize that modern threat actors are evolving their TTPs and exploiting a variety of attack vectors to launch their attacks. You must ensure every inch of your customers’ attack surface is locked down, from the firewall to network levels to individual endpoints.
Reactive to Proactive: Taking Control in the Dynamic Threat Landscape
The dynamic nature of the cyberthreat landscape necessitates strategic alignment between your security priorities and common adversary tactics. It’s critical to stay educated about the threats most relevant to your customers so you can proactively identify and mitigate risks rather than simply react to what’s already happened. This approach empowers customers with the resilience, expertise, and tools needed to secure their digital assets.
Scott Barlow is vice president, Global MSP & Cloud Alliances for Sophos.
Image: iStock
