Cybersecurity providers must first protect themselves

Issue 4 2023 Cyber Security

In a joint advisory released by cybersecurity agencies across the United States, UK, Australia, Canada and New Zealand, managed security service providers (MSSPs) have been warned of a sharp increase in cyberattacks targeting their systems. The agencies have identified MSSPs as a particularly lucrative target for malicious actors seeking to escalate their attacks and are urging the industry to take immediate action to address the threat.

Stephen Osler.

Stephen Osler, Co-Founder and Business Development Director at Nclose, warns that the cybersecurity industry must shed its naive mindset around the potential impact of supply chain attacks to effectively combat this growing trend.

“The way of thinking around security providers has evolved. In the past, these providers were primarily known as infrastructure providers, with a focus on providing IT services rather than security services,” he explains. “As a result, they weren’t that worried about making sure their own security was airtight.” However, with the increasing number of cyberattacks targeting security providers, the industry has realised the need to prioritise security. These attacks have trickled down into their clients’ ecosystems and infrastructure, making it crucial for providers to ensure they are secure.

When an MSSP is vulnerable, every one of their clients is vulnerable and this is a real threat. As the saying goes, ‘the plumber’s house always leaks’. “This cannot apply to cybersecurity. It is vitally important that cybersecurity service providers’ focus inwards to ensure that every one of their doors is bolted,” says Osler.

“Three years ago, Nclose embarked on a journey to become ISO 27001 certified. This is the world’s best-known standard for information security management systems (ISMS). We realised that we can’t give clients advice on how to secure their environments if we were not certified ourselves,” says Osler.

MSSPs need to establish in-house teams solely dedicated to ensuring their own security is top-notch, in the same way that they safeguard their clients’ systems. This means implementing the same rigorous controls, ensuring that all compliance expectations are met and that the organisation constantly undertakes penetration testing on themselves.

“The more the MSSP undertakes pen testing, vulnerability scanning, phishing tests and training, the more it will refine and polish its own security maturity,” says Osler. “Security companies have to ask themselves the same questions they would ask their clients and challenge their own internal employees and systems on a continuous basis. All testing should be done by a third party as they will be far less forgiving and be far more committed to finding the gaps.”

Wrapping security around every aspect of the business not only ensures that the MSSP is equipped to handle the challenging cybersecurity landscape more effectively, but that teams are quick to catch potential issues before they become gaping security chasms. This can make all the difference between an unexpected backdoor making a huge dent in a company’s reputation and future. Having teams ready to shut the door the moment it swings open is vital.

“It is as important for cybersecurity providers to be responsible and protect our own information as it is to protect our clients,” concludes Osler. “We have to evolve with the threats and that means more than just knowing what’s out there, it means knowing what’s inside the business and having all the right systems in place to ensure security is as comprehensive as possible.”

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Protect your financial assets from unknown online threats
Products Cyber Security Financial (Industry)
Malicious actors employ a myriad of sophisticated techniques, such as hacking, phishing, spamming, card theft, online fraud, vishing, and keylogging, among others, to exploit unsuspecting individuals and gain unauthorised access to their financial resources.

Cyber incidents result in a 9% decrease in shareholder value
News Cyber Security
Aon published its 2023 Cyber Resilience Report, revealing that, on average, a significant cyber incident resulted in a 9% decrease in shareholder value – over and above the market – in the year following the event.

Automated ransomware recovery
Products Cyber Security
Organisations can now automatically recover from ransomware attacks with the capabilities in Cisco XDR, where the company is adding recovery to the response process by including infrastructure and enterprise data backup and recovery vendors.

NIST’s impact on cybersecurity
Cyber Security
Through its NIST Cybersecurity Framework, the non-regulatory agency empowers organisations to take a proactive approach towards managing and mitigating cyber risks, enabling them to stay resilient against the ever-evolving threat landscape.

Best practice tips for strengthening data privacy system
Security Services & Risk Management Cyber Security
International cybercriminals are increasingly targeting South African organizations, making data privacy more difficult to maintain. A standardization expert offers insight to help combat this threat.

AI-powered cyber protection for consumers
IT infrastructure Cyber Security
Acronis Cyber Protect Home Office is designed for the evolving landscape of cyber threats by integrating Acronis' cyber protection and secure backup solutions, combining AI-powered defence mechanisms, robust data backup, remote management tools, and mobile device protection.

A surge of cybersecurity for the energy sector
Government and Parastatal (Industry) Cyber Security
With a rapid transition towards renewable energy, the energy sector has an increased reliance on technology. This makes it particularly vulnerable with regards to cybersecurity, as it depends on interconnected systems and digital technologies.

Secure backup strategies imperative for business continuity
IT infrastructure Cyber Security
Cybercrime is on the rise, and businesses need to adjust how they manage their data to fend off attackers, or risk irreparable damage, writes Lisa Strydom, Senior Manager Channel and Alliance for Africa at Veeam Software.

CHI selects NEC XON as trusted cybersecurity partner
News Cyber Security Industrial (Industry)
CHI Limited, Nigeria's leading market player in fruit juices and dairy products, has engaged in a strategic cybersecurity partnership with NEC XON, a pan-African ICT systems integrator.

Mitigating escalating DDoS cyberattacks
Cyber Security
As cyberattacks, particularly those of the Distributed Denial of Services (DDoS) variety, continue to rise at an unprecedented rate across Africa, it is no longer a question of ‘if’ your organisation will be targeted, but rather ‘when’.