Security Roundup: ‘Undercover’ Industries, Recorded Future, Check Point
Industries such as government, health care and education are at higher risk of cyberattacks, and have a lot to lose from a data breach, but not all organizations in these industries understand the risk.
While health-care companies and federal agencies understand the governance, risk management and compliance issues plaguing their organizations, equally vulnerable organizations like school systems, local governments and private health-care practices often lack that understanding.
These “undercover” high-risk industries also tend to have low website-security sophistication as they don’t know what valuable data they have on hand.
This presents a golden opportunity for MSSPs and MSPs. Undercover industries provide an ample opportunity to educate and service new website security clients.
We spoke with David Mason, SiteLock‘s manager of channel account management, about how smaller players in high-risk industries should be a priority for the channel in 2019. The company provides cloud-based website security offerings for businesses of all sizes.
While MSSPs and MSPs currently service these high-risk industries, the opportunity to educate and expand their services beyond endpoint security within these industries is being overlooked, he said.
“Websites are the one digital asset that MSPs’ clients want publicly accessible, meaning it’s imperative that they are properly secured,” Mason said. “However, website security beyond a secure socket layer (SSL) is not typically brought up during a MSP security audit and is largely underserved by some hosting providers. Due to their pre-established relationships with these high-risk industries, MSPs are in the best position to become a trusted security adviser and provide a one-stop shop for holistic security packages.”
Most hospitals and schools understand the necessity of securing their data; however, the front-facing website itself is usually a missed vulnerability that can potentially be exploited by cybercriminals, he said.
“That said, it’s a common misconception that bad actors have very specific targets or segments in mind for an attack,” Mason said. “In many cases, it is actually specific vulnerabilities that are targeted by bots, and any website, regardless of sector, is a potential target. Today’s MSP has a unique opportunity to partner with these industries to provide both education and comprehensive security.”
MSSPs already face the challenge of getting organizations to better invest in security, especially for smaller, more budget-conscious players, he said. In fact, it’s all too common for clients, regardless of size or industry, to assume they aren’t at risk and therefore end up taking a reactive approach to a breach or attack, he said.
“One of the keys to communication with these specific high-risk industries is leveraging an initial security assessment to help the client understand their vulnerabilities, why security is important, and how different types of security (endpoint vs. website) fit together,” Mason said. “MSPs should also be proactive in evaluating the vendors they partner with and ensure they have providers that offer a wide range of security products and top-tier services at various price points. This will allow the MSP (and MSSP) to better match a solution set to the client’s needs and help overcome budget issues.”
Given the scope and size of these industries, the opportunity for MSSPs and MSPs to really establish themselves and grow out the sector is especially attractive, he said. This allows providers with a way to …