The holiday season is a time for celebration, family, and ...
Is Your MSP Really Doing Cybersecurity?
- By Loïc Calvez
As a cybersecurity service provider, we have a lot of conversations with potential clients about what they should be doing to be more cybersecure. The answer we get the most often is: “I think my MSP does that”. So my question back is: are they?
To keep things simple, I will focus on three main areas (feel free to book a meeting if you want a more detailed discussion!).
- Internal cybersecurity (for the provider’s point of view)
- Security Information and Event Management (SIEM)
- 24/7 Security Operations Center (SOC)
First: Internal cybersecurity. You are probably relying on your IT service provider (Managed Service Provider, MSP) to manage your clouds, devices and networks, so their security is your security. You have two main options here, you can trust (hope) they are doing good things, or you can use a trusted third-party certification assessed by external auditors (they are certified experts in cybersecurity compliance). The two most common ones are ISO27001 (2022 preferred) and SOC2 (Type 2 preferred). Out recommendation, mandate a SOC2 or ISO27001 certification, somebody’s word is not good enough when your actual business is at risk.
Second: Security Information and Event Management (SIEM), more details on what that is here, but your high level: all your security logs (from your PCs, servers, firewalls, clouds…) must be centrally aggregated, enriched, correlated, and reviewed. If your MSP is not collecting all the logs, they are partially blind, if they are not aggregated, you cannot properly correlate, and if they are not correlated, you are missing the big picture (and obviously, if they are not reviewed, why bother in the first place!).
Third: 24/7 Security Operations Center (SOC), in 2022, the median time for phishing attack to cause a private data leak was 74 min. So: someone needs to be watching 24/7, and we do mean someone; a magic AI sentry will not be able to make all the right decision (maybe one day, but not today), and waiting until Monday morning is not going to cut it either. So you need a team of humans watching all those alerts coming out of the SIEM (24/7).
So there you have it, the main three questions to ask your MSP, and don’t just take the easy answer, like everything else in cybersecurity: trust, but verify.
- Are you SOC2 or ISO27001 certified? Please send me a copy of the report.
- Are all my security logs sent to a SIEM platform? Which one? (is it a reputable vendor or something homegrown running in their basement?)
- Do you have a SOC? How many people are in it? Where is it? Do you have a second one should the first one have an issue?
For the record, ALCiT is SOC2 Type 2, we are leveraging a SIEM, and the SOC we use has over 400 people in Canada and has redundant locations in the US and Europe.
Would love to discuss how we can help you become more cybersecure, let’s book a call and discuss?