How MSSPs Can Fulfill Organizations’ Needs for Proactive, Human-Led Threat Hunting

Written by Sophos Guest Blogger
October 20, 2020

With threat hunting working or in the works at 96% of organizations, the urgency for MSSPs is high.

What is the true impact of ransomware on an organization? There are, of course, the financial, productivity and reputational losses that come with being a victim of ransomware. But a new research report highlights that perhaps the worst, and most underappreciated, cost of being hit by ransomware is the psychological toll–and how that can drive cybersecurity strategy and threat hunting in the wrong direction.

Cybersecurity: The Human Challenge is a new Sophos research report that surveyed 5,000 IT decisionmakers globally. The research showed companies that were victims of ransomware took serious blows to their security confidence, which in turn negatively influenced the direction of their cybersecurity strategies and measures going forward. At the same time, those surveyed also reported sky-high interest in proactive, human-led threat hunting measures. This highlights a need that managed security service providers (MSSPs) can fulfill, provided they bring the right tools and resources to the table.

Ransomware Victimization Shifts Cybersecurity Priorities in the Wrong Direction

Hearing about ransomware in the abstract and then actually being the victim of a ransomware attack are two completely different situations, and it’s understandable that organizations that fall in the latter camp would feel at least a little shaken about their cybersecurity and preparedness measures afterward.

The new Sophos research can even put a number on this mindset: By an almost 3-to-1 measure, IT managers at organizations that had been afflicted by ransomware were more likely to say they felt “significantly behind” on their understanding of cyber threats compared to organizations unaffected by ransomware. Also understandably, a brush with ransomware inspires an even more urgent need for skilled IT security professionals: 35% of those who were ransomware victims named recruiting and retaining those employees as their No. 1 cybersecurity challenge. (Just 19% of organizations who hadn’t been hit by ransomware felt the same way.)

But rather than inspiring ransomware victims to take more proactive postures on these threats, victimized organizations appear to be moving resources in the opposite direction. Compared to organizations unaffected by ransomware, victimized organizations are likelier to spend more time on after-the-fact response measures (27% versus 22%) and less time on threat prevention (42.6% versus 49%). In other words, the organizations with firsthand experiences with ransomware attacks are more likely to pour resources into cleaning up the aftermath of such incidents rather than stopping them from occurring in the first place.

A More Urgent Need for MSSP Protection

With over one-quarter of organizations calling a shortage of skilled cybersecurity officials their biggest impediment, and over half naming it at least one of their major challenges, there is a growing urgency for MSSPs to