With threat hunting working or in the works at 96% of organizations, the urgency for MSSPs is high.

Sophos Guest Blogger

October 20, 2020

5 Min Read
threat hunting
Getty Images

What is the true impact of ransomware on an organization? There are, of course, the financial, productivity and reputational losses that come with being a victim of ransomware. But a new research report highlights that perhaps the worst, and most underappreciated, cost of being hit by ransomware is the psychological toll–and how that can drive cybersecurity strategy and threat hunting in the wrong direction.

Cybersecurity: The Human Challenge is a new Sophos research report that surveyed 5,000 IT decisionmakers globally. The research showed companies that were victims of ransomware took serious blows to their security confidence, which in turn negatively influenced the direction of their cybersecurity strategies and measures going forward. At the same time, those surveyed also reported sky-high interest in proactive, human-led threat hunting measures. This highlights a need that managed security service providers (MSSPs) can fulfill, provided they bring the right tools and resources to the table.

Ransomware Victimization Shifts Cybersecurity Priorities in the Wrong Direction

Hearing about ransomware in the abstract and then actually being the victim of a ransomware attack are two completely different situations, and it’s understandable that organizations that fall in the latter camp would feel at least a little shaken about their cybersecurity and preparedness measures afterward.

The new Sophos research can even put a number on this mindset: By an almost 3-to-1 measure, IT managers at organizations that had been afflicted by ransomware were more likely to say they felt “significantly behind” on their understanding of cyber threats compared to organizations unaffected by ransomware. Also understandably, a brush with ransomware inspires an even more urgent need for skilled IT security professionals: 35% of those who were ransomware victims named recruiting and retaining those employees as their No. 1 cybersecurity challenge. (Just 19% of organizations who hadn’t been hit by ransomware felt the same way.)

But rather than inspiring ransomware victims to take more proactive postures on these threats, victimized organizations appear to be moving resources in the opposite direction. Compared to organizations unaffected by ransomware, victimized organizations are likelier to spend more time on after-the-fact response measures (27% versus 22%) and less time on threat prevention (42.6% versus 49%). In other words, the organizations with firsthand experiences with ransomware attacks are more likely to pour resources into cleaning up the aftermath of such incidents rather than stopping them from occurring in the first place.

A More Urgent Need for MSSP Protection

With over one-quarter of organizations calling a shortage of skilled cybersecurity officials their biggest impediment, and over half naming it at least one of their major challenges, there is a growing urgency for MSSPs to step in and fill that void.

And by all accounts, they are: 65% of organizations are already outsourcing some or all of their IT security efforts, a number that’s expected to rise to 72% over the next two years. During that same period, the share of organizations whose IT security relies exclusively on in-house resources is expected to fall from 34% to 26%.

The underlying message here is clear: Organizations, particularly those that have experienced ransomware attacks themselves, do not trust that their own internal IT security resources–from personnel, to tools and practices, to general threat awareness—are up to the task, and are increasingly reliant on outsourcing those efforts to MSSPs. At the same time, those ransomware victims are devoting too few resources to proactive, human-led threat hunting that can prevent attacks before they happen.

So, as organizations turn to MSSPs for protection, it’s also incumbent on those MSSPs to deploy the necessary tools that ensure the safety and cyber resiliency of their clients: tools that can identify the red flags of an imminent attack, go beyond simple threat notifications and neutralize even the most sophisticated active threats before they can afflict a client.

That’s where Sophos Managed Threat Response (MTR) comes into play.

Next-Generation, Human-Led Threat Hunting with Sophos MTR

Organizations increasingly see the urgent need for human-led threat hunting: 48% of those surveyed in the Human Challenge report said they’ve already implemented threat hunting, and another 48% plan to do so over the next year. So, while there may be higher demand for MSSPs to provide this measure of proactive support, not all may actually have the tools and resources to do so.

Sophos MTR fulfills this need by combining cutting-edge, intelligent endpoint detection and response (EDR) measures with a world-class human-led threat hunting approach. This dual strategy of “machine-accelerated human response” works 24/7 to identify and neutralize potential threats before they can reach their targets.

Here’s what Sophos MTR brings to the table for MSSPs and their clients:

  • 24/7, around-the-clock rapid response and monitoring, led by an expert team of real human threat analysts trained to triage, isolate and neutralize active threats within a client’s environment

  • Regular security health checks to optimize Sophos Central product performance

  • Enhanced telemetry that looks beyond the endpoint for a comprehensive overview of potential threats

  • Monthly activity reports and assessments capturing everything from attacker activity and corresponding responses, to organizational risks, to prioritized actions for next steps

Organizations are understandably concerned and distressed about the threats posed by ransomware, particularly those with firsthand experience with such attacks. As those organizations increasingly turn to MSSPs to provide robust protections, threat neutralizations and a general peace of mind, MSSPs can draw on Sophos’ next-generation MTR strategy of human-led threat hunting to safeguard their clients and provide that reassurance.

This guest blog is part of a Channel Futures sponsorship.

Read more about:

MSPs
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like