Put Your Team’s Incident Response Plan to the Test
An MSP partner made a surprising admission to us. He stated, “I was aware of cyber breaches within MSPs, but it wasn’t real to me until I spoke to other MSPs that had experienced a breach.”
The MSP partner I spoke to shared that the other MSP was ill-prepared for the breach. The staff in the SOC missed early warning signs that could have given them the notice that hackers were in their environment. They were not sure what to do and took hours to respond. The staff did not know which internal stakeholders to contact or how to protect customers connected to their services.
Unfortunately, this is a common scenario today. MSPs are busy taking care of the day-to-day breaks/fixes, and IT technicians are trained to “fix” issues instead of analyzing how the breach happened. We are not paying attention to symptoms in the network or behaviors that indicate a hacker’s presence.
We train MSPs and MSSPs to treat an event like an email from the CEO to the CFO asking for money to be transferred as an attempt by a bad actor to attack. On multiple occasions, I’ve seen IT resolve the issue without investigating how the hacker was able to conduct the attack or how they even obtained the credentials. IT fails to ask probing questions such as: Are your credentials for sale on the dark web to other bad actors? How long did the hacker plan this? Is the hacker still in my network now? What other actions should we take after an event to ensure we have thoroughly resolved the issue?
We have all talked about incident response. Many MSPs have ignored it or have an untested shelf version. Today, incident response plans are no longer an option but a necessity. Compliance organizations are now moving to make incident response mandatory in 2020.
During National Cybersecurity Awareness Month, proactively take action to train your staff and implement a tested incident response plan to protect the business you’ve worked so hard to build. Consider scheduling a visit to our Cyber Range, opening November 2019, to experience an attack in a simulated, safe environment, matching your environment.
Put your team’s incident response plan to test. Your team will participate in exercises at the Cyber Range to manage, contain and respond to a simulated attack. These exercises are intended to challenge the team to evaluate the strengths and weaknesses of the current incident response plan so that when a real attack happens, the team can confidently resolve the issue.
Avoid a debilitating breach that impacts your core services business, your customers and your reputation by revisiting your incident response plan this month. Contact Tech Data Cyber Range at TDCR@techdata.com to learn more about our immersive training facility.
John Komer has enjoyed a 40-year career in the technology industry. Prior to joining Tech Data as a solutions practice consultant, he spent 25 years dedicated to cybersecurity. John has enjoyed technical roles involving voice and data networks, video, data center, security, and designing and installing solutions for customers. John has held roles as a system engineer, sales account manager, global account manager and founder of a security consulting company for cybersecurity after the 9/11 WTC attacks to help the Department of Homeland Security. John is involved in many security technology groups giving presentations and helping drive vendor involvement in these groups.
This guest blog is part of a Channel Futures sponsorship.