The MSP’s Guide to Email Security Incident Response

Eyal Benishti

Demand for channel services, especially for managed service providers (MSPs), managed security service providers (MSSPs) and managed disaster recovery (MDRs) providers, has dramatically increased in recent years as businesses of all sizes look to formulate strategic partnerships that can help reduce cyber risk, which has grown exponentially. The rapidly shifting cybersecurity threat landscape is one of the primary reasons that the managed services market is expected to grow 11% between 2016 and 2022, according to a September 2019 report from Market Research Future.

This move should come as no surprise. Now more than ever, cyberattackers are gaining access to organizations’ and their employees’ valuable information through advanced phishing attacks costing millions in lost revenue, time and effort. They’re taking advantage of today’s fast-paced, connected world, where it’s not unusual for essential requests and transactions to be made over email. For example, if a midlevel employee unknowingly receives an impersonation email from their CFO asking them to do something, they’re probably going to do it.

Unfortunately, these actions come at a cost. Recently, the Federal Bureau of Investigation issued a public service announcement that showed business email compromise (BEC) cost organizations globally $26 billion over the past three years.

Despite steps taken by organizations to stop these attacks, the burden to mitigate and manage is overwhelming for many IT teams and companies. This is the reason more companies are turning to the channel to help manage their security protocols and daily activities. Fortunately for the channel, this is an opportunity worth taking.

The Burden of Email Security and Incident Response

Email remains the primary cybersecurity pain point for both MSPs and their customers. According to the 2019 Data Breach Investigations Report, more than 90% of all attacks start with an email, making it a significant burden for internal and external security teams tasked with protecting and monitoring company email inboxes.

SOC teams are often responsible for handling thousands of email inboxes within their organizations. Adding to their burden, email attacks are growing more frequent and advanced, with techniques such as BEC, spear-phishing and account takeover becoming more commonplace. These attack types are built to bypass traditional technical and human controls such as rules-based secure email gateways (SEGs) and security awareness training.

The onslaught of phishing emails creates a backlog of both phishing and nonphishing cybersecurity incidents to investigate. While threats require attention, phishing mitigation requires real-time analysis, as it takes on average less than 82 seconds for a human to engage with a phishing email once it lands in an inbox, according to Aberdeen Group.

Unlike the customers they serve, MSPs are in a unique position to see within inboxes, across multiple clients, and often across different industries. This provides valuable insight into attacks and trends that are constantly changing, ultimately giving MSPs the advantage to stop the attack quickly and efficiently.

Steps for MSPs to Secure Customer Inboxes

Knowing that email will continue to serve as the primary attack vector, MSPs must prioritize an email security strategy to protect both their own mailboxes and those of their customers without burdening security teams. This is especially vital as …