Just as the tech industry changes about every 30 seconds, cybersecurity is no different. You have to stay on top of it every day. Otherwise, you’re going to be left in the dark, using outdated methods, putting you and your clients at risk.
One new reality we all need to embrace: The archetypal “Lone Wolf Hacker” exited stage left long ago. Instead, we now face highly trained, dedicated teams of cybercriminals working together across international borders to attack the businesses and clients we serve.
Which means we can no longer “go it alone.” Facing these emerging threats requires an all-hands-on-deck effort, and being part of a community matters now more than ever.
Fortunately, you don’t have to face these threats alone. A broad range of organizations and groups enable MSPs and other IT professionals to share information about active and potential threats as they emerge across the globe.
Information Sharing and Analysis Organizations, or ISAOs, function as hubs and networks for collecting, analyzing, and sharing information about cyberthreats and vulnerabilities. Some ISAOs are free to join, while others do charge a membership fee. The key benefit to MSPs is that by pooling resources and expertise, ISAOs can significantly reduce the overall risk to each member and the industry as a whole.
For example, the CompTIA ISAO provides threat intelligence and actionable analysis to meet the needs of technology vendors, MSPs, and other business technology solution providers. With over 2,000 members worldwide, CompTIA provides content, cybersecurity programs, and many other benefits to MSPs, including access to a massive clearinghouse of data regarding ongoing threats.
Wayne Selk, vice president at CompTIA and executive director of the CompTIA ISAO, knows firsthand how critical it is to have an accessible clearinghouse for real-time threat intelligence. But to Selk, what matters most are “the personal interactions such an organization provides—enabling MSPs to network with like-minded individuals looking to improve their businesses and keep them secure.”
How The Community Works Together
Jason Whitney, a pen tester at Hacket Cyber, a cybersecurity consulting and pen testing company, relies heavily on threat-intelligence-sharing platforms. “They do an amazing job checking for weaknesses and reporting on new trends as far as social engineering, ransomware, etc.,” he says.
But you have to participate. “You can’t show up now and then,” says Whitney. “You need to connect, be involved, and interact daily.”
Which means when you see something, you say something. But it’s not always obvious. It could be simple, like receiving a text saying, “Hey, I need you to approve this MFA.” No big deal, right?
Wrong. If you get that four times in a row and didn’t request it, don’t just pass it off. According to Whitney, your ears should perk up and you should immediately be wondering, “What’s happening here?”
By reporting it up the chain, the larger community may be able to see it as just one missing piece to a larger puzzle. Then together you can all work to identify steps to take to mitigate that threat.
A Threat Exists – Now What?
To be properly prepared, you must always be asking, “What should we do next?” when a threat is identified. Too many MSPs don’t have that answer. That’s why you must consider a business’s overall operations and strategic goals before moving onto specific tactics and tools. Too many MSPs jump right into the tech stack and tools, without first considering these critical areas.
Rebecca Herold, “the Privacy Professor” and CEO of Privacy and Security Brainiacs, stresses the importance of looking at the different layers of security. “All too often, people think threat intelligence means we’re going to get a report, see what’s new, and we’re good.”
By doing this kind of up-front analysis, MSPs and MSSPs can provide their clients with valuable insights on the risks they face, along with how those tools can specifically keep them protected.
Approaching threat intelligence in this way—going from operational to strategic to tactical to tools—can help you identify the optimal tech stack for your customers to meet the threats THEY are most concerned about.
Community Involves Your Clients Too
Having access to a global community focused on helping keep you and your clients secure is extremely important. However, community begins when you walk into a client’s office for the first time. Because, as Jayson Ferron, chief technologist for Interactive Security Training, emphasizes, “You can’t do your job effectively without truly understanding your client’s business.”
“Not the IT stuff, the business stuff,” says Ferron, “because how are you going to protect what’s most important to that business if you’re not even asking them what matters most to them.”
Only after you understand that, can you consider the threats to what matters most to that business owner. “For example,” says Ferron, “ask them how long they could survive without their data, because that might change the way you back up their data and air gap and do all the things we need to do.”
Involvement Makes All The Difference
The benefits of becoming part of an ISAO or other type of information-sharing group are many, and it’s part of being a good partner to your clients and their businesses. And until we become good partners, and truly understand their business, you can’t do good threat analysis and be prepared to keep them protected.
As Selk strongly affirms, “It’s the community and involvement with that community that matters most.” You have to stay in the game all the time. Remain vigilant. Do your research, talk to your clients, stay involved in the community, and keep your eyes and ears open.
RECOMMENDED RESOURCES:
CompTIA ISAO – https://connect.comptia.org/membership/comptia-isao
FalconFeeds – https://FalconFeeds.io
Mitre ATT&CK – https://attack.mitre.org
InfraGard – https://www.infragard.org/
CVE – https://cve.mitre.org/
National Defense Information Sharing and Analysis Center – https://ndisac.org/
National Vulnerability Database – https://nvd.nist.gov/
