Recent findings from Netwrix underscore the importance of MSSP involvement with banks, credit unions and the like.
COVID-19 has put more financial firms at greater cybersecurity risk than ever before.
Of all the verticals Netwrix surveyed, the financial industry showed the most drastic changes in cybersecurity priorities, the provider said. This sector improved its security posture significantly as the coronavirus prompted remote work.
Still, concern about VPN exploitation skyrocketed, with 94% of respondents naming it a top cybersecurity risk, Netwrix found. Worry about supply chain compromise also soared, from 50% to 97%. And the number of organizations prioritizing deliberate data theft more than doubled, from 30% pre-pandemic to 70% now. At the same time, fear about accidental data sharing dropped from 80% to 50%.
Despite higher anxiety around malicious activity, human error constituted the most common problems. Almost half (48%) of respondents said users fell for phishing attacks in the first few months of the pandemic. Almost one-third (31%) grappled with improper data sharing, and 28% experienced incidents caused by admin mistakes.
On the whole, 30% of financial organizations told Netwrix they believe they face higher cybersecurity risk amid COVID-19 than they did before. This includes fears of more frequent cyberattacks and security gaps caused by remote work.
MSSPs: Are You Ready?
Managed security service providers have their work cut out for them. And these channel partners likely will see more demand as the pandemic shows few signs of ceasing.
“The effect for the MSSPs will be twofold,” Ken Tripp, director of channel accounts at Netwrix, told Channel Futures. “As financial organizations recognize the increasing cyber risks, many will seek the security services to supplement their in-house efforts and strengthen their security.”
That range of services probably will vary, he said. MSSPs could handle more traditional VPN management or take on managed detection and response. Financial organizations need timely help on that last point, Tripp added.
“Detecting incidents taking days or weeks is simply unacceptable,” he said.
But even as more financial businesses offload security, MSSPs themselves may come under scrutiny. Prepare to show proof of security practices, Tripp advised.
“Many [financial customers] have experienced compromises in their supply chain or contractors, and may require additional guarantees of security of their systems and data,” he said. “This may include third-party certification requirements, independent audits and/or additional contractual obligations from the MSSP.”
Broadcast Your Certifications
Chances are, though, that MSSPs serving clients in regulated and high-risk verticals already maintain the requisite SOC and ISO certifications. It just might be time to be more vocal about it.
Some MSSPs “may need to get better at publicizing these efforts to address potential customer concerns proactively,” Tripp said. “As the demand increases, security service providers can also think about how they can stand out from the competition. Some consider that lower barrier entry-level offerings such as risk or compliance assessment can be a way to build initial trust with the client and prove your expertise.”
The work won’t stop there. Tripp recommends providing both a listening ear and strategic insight.
“Sometimes a perceived risk is not the highest risk in reality,” Tripp said. “MSSP should have the knowledge, expertise and relevant threat intelligence to both adapt to customer concerns, but also stand firm and educate the customer to avoid overspending in areas that for any reason are overhyped or not relevant to this particular client. This is not always an easy task and it requires empathy with the clients, as well as good understanding of their business and their risk profile.”