Why most businesses are throwing money down the large cyber stack toilet.
Every year has been a record year. Data breaches. Cyberattacks. All getting worse.
BUT I know that there is a large portion of our community looking to do the right thing. The problem: how do you go about protecting your clients without breaking the bank, overcommitting, overpromising, or even being satisfied that your solutions are working as you expect?
I read a statistic recently that pointed to cybersecurity spending growing over 10 percent above that of GDP in the next 5 years. There are and will be new shiny security tools coming to market that you’re probably considering.
The problem? Many of them rely on incredible marketing. Others promise you the moon. And many overlap either partially or completely with other tools in your current toolbox.
Next week, I will be going through every cybersecurity layer in detail, focusing on what you need in a cyber stack in 2022. If you are a partner, I would highly recommend getting on this 3-part call.
But regardless of being in a part of the Galactic World, I want to spend a few minutes going through why I think stack overlap is costing a lot more than just money.
It is true that criminals are getting harder to deal with. We now have hybrid work environments that don’t seem to be ending anytime soon. The traditional perimeter is no longer a viable model for how to encapsulate a network.
As an MSP, you need to consider the gamut of prevention, detection, and response. You are or will be expected to help in mitigating threats on your client networks. Having a growing role within security, you undoubtedly will want to make sure you have your bases covered. And that probably means having some overlap within your stack. But with overlap and the array of products offered today, you pretty much need a fulltime job to research, vet and implement security solutions.
Your unruly stack?
When you’re evaluating your stack, I want you to think about each layer.
In my mind, your stack represents 6 distinct layers:
Human—how our behaviors impact our data security.
Perimeter—the ever-changing external part of our networks. At times, this might be the traditional model, but has growingly evolved into a needed layer around individual devices.
Network—having to make sure everything within your network is hardened.
Endpoint—making sure that every endpoint is protected.
Application—making sure that software is hardened.
Data—making sure critical data is tracked, accessible, and secure.
It’s not an easy task to get these layers right. Certain components of your stack may depend on what type of client you are dealing with. How important is their data? Which assets are critical? How focused is the company on securing their data? Are they compliance-driven or care less about their information and only interested in saving money?
These questions all will impact what tools you implement and the coverage you have across aspects of your stack.
When I talk about overlap, part of the issue is making sure that everything is up to date and configured properly. If you have too little in your stack, you obviously have open holes to detecting, mitigating, or protecting your network. But too much can also mean false positive detection, poor maintenance plans and insufficient bandwidth to adequately implementing solutions, let alone costly subscriptions.
On top of simply over-investment in tools, is one big consideration: how can your team be sure you have the ability to shut it down in the event that it’s compromised? If you cannot answer this question, you are putting yourself and clients at risk.
If you do not have an action plan to shut down your antivirus or whitelisting tool in the event that software was compromised, you won’t have time to react if an incident were to occur.
In addition to pieces of your stack, I want you to have a strategic plan in place.
How are you able to visibly see an attack going on in your network? Have you tested the alerts you expect?
How do you know pieces of your stack are working the way you expect?
How can you prove to yourself that your stack is working toward a unified goal?
These are questions that need to be addressed before adding to or reconfiguring your cyber stack.
Cybersecurity is a huge circus. You are the juggler that needs to keep all the balls in the air. That means you’re the one assessing intricate networks and prioritizing what needs to alert, to prevent alert fatigue. You are the one that has to make sure your team has processes in place to respond and understand how alerts relate back to protocols. You are also the one that needs to determine how your stack stacks up (you already know the consequences if you underestimate).
Do you have a strategy to review your stack, strategize and rerack?
If not, consider a free cyber stack assessment.
