System Network and Design, LLC 404-968-8288




By Nick Cavalancia

Today, one of the primary concerns of any Managed Service Provider (MSP) is the security of its customers—their systems, applications, and data. Organizations exist in a world where cyber attacks are not only present, but eminent. And, by eminent, I mean it’s either going to happen, or it already has (whether your customer knows it or not).

For example, over three-quarters of organizations say the severity of attacks has increased from the previous year.1 And they’re right; in the past 12 months, 33% of organizations have experienced a ransomware attack.2 These are companies that have put measures like antimalware, endpoint threat protection, and user training in place!

The smaller organizations—that are perfectly sized to be your customers—are the primary target of cyber criminals3, and the data shows SMBs are simply not prepared:

  • Nearly 50% of small businesses have experienced a cyber attack.3
  • 88% of organizations with 50 employees or less have experienced a ransomware attack in the past 12 months.2
  • More than 75% of employees leave their computers unsecured.3

It’s more a when than an if, really.

This makes it the service provider’s job to ensure every part of a client’s network is proactively protected. It’s no longer just about securing the common attack avenues of entry—such as the network perimeter, email, and websites. Sure, those things need to be in place, but the real challenge is to proactively eliminate risk as part of your ongoing management.

So, how do you eliminate risk?

The answer lies in looking at the threat activity itself. Is it the fact that a cyber criminal compromises an endpoint on your customer’s network that is the threat? How about if they somehow obtain domain admin credentials? In reality, the real risk isn’t found in either of these actions. Think about it; you’ve never read a headline like, “Cyber criminal obtains domain admin rights… and does nothing with them!” Instead, the headlines look more like, “10K healthcare records stolen!”

Now you’re probably seeing where I’m going. The risk is found not in the access to your network, but in the access to and theft of your organization’s data.

While you definitely need to secure your network’s periphery—which would include solutions like email security, application firewalls, and endpoint protection—the real risk-reducing work is found at the intersection of valuable data and vulnerabilities. This intersection may exist at those very same endpoints you already worry about, or it may exist on a server somewhere deeper within your network. The challenge is understanding what lies deep within your network and its endpoints, well beneath the assumptions of security.

So, where should you be looking to find and eliminate the risk of data breaches?

To answer this, let’s look at three elements that make up the calculation for determining the dollar cost of risk (an article you should definitely read) in an organization:

  • The number of unprotected records on an endpoint—Users tend to keep data handy on their endpoint, especially laptops. Understanding exactly where any kind of sensitive data (e.g., credit cards, SSNs, and healthcare data) lies on your endpoints will help you focus your risk-reducing efforts.
  • The cost per record—This value is based on industry data breach information and differs for each type of data stored on an endpoint.
  • The CVSS score—The National Institute of Standards and Technologies’ Common Vulnerability Scoring System is a detailed and somewhat complex method of calculating exactly how vulnerable a given endpoint really is.

In the dollar cost of risk calculation, the three values above are multiplied to give you a total risk for a given endpoint. But in the case of this article, where we try to determine what’s lurking beneath the surface of the network that’s creating risk, the calculation spells out the two areas you need to be addressing: unprotected data and vulnerable endpoints.

Recall that I mentioned earlier in this article, “The real risk-reducing work is found at the intersection of valuable data and vulnerabilities.” Now you see why.

There are a few actions you can take to reduce the risk that’s lurking beneath:

  1. Identify where your unprotected data lies.
    Solutions exist that can scan endpoints for you to identify the presence of unprotected valuable data. Knowing the number of records on any given endpoint gives you the context necessary to place needed attention on specific endpoints, as well as provide visibility across the entire network.
  2. Eliminate unprotected data on endpoints.
    The cost per record from the calculation provides a bit of context around which record types are truly costly from a risk perspective (and, therefore, valuable from a breach perspective). While you can’t alter the industry data that establishes the record costs, by eliminating either some or all of the unprotected records, you can work to reduce the risk their presence creates.
  3. Identify and patch known vulnerabilities.
    The CVSS calculation, boiled down, simply estimates “how vulnerable is this endpoint based on what’s not patched and just how easy does the vulnerability make it for an attacker to gain entry?” By scanning each endpoints’ patch status for OS, applications, and plug-ins, and then providing needed patches, you effectively eliminate the risk of a data breach by means of known vulnerabilities (as denoted by a CVSS value of zero which, in turn, gives a dollar cost value of zero).

From under the surface to into the spotlight

This is one of those cases where “you don’t know what you don’t know.” Scanning endpoints, for both valuable data (that probably shouldn’t be there) and the lack of proper protection against vulnerabilities, brings the unseen risk that’s been there all along—just beneath the surface—to the forefront of your attention.

This is no simple feat. Sure you can do some level of scanning/patching with free tools, but gaining visibility into both the current state of a given endpoints’ unprotected records and level of vulnerability—and then being able to do something about it—is going to require a third-party solution.

Find out how System Network and Design MSP Risk Intelligence can help you reduce risk on your endpoints and secure your customers’ systems. Click here to start your free trial today.

References: 1. Ponemon, State of the Endpoint (2016) 2. KnowBe4, Endpoint Protection Ransomware Effectiveness Report (2017) 3. National Cyber Security Alliance, National Small Business Survey (2016)

Share this article

Comments are closed.

%d bloggers like this: