Cyber security today is an existential requirement for all companies. Cyber security threats targeting key assets, personally identifiable information (PII), or with the goal of encrypting and ransoming access to sensitive data are all increasing in both frequency and sophistication. In order to combat existing and emerging threats, cyber security professionals have had to implement significant operational and organizational changes. In many cases, companies have chosen to rely on a managed security service provider (MSSP) to maintain their cyber security defense.
One of the core benefits that an MSSP offers to a company is value. Understanding how an MSSP offers value to a company can be challenging for those unfamiliar with what an MSSP is and what it does. That being said, not all companies utilize the full range of services that an MSSP offers, instead relying on an MSSP to supplement their existing cyber security efforts. In order to provide a better understanding of whether your company needs an MSSP, it is helpful to gain insight into what an MSSP is, what it does, and what the benefits of using an MSSP are. This information will help provide important context for the decision-making process behind choosing to work with an MSSP.
The landscape of cyber threats facing today’s companies is different than ever before. The way in which cyber security threats are changing is prompting security professionals to adapt and improvise new methods of defense. Understanding the role that mssp providers play requires first gaining a sense of the scope of threat that today’s companies face. Cyber attacks today are more numerous, frequent, and advanced. When successful, they are also more lucrative for the perpetrator and more extensive in their effect. The economic costs of cybercrime is increasing every year, and is expected to be over $6 trillion dollars annually by 2021. The widespread threat of cybercrime is evident as well. Nearly one-third of all companies are affected by cybercrime in some way. As the economic incentive for criminals to commit cybercrime will remain consistent or continue to grow, the threat that a company will be the victim of cybercrime will remain a significant concern into the future.
We rely on interconnectivity for modern businesses and societies to function. This interconnectivity provides inherent strengths and weaknesses. As we have embraced the proliferation of connected devices, our risk of having sensitive data or information stolen has increased as well. Today’s cybersecurity professionals must contend with the fact that threats today are constant. From traditional types of cybersecurity threats such as phishing schemes, malware, and DDoS attacks, to Advanced Persistent Threats (APT) and ransomware, security professionals must harden systems against a variety of external threats. Additionally, the scope of threat actors and threat vectors has changed as well. Not only must cybersecurity professionals contend with individuals attacking systems for financial gain, but they must also prepare for state-sponsored cyberterrorism efforts to disrupt systems or steal intellectual property (IP). The risks are particularly acute for critical infrastructure such as power grids and industrial control systems.
The impact of cybercrime and cyberterrorism is little understood. Today’s cybercriminals are more likely than ever to target PII or sensitive consumer data which can be sold or ransomed. Recent large scale security breaches illustrate the increasing frequency and scope of data theft that is affecting companies regardless of industry. The breach that occured with the credit reporting bureau Equifax in 2017 resulted in the theft of the PII of over 147 million Americans. The true scope of the attack wasn’t at first understood. A report on the Equifax hack released by the United States Government Accountability Office (GAO) found that the attackers extracted the data over a period of 76 days in order to evade detection. This breach demonstrates the increasing level of sophistication required to assess vulnerabilities in the target, exploit those vulnerabilities to gain access to sensitive information, and exfiltrate the information in a way to evade detection.
Sophisticated cyber attacks that result in successful, large-scale security breaches on businesses like the Equifax breach have become a commonplace headline. The scale of the Equifax pales in comparison to the Yahoo data breach which affected roughly 3 billion individuals. One doesn’t need to look far to find similar examples of massive data breaches. The list of companies that have already suffered data breaches in 2018 alone is sobering. Individuals affected by these breaches are also keenly aware of the risks to their PII that data breaches represent. A recent Gallup poll from 2017 found that 25% of respondents had their own information stolen, or lived with someone who had their information stolen in the past year. The same poll found that nearly three-quarters of respondents are consistently worried about being the victim of identity theft. This demonstrates the continued need for organizations and companies to implement stringent measures to safeguard sensitive and protected information.
The Role of Managed Security Service Providers
The persistence and sophistication of the cyber threats facing modern companies has prompted a wholehearted response by both companies and regulatory agencies to attempt to mitigate the impact of cybercrime. Companies are adapting to the realities of cyber threats in a variety of different ways. The manner in which an organization adapts to threats has been unique based on specific threats facing them, their appetite for risk, their interaction with sensitive data, and their own operational and organizational goals. Many companies are integrating cyber security considerations into operational and organizational decisions. This allows companies to create a proactive cyber security posture from the top-down.
Alongside an increased incorporation of cybersecurity considerations into organizational and operational business decisions, companies are increasingly relying on managed services from cyber security companies to coordinate or augment their cybersecurity defense. This need has risen alongside the need for organizations to approach cybersecurity as a continuum rather than a one-time event. Companies must be prepared for constant vigilance and monitoring in the face of APTs and the proliferation of sophisticated threat actors. Approaching cybersecurity from this perspective requires an organization to implement cybersecurity best practices, develop ongoing training security programs, and constantly monitor cyber assets and systems for evidence of an intrusion.
There are a number of advantages that an MSSP offers that add value to the companies they work with. First, let’s breakdown what an MSSP is. A managed security service provider is a third-party provider of cyber security services. Companies outsource security and compliance services to MSSP’s rather than developing the same security program in-house. Managed cyber security services can fulfill a number of needs for today’s companies. They can help a company achieve a forward cybersecurity posture with constant intrusion monitoring and network testing. They can help companies accurately analyze and assess risk by identifying key threats and vulnerabilities unique to that specific company. An MSSP can also be relied on to help achieve and maintain regulatory compliance with things like the Health Information Portability and Accountability Act (HIPAA). Lastly, an MSSP can help with incident response and risk management in the event of a breach, and offer insight into remediation steps to ensure that a similar event doesn’t happen in the future. In order to provide greater context, we’ll dive into each of these services in greater detail.
Monitoring and Testing
One of the most important aspects of what an MSSP does is constant monitoring and thorough testing of the client’s networks and cyber assets. Through monitoring and performing regular testing, organizations can better determine the threats they are facing and implement strategies to reduce vulnerabilities. Monitoring and testing requires extensive manpower and technical expertise, as well as a constant effort to stay abreast of dynamic shifts in threats. Companies rely on an MSSP to conduct external testing and system monitoring because building up these services in-house can be time-consuming and costly. MSSPs have the advantage of providing monitoring and testing services to multiple organizations, giving them access to a higher degree of expertise as reduced costs for the company.
Regulatory Compliance and Advisory Services
In response to the explosive growth of cybersecurity threats, a variety of regulatory structures have been created to implement cybersecurity best practices across certain industries. Many companies rely on an MSSP to provide regulatory compliance and advisory services. This helps the company ensure that they are compliant with regulatory requirements, and that they implement strategies to maintain that compliance over time. For example, companies that interact with sensitive cardholder data must comply with requirements set forth in the Payment Card Industry Data Security Standard (PCI DSS). An MSSP that has been designated a Qualified Security Assessor (QSA) can be brought on to assess your company’s PCI DSS regulatory compliance and implement a remediation plan in vulnerabilities are identified. Many MSSPs offer regulatory compliance and advisory services on a variety of regulatory bodies, such as HIPAA or the North American Electric Reliability Corporation (NERC). Proactive compliance and advisory efforts, such as those provided by an MSSP, are essential to maintain regulatory compliance and avoid any penalties for non-compliance.
Access to Expertise
No one wants a breach to occur, but the grim reality is that harmful cybersecurity events are a daily occurrence. One reason that many companies contract with an MSSP is to provide access to expertise. Unlike an IT department, which generally follows a normal work-day schedule, many MSSPs offer a suite of services including access to 24/7 support. During incident response scenarios, timely access to expertise is essential to quickly determine the extent of the breach of event. Cybersecurity experts at MSSPs help companies navigate immediate situation response, outline strategies for isolating the threat, and can advise on remediation steps. Additionally, for companies that face compliance with one or more regulatory structures, MSSP security experts can offer insight and guidance that ensures compliance is maintained in periods of transition, when new technologies are introduced into security operations, or when exploring new opportunities.
Maintaining an adequate cybersecurity presence in today’s world is an expensive undertaking. Many companies lack the resources to adequately defend their cyber assets and maintain compliance with regulations. At the same time, MSSPs are able to offer enhanced services over what most companies can provide. MSSPs are able to invest in enhanced technology over what most companies can field for internal cybersecurity efforts. MSSPs tend to have higher operational efficiency over in-house operations as well, due in part to the streamlined focus of their objectives. MSSPs further provide cost savings and value by giving access to highly trained and specialized cybersecurity experts. MSSPs are able to offer more cost-effective cyber security solutions because they provide services to multiple customers. This has a couple of advantages. First, it means that when an MSSP invests in technology or solutions to improve the security operations for one client, all of the clients of that MSSP gain enhanced security. Second, the MSSP can incorporate defenses against threats targeting one client to all of their other clients. By consolidating technology and threat intelligence monitoring, MSSPs offer value by providing capabilities beyond those that many companies can internally field or afford.
Risk Analysis and Management
One of the key areas where an MSSP can add value to a company is through thorough risk analysis and risk management efforts. The wide variety of risks that companies face from cyber threats is becoming a central consideration from an operational perspective. With their access to expertise and extensive cybersecurity solutions, MSSPs can help companies accurately assess their risks. Additionally, once areas of high risk have been identified, an MSSP can work with the company to shore up any vulnerabilities before a breach has occurred. Because MSSPs work with multiple clients, their threat intelligence library is usually more comprehensive. Companies contract with cyber security service providers for risk analysis and vulnerability management because they are better equipped to identify threats facing the company and implement security strategies to reduce the risk from those threats.
 KEMAN HUANG, MICHAEL SIEGEL, and STUART MADNICK, “Systematically Understanding the Cyber Attack Business: A Survey.,” ACM Computing Surveys 51, no. 4 (July 2018): 1-2.
 DAVID ALEXANDER, “Fighting the Fight: Cyber Attacks on Industrial Control Systems Are Increasing. What Can You Do?,” TCE: The Chemical Engineer, no. 923 (May 2018): 45–47.
 Paul McLane, “CYBERSECURITY: Every Enterprise Is at Risk As Attacks Diversify and Adversaries Get Smarter.,” Mix 42, no. 7 (July 2018): 46.
 Yong Wu et al., “Decisions Making in Information Security Outsourcing: Impact of Complementary and Substitutable Firms,” Computers & Industrial Engineering 110 (August 1, 2017): 1–12, https://doi.org/10.1016/j.cie.2017.05.018.
 Thomas W. Overton, “Beyond the Firewall: Best Practices for Cybersecurity Risk Management,” Power, 2016, edsgao.