The MSP's Guide to Email Security Incident Response

Since 90% of cybersecurity attacks start with an email, a security strategy is key.

January 27, 2020

5 Min Read
Email Security with Envelope
Shutterstock

By Eyal Benishti

Benishti-Eyal_Ironscales-author-150x150.jpg

Eyal Benishti

Demand for channel services, especially for managed service providers (MSPs), managed security service providers (MSSPs) and managed disaster recovery (MDRs) providers, has dramatically increased in recent years as businesses of all sizes look to formulate strategic partnerships that can help reduce cyber risk, which has grown exponentially. The rapidly shifting cybersecurity threat landscape is one of the primary reasons that the managed services market is expected to grow 11% between 2016 and 2022, according to a September 2019 report from Market Research Future.

This move should come as no surprise. Now more than ever, cyberattackers are gaining access to organizations’ and their employees’ valuable information through advanced phishing attacks costing millions in lost revenue, time and effort. They’re taking advantage of today’s fast-paced, connected world, where it’s not unusual for essential requests and transactions to be made over email. For example, if a midlevel employee unknowingly receives an impersonation email from their CFO asking them to do something, they’re probably going to do it.

Unfortunately, these actions come at a cost. Recently, the Federal Bureau of Investigation issued a public service announcement that showed business email compromise (BEC) cost organizations globally $26 billion over the past three years.

Despite steps taken by organizations to stop these attacks, the burden to mitigate and manage is overwhelming for many IT teams and companies. This is the reason more companies are turning to the channel to help manage their security protocols and daily activities. Fortunately for the channel, this is an opportunity worth taking.

The Burden of Email Security and Incident Response

Email remains the primary cybersecurity pain point for both MSPs and their customers. According to the 2019 Data Breach Investigations Report, more than 90% of all attacks start with an email, making it a significant burden for internal and external security teams tasked with protecting and monitoring company email inboxes.

SOC teams are often responsible for handling thousands of email inboxes within their organizations. Adding to their burden, email attacks are growing more frequent and advanced, with techniques such as BEC, spear-phishing and account takeover becoming more commonplace. These attack types are built to bypass traditional technical and human controls such as rules-based secure email gateways (SEGs) and security awareness training.

The onslaught of phishing emails creates a backlog of both phishing and nonphishing cybersecurity incidents to investigate. While threats require attention, phishing mitigation requires real-time analysis, as it takes on average less than 82 seconds for a human to engage with a phishing email once it lands in an inbox, according to Aberdeen Group.

Unlike the customers they serve, MSPs are in a unique position to see within inboxes, across multiple clients, and often across different industries. This provides valuable insight into attacks and trends that are constantly changing, ultimately giving MSPs the advantage to stop the attack quickly and efficiently.

Steps for MSPs to Secure Customer Inboxes

Knowing that email will continue to serve as the primary attack vector, MSPs must prioritize an email security strategy to protect both their own mailboxes and those of their customers without burdening security teams. This is especially vital as …

… the cybersecurity skills gap continues to grow, causing unnecessary stress on MSPs who are looking to hire and maintain employees that have the technical skills, certifications and knowledge to adequately defend against attacks. At the same time, MSPs should also look to accelerate their investigation and remediation of phishing attacks that land in the mailbox to best serve their customers from attacks. This strategy should include:

  • Decentralizing threat intelligence sharing so that organizations can protect their assets. Since MSPs have a unique advantage of seeing into inboxes from multiple companies, including their own, they can identify and respond to an attack before it spreads to all customers.

  • Encouraging ubiquitous interoperability so that solutions are easily integrated and simple to use, reducing the time and effort for analysts to mitigate threats.

  • Machine learning to automate repeatable processes to increase incident response times and fill the technical skills and training shortage.

  • Communicating with customers with a written, agreed-upon outline that identifies what each party is responsible for. This can legally protect both parties in the event of an incident. MSPs should also make it a requirement for their customers to adhere to the same cybersecurity protocols to ensure there’s no “weakest link” in the security chain.

As the MSP industry continues to grow and client rosters increase, so does the attack surface that MSPs must manage.

Fortunately, MSPs are in a position to provide the email security that organizations are demanding today. However, their email security strategy has to lessen the burden on their own SOC teams, while protecting their internal inboxes as well as those of its customers with real-time incident response. Otherwise, MSPs  will be forced to continue looking over their shoulders for the next attack aimed at disrupting their business continuity and that of their customers.

Eyal Benishti is the founder & CEO of Ironscales, a leader in advanced phishing threat protection, which was incubated in the 8200 EISP by Alumni, the Israel Defense Forces’ elite intelligence technology unit. Benishti previously served as a security researcher and malware analyst at Radware, where he filed two patents in the information security domain. He also served as Java Tech Lead at Imperva, working on the Web Application Firewall product and other security solutions. A passionate cyber researcher, Benishti holds a degree in computer science and mathematics from Bar-Ilan University in Israel. You can follow @IRONSCALES on Twitter and LinkedIn and @eyalbd1 on Twitter and LinkedIn.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like