In this edition of Ask an MSP Expert, we look at how with the ever-evolving cybersecurity landscape, managed service providers (MSPs) must be vigilant. This includes ensuring their managed security service offerings are up to the task of protecting their customers from increasingly sophisticated cyberthreats. For seasoned MSP, MJ Flood Group, the journey to bolstering their security service offerings led them to a partnership with Barracuda MSP and the Barracuda XDR (extended detection and response) solution.
IT business growth expert, Richard Tubb, sat down with James Finglas, the Director of Security at MJ Flood, and Merium Khalid, Director of SOC Offensive Security at Barracuda MSP, to learn how the MJ Flood team has been able to stay at the forefront of cybersecurity and how they are assisting their clients when a cyber incident arises.
Q: James, you had an interesting encounter recently with a client who was affected by a cyber incident. Can you share the experience with us?
Yes, one of our manufacturing clients with around 400 to 600 users operating in 29 countries was hit by a ransomware attack. We had previously warned them about their lack of security, and they were unfortunately a victim while using another security provider’s solution. They reached out to me straight away and our organization responded quickly, engaging Barracuda to manage the incident. This incident has had a significant business impact, with a 7-figure sum in financial losses and potential reputational damage. Interestingly enough, the attackers did not encrypt the backups, suggesting they may not have been professionals. The client ultimately felt fortunate that the situation was not worse.
We chose to rebuild from scratch, including migrating to a green field environment for full visibility. The incident impacted the client beyond just business disruptions. They had to divert resources from planned projects which caused significant disruption to their ecosystem and led to other clients being impacted.
In the end, the remediation cost, including professional services and rebuilding, was approximately 425,000 EUR (450,000 USD).
Q: What do you recommend for MSPs to help prevent similar incidents in the future?
A: Prioritize prevention measures like multifactor authentication (MFA), patch management, and gain network visibility through a mature security operations center (SOC) service. Be sure to stay vigilant with high push notifications and ensure your phone is well-protected and locked with MFA security.
It is advisable to use complementary solutions to cover various aspects of security, creating a multi-layered approach. This is important because it provides a more comprehensive and robust defense system that accounts for a wide range of threats and vulnerabilities and reduces the overall risk to your customers’ data.
Q: Merium, based on your experience, what recommendations do you have for MSPs looking to stay ahead of evolving cyberthreats?
The cyberthreat landscape is constantly evolving. Threat actors can exploit different technologies within an environment. It’s important to reduce attack surfaces and make sure there are no security gaps in your environment for threat actors to take advantage of. As a trusted vendor by the managed service community, Barracuda MSP has been working with MSPs to provide services such as email security, network security, extended detection & response, and much more. These services are integrated to provide central visibility through Barracuda XDR, giving MSPs that single point of access for all their cybersecurity needs. XDR is also integrated with over 40 third-party solutions such as SentinelOne, allowing MSPs to maintain their existing security stack while gaining visibility across attack surfaces.
With Barracuda XDR, there is an incident guidance feature available to all clients and partners. However, with proper setup and monitoring, the probability of an incident is very low.
James and Merium’s experiences shed light on the dynamic realm of cybersecurity, where readiness, collaboration, and proactive measures are of paramount importance. The key takeaway is clear: regardless of the size of their clients, MSPs must encourage clients to practice essential cybersecurity hygiene, implement security fundamentals such as MFA, and maintain network visibility through a mature SOC/security information and event management (SIEM) service. This webinar not only highlights the challenges faced but also showcases the critical role of cybersecurity partnerships in combating the ever-evolving landscape of digital threats. As the threat landscape continues to evolve, the joint efforts of MSPs such as MJ Flood and cybersecurity vendors like Barracuda are crucial for staying one step ahead of malicious threat actors.
Photo: ArmadilloPhotograp / Shutterstock