Over the past decade, the IT/Managed Services Provider (MSP) industry has undergone a significant transformation, driven by the escalating importance of cybersecurity. This has been marked by a shift from traditional IT services to a more comprehensive approach with cybersecurity at the core of our offerings.

Era of Transformation (2013-2023):

• Initial Focus on Infrastructure: Circa 2013, our industry primarily focused on managing and maintaining IT infrastructure. Cybersecurity was a secondary thought, handled reactively.
• Cloud Computing: As our data and services have moved to the cloud on public platforms from Microsoft and Google, the portals to access them have been centralized.  This has brought convenience and an abundance of new features, but also an easier target for bad actors.
• Cybersecurity as a Core Service: Recognizing this need, we began to integrate cybersecurity into our foundational services. This was not just about adding new tools but also developing a deeper understanding of cyber risks.
• Shift to a Proactive Stance: Our focus has shifted from reactive solutions to proactive strategies. You may have noticed this with the addition of our Scout Standards, EDR offerings and Vulnerability Management service that we rolled out to our clients last year at no additional cost.
• Adoption of Standards and Frameworks: Our adoption of the CIS (Center for Internet Security) structured framework has become pivotal. This framework provided a standardized approach to managing our cyber hygiene, ensuring consistency and comprehensiveness in our cybersecurity practices.
• Cyber Insurance Policies and New Requirements: Cyber insurance policies have risen to the level where it is a baseline requirement for businesses these days. Responding to the threat landscape that has evolved dramatically in recent years, pricing and requirements have scaled accordingly. We now see the following security practices as baseline requirements for cyber policies:
  • Patch Management
  • Firewall
  • Multi Factor Authentication (MFA)
  • Annual or semi-annual cyber training
  • Offsite, weekly minimum backups (tested semi-annually)
  • Endpoint Protection & Response (EDR)
  • These practices have largely been unaudited, and often not even verified in the event of an incident. However, insurance brokers are now recognizing verbiage on the new policies hinting that this will be changing, reinforcing the importance of prioritizing cyber hygiene and committing to improving it.

Shared Responsibility: A New Paradigm

A crucial aspect of this evolution is the recognition of shared responsibility in cybersecurity. The earlier assumption that MSPs could singularly shield clients from all cyber threats is being recalibrated. It’s now understood that cybersecurity is a collaborative effort between MSPs and their clients.

Our new Cyber Hygiene Assessment is designed to align with this paradigm. By leveraging the CIS Essentials framework, we aim to provide a clear, actionable roadmap for our clients to understand their role in maintaining cyber hygiene. The assessment focuses on:

1. Identifying Key Vulnerabilities: Understanding where your system may be most at risk.
2. Surfacing Missing Best Practices: Based on the CIS Essentials to fortify your cyber defenses.
3. Educating and Empowering Users: Highlighting the importance of regular updates, employee training, and adherence to security protocols.
4. Regular Reassessment: Continuously updating the cyber hygiene practices to counter new and evolving threats.

Conclusion:

As we embrace the new era of shared cybersecurity responsibility, our goal is to work hand-in-hand with our clients, ensuring that together we can create a more secure digital ecosystem. Our Cyber Hygiene Assessment is not just a service; it’s a commitment to this shared journey towards better cyber resilience.