What To Know About Hiring A Managed Service Provider For Cyber Defense

Innovation What To Know About Hiring A Managed Service Provider For Cyber Defense Brent McCarty Forbes Councils Member Forbes Technology Council COUNCIL POST Expertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. | Membership (fee-based) Nov 9, 2022, 06:15am EST | Share to Facebook Share to Twitter Share to Linkedin Brent McCarty is president of ESET .

Getty In June, President Biden signed into law two bills that would increase federal cybersecurity measures. One of them, the Federal Rotational Cyber Workforce Program Act , gives cybersecurity professionals the ability to rotate among various agencies in order to boost their expertise in a wide range of areas. This is a great step forward in increasing and retaining the government’s cyber workforce, especially during a time of global instability.

What’s more, the salary for these jobs is increasing and is now more in line with the market rate in the private sector. With the greater availability of these higher-paying cybersecurity jobs, small businesses may find themselves struggling to fill positions at a time when their company’s cybersecurity defenses need to be more robust. This is especially critical for small businesses working in critical infrastructure, as increased cybersecurity legislation and regulation looms and insurance policies become more specific in their requirements.

Managed service providers (MSPs) can fill a huge gap here, and small businesses should seriously consider whether partnering with an outsourced team of cybersecurity experts to manage their environment is a better solution than battling the issue on their own. The right selection of a partner and establishing a trusted relationship can provide an extension to the internal team, allowing them to focus on other priorities while leaving the day-to-day operations with the partner. MORE FOR YOU $100M Magic: Why Bruno Mars And Other Stars Are Ditching Their Managers ‘Red Wave’ Optimism Quickly Fizzles Among Republicans—Here’s Why Here’s How The Midterm Election Results Will Impact Abortion Bans What To Expect From An MSP Cybercrime is expected to cost businesses $10.

5 trillion by 2025 , according to Cybersecurity Ventures. Threat groups continue to evolve their methods, with pressure-inducing tactics like print bombing and distributed denial-of-service attacks . No business is immune, and you may be especially vulnerable if you are working with IT infrastructure that is outdated or understaffed.

MSPs can help businesses implement a comprehensive cybersecurity program, advise management on how to keep the business safe and address compliance mandated by cyber insurance companies and legislation. The Cyber Incident Reporting for Critical Infrastructure Act , for example, which was signed into law in March 2022, requires companies working in the 16 critical infrastructure sectors to report covered cyber incidents and ransomware payments within 24 hours. These types of requirements may become standard across other industry categories.

The reporting requirements for companies could become a significant overhead for many organizations and companies. When a company is considered critical infrastructure, based in a state with data breach notification requirements, subject to industry body regulation and required to report incidents to their cyber risk insurer, they may require a team on hand just to deal with reporting requirements. This burden, while dealing with a significant cyber incident, is probably most efficiently handled by an MSP or outside entity familiar with the reporting methods and requirements.

MSPs are also likely to stay on top of changing requirements. In addition to the above, a good MSP cybersecurity bundle can include full disk encryption, cloud security, firewalls, antimalware software, email security and endpoint protection. It should also include an incident response plan and regular security testing and monitoring to ensure that patches are applied, viruses are being protected against and software updates are being made.

An MSP should have the technical expertise to address problems quickly and efficiently, provide fast service and onsite support, and be proactive in maintaining systems by emphasizing prevention rather than waiting for problems to happen. Considerations When Working With An MSP There are many challenges that small business leaders may encounter when engaging with an MSP, many of which can be avoided by giving time and thought to the process of selecting the right partner. An outsourced team needs to share a similar ethos to security as your company’s ethos, and their cybersecurity policies should replicate your policies.

This will avoid adding a weak link into your environment. While not a foolproof way of validating quality, checking accreditations of the MSP’s team, such as CISSP status or whether the company holds an ISO 27001 certificate, can help validate the company’s ethos. While the above-mentioned accreditations provide a checkbox approach to validation, academic qualifications and process certifications may not validate their experience.

It’s very important to independently validate experience by reviewing customer references—and not necessarily only the ones they provide you. In the same way that an MSP team needs to be an extension of your own cybersecurity team, they should also be an extension of the vendors with whom they work. Ensure an MSP has a solid vendor relationship with their vendors, as this can be crucial should something require escalating back to the vendor.

Where possible, the vendor relationships should align with the numerous vendors’ products that your organization already uses. Finally, to become an extension of your environment, it may be necessary for an MSP to be creative in how to integrate their services, as opposed to you making all the changes needed to integrate with their offering. Because of this, make sure to negotiate support hours and flexibility of commercial terms rather than accepting a standard offering that does not align with your team’s needs.

Remember: This is a partnership. Conclusion The cybersecurity talent pool is small. With the government increasing its demand for cyber professionals and offering them competitive salaries, it will be difficult for small businesses to find—let alone hire—an in-house cyber expert at a reasonable price.

Managed service providers can provide a compelling option for small to medium businesses looking for help. Follow me on LinkedIn . Check out my website .

Brent McCarty Editorial Standards Print Reprints & Permissions.