May 2023 - Cynomi

An easy way for MSPs and MSSPs to boost virtual CISO offering

The Chief Information Security Officer (CISO) position has risen to prominence in recent years due to the risk posed by rampant ransomware and other forms of cyberattack. It is the CISO that coordinates security technology procurement. The CISO sets the cybersecurity tactics, strategies, policies and processes that protect the organization now and into the future – in alignment with business objectives.

Top CISOs live and breathe risk management. They provide the necessary prevention, detection and mitigation measures against cyberattacks, oversee cyber governance and compliance, report to top management and anything else that keeps the organization secure. They can be likened to the captain of the cybersecurity ship. It is up to them to navigate the best course across the stormy waters of modern IT environments.

To be able to do the job, they need extensive skill and experience in management, IT and cybersecurity. They must have a solid knowledge of all standards and cybersecurity frameworks such as the National Institute of Standards and Technology (NIST) and ISO, as well as a firm grip on regulations such as HIPAA and GDPR. Many have advanced degrees in IT and cybersecurity as well as certifications such as the Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), or Certified Information Security Manager (CISM). To operate successfully at a C-level and under – and stand the interplay between IT and business, a knowledge of business is essential – some CISOs even possess an MBA.

CISO shortage fuels SMB demand for vCISO services

Unfortunately, skilled CISOs are in very short supply. Those who can afford it pay top dollar – CISOs typically command in excess of $150,000. Few SMBs can afford that amount. Yet states such as New York and others mandate that the CISO position must be filled in certain regulated markets such as financial services. No wonder virtual CISO (vCISO) services have surged in popularity.

Almost half of MSP clients fell victim to a cyberattack within the last 12 months. In the SMB world, the danger is especially acute. Never mind a CISO – only 50% of SMBs have a dedicated internal IT person who manages cybersecurity. That’s why SMBs are increasingly willing to pay a subscription or retainer to gain access to expert C-level cyber-assistance in devising and implementing strategies to prevent breaches, reduce risk, and mitigate the consequences of attacks.

vCISO services are especially attractive to MSPs and MSSPs as they address a growing need from their SMB clients for proactive cyber resilience while offering the potential to grow recurring revenues. Moreover, offering vCISO services makes service providers’ work more effective, as they not only say what needs to be done to close security gaps, but also control those actions. Many vendors offering vCISO services also claim that providing these services enhances their customer intimacy allowing them direct contact with customers’ top management. The problem is that many providers are only able to provide a small portion of overall CISO duties.

How to expand vCISO services

Some vCISO service providers help organizations with compliance preparedness while others perform risk assessments or assist in areas such as reporting and communication with management, cybersecurity audit preparation, continuity planning, cybersecurity strategy, the setting of policy, financial management of cybersecurity, and the supervision of security technology evaluation and implementation. Each of these services adds clear value to the client. But they don’t encompass the breadth of functions provided by a full-time CISO.

The minimum requirements for full vCISO services are:

Risk assessment & management
Setting strategy
Actual protection of the organization
Training & security awareness
Compliance & governance
Incident response
Continuity planning
Thiry-party management
Communication to management

Spanning the entire range of vCISO responsibilities, MSPs and MSSPs can achieve much higher margins by adding even more value to their customers and making their work more effective. But how can this be done without killing profitability? After all, where will the MSP/MSSP find qualified, experienced and affordable personnel that can fulfill the role? Alternatively, how can they scale their vCISO services without having to add yet more resources?

How to deliver comprehensive vCISO services?

A new eBook by Cynomi, “What does it take to be a full-fledged Virtual CISO?” lays out exactly how service providers can easily, rapidly, and economically expand their vCISO service offerings to cover the entire range of duties.

In this eBook we explain:

The essential functions of the vCISO
What it takes to move from partial delivery of vCISO duties to comprehensive delivery
The upsell potential of delivering comprehensive vCISO services
How vCISOs already providing security risk assessments or compliance services can expand those offerings effortlessly
The platforms that can help vCISO providers add sufficient automation to be able to broaden their offerings and scale without adding more personnel resources.

vCISO platforms can help you deliver the full range of services

vCISO platforms enable service providers to deliver a complete range of vCISO services. This means they can charge a lot more while delivering highly valued services that earn word of mouth at the highest ranks of management. Effectively, they have elevated their sphere of influence from the systems administrator/IT manager level up to being able to interface directly with C-level executives and the board of directors. With their duties well fulfilled, the MSP/MSSP moves into a trusted position of strength. Smart service providers, therefore, seek to extend their existing offerings to be able to provide the entire vCISO service range and become true partners of their clients.

This eBook is based on input from our community of experienced vCISOs. It lays out the essential steps needed to be able to embrace the full scope of vCISO services. Download the eBook here.

v1_Top IT Security Policies to Implement

Developing a security strategy and establishing effective security policies constitutes a critical part of the CISO or vCISO role. This task is typically time-consuming, especially since each organization requires customized policies that can address its specific structure, security needs, compliance requirements and risk appetite.

To assist vCISOs in making this task more efficient and effective, we are leveraging the exclusive data and knowledge from Cynomi’s vCISO Platform. Based on this extensive and first-hand information and the derived insights, we’re publishing a complimentary series of blog posts listing the top policies that should be considered by any vCISO and for any organization. Each blog post will also include samples and thoughts for inspiration.

This is our first blog post in this series. It covers Workstation Security, which is one of the most fundamental security policies to be followed.

Why Is This Policy Important?

Workstations, such as computers and laptops, are often a prime target for cyberattacks. These devices, used in all organizations, typically contain sensitive information. They are also often connected to a network, making them vulnerable to a wide range of threats, including malware, viruses, and unauthorized access. Therefore, attackers will frequently target these endpoints while attempting to exploit their weaknesses.

As such, Workstation Security is one of the fundamental and most important policies every organization should follow. A comprehensive Workstation Security policy helps organizations protect data and mitigate cybersecurity risks such as malware and viruses, while reducing the threat of security breaches. Additionally, this policy is required in order to comply with some of the most prominent industry standards and regulations, such as the General Data Protection Regulation (GDPR), the Payment Card Industry Data Security Standard (PCI DSS), and the Health Insurance Portability and Accountability Act (HIPAA).

The Attacks This Policy Help Protect Against

A strong Workstation Security policy helps protect organizations from various malware attacks, including ransomware and Remote Access Trojans (RATs), and from sophisticated phishing attacks that exploit software vulnerabilities and weaknesses in workstations.

Following a workstation security policy also helps protect from Man-in-the-Middle (MITM) attacks, which involve intercepting and altering network traffic between a user’s workstation and a remote server. MITM attacks aim to steal sensitive information or distribute malware across the network.

The Scope of This Policy

The Workstation Security policy applies to all employees, contractors, vendors, and agents that have company-owned (managed) or personal (unmanaged) workstations connected to the organizational network.

Top Controls in This Policy

The controls listed below are the elementary and foundational components of a strong Workstation Security policy. By following them, you can improve the security of your organization’s workstations:

Strong Password Policy: Implement a strong password policy that requires users to choose complex, unique passwords and to change them regularly. It is also highly recommended to use a password manager.
Why?
Strong passwords are essential for protecting your online accounts from unauthorized access. Weak passwords, such as simple word or number combinations, can be easily deciphered or cracked by hackers using automated tools. In fact, recent research shows that the latest generative AI services can compromise 51% of passwords in under one minute. Strong passwords, on the other hand, are longer, more complex, and include a mix of characters. This makes them much harder to guess or crack.
Multi-Factor Authentication: Use multi-factor authentication (MFA), which requires verification of multiple factors to access a resource. MFA replaces the use of just one factor, such as a password.
Why?
Enabling two-factor or multi-factor authentication adds an extra layer of security to your online accounts. Requiring additional factors, such as a code sent to your phone, in addition to your password, to log in, makes it much harder for hackers to gain unauthorized access to your account, even if they have your password. The chances of attackers being able to provide multiple verification factors is slim, especially if you use factors like biometric verification.
Anti-Malware Protection: Install and regularly update anti-malware and anti-virus software.
Why?
A single malware infection can bring down an entire network, leading to downtime, lost productivity, financial loss, and a damaged reputation. Anti-malware protection can provide real-time protection against malicious software by detecting and removing malware, to help maintain the security of a company’s digital assets.
Operating System and Application Patch Management: Regularly update the operating systems and applications with the latest security patches and updates.
Why?
Patch management helps to keep software and systems up-to-date with the latest security patches and fixes. This helps prevent the exploitation of known vulnerabilities, which can be used by cybercriminals to compromise the organization’s endpoints, network and data.
Firewall Configuration: Configure workstation internal firewalls to restrict incoming and outgoing network traffic.
Why?
Effective workstation firewall configuration provides an additional layer of security against potential network threats. Firewalls can prevent unauthorized access, filter network traffic, detect and block suspicious activity, and stop lateral movement of malware. An internal firewall helps to keep the system and data safe from a wide range of threats, including viruses, malware, and hacker attacks.
File and Folder Encryption: Encrypt workstations’ hard drives.  This is especially important for protecting laptops.
Why?
Encryption of files and folders helps protect sensitive data that is stored locally from unauthorized access. Encryption makes it more difficult for cybercriminals to intercept and read confidential information, as the data is scrambled and can only be deciphered with a decryption key. File and folder encryption can also help comply with data protection regulations, and, in some cases, helps protect against ransomware.
User Awareness Training: Educate users on how to recognize and respond to potential security threats and how to follow security best practices.
Why?
In many cases, humans are the cybersecurity weakest link. By raising awareness to cybersecurity best practices and threats, employees can become an effective line of defense against cyber-attacks, thus reducing the risk of security breaches and other cyber threats. User awareness training helps educate employees how to recognize and respond to cyber threats. This includes identifying phishing emails and messages, avoiding social engineering scams, and practicing safe online behavior.
Workstation Administration: Ensure that all operating systems and hardware configurations are centrally managed. Use a minimal amount of local admin accounts and make sure these accounts are securely managed (for example, with Privileged Access Management – PAM solutions).
Why?
Central workstation administration helps ensure that all individual workstations are properly governed, updated and maintained, making them easier to secure. In addition, applying remote administration also allows detecting and remediating security threats quickly, minimizing the impact of security breaches. This reduces the risk of cyber-attacks such as malware infections and data breaches as well as the impact of human error that can occur during manual updates and maintenance.
Locking Workstations: Ensure workstations are locked after a set period of inactivity.
Why?
It is crucial to lock workstations to prevent unauthorized access to sensitive data and systems. When a workstation is left unattended and unlocked, it can be accessed by anyone who has physical access to it, potentially compromising confidential information or allowing for malicious activity.
Backup and Recovery: Regularly backup workstation data and implement recovery procedures.
Why?
Backup and recovery of workstations ensure the availability and integrity of data in the case of a cyber-attack that caused data loss, encryption, or corruption. With a backup, a copy of important data is stored in a safe place, separate from the workstation, and can be used to restore data in the event of an attack. By regularly backing up important data from endpoints and having a recovery plan in place, organizations can prevent data loss and allow business continuity.

Implementing these security controls can help reduce the risk and blast radius of security incidents, and protect sensitive data that is stored on workstations.

3 CISO Takeaways

Keep Software and Operating Systems Up-to-Date: Cyberattacks often exploit known vulnerabilities and CVEs. By keeping software and operating systems up-to-date, you can significantly reduce the risk of ransomware, malware, phishing and other cyberattacks.
Implement Multi-Factor Authentication (MFA): Implementing MFA is an effective way to protect workstations from unauthorized access. This is one simple action that significantly reduces the risk of a breach through a workstation.
Regularly Educate and Train Employees on Cybersecurity: At the end of the day, there are people who use the workstations. As such, regular training and education for employees is key to improving workstation protection. It’s important to conduct regular security awareness training and phishing simulations to enable employees identify security threats in real-time before it is too late.

The controls and practices detailed in this blog post can help you protect your organizational systems and resources. Since cybersecurity is not a “one size fits all” play, we highly recommend consulting with your CISO, virtual CISO, MSSP or cybersecurity consultant before jumping into implementing the suggested controls. To get a full Workstation Security policy tailored to the needs of your specific business, you are welcome to try Cynomi’s vCISO Platform.

Month: May 2023

An easy way for MSPs and MSSPs to boost virtual CISO offering