TubbTalk 143: How to Navigate the Cybersecurity Landscape: A Comprehensive Guide for MSPs

This podcast episode was originally recorded live as a chat between Richard Tubb, Dray Agha and Joe Burns on the topic of cybersecurity. Dray is UK manager for threat operations for Huntress, a managed cybersecurity platform.

Joe is the owner of Reformed IT, an MSP based in the East Midlands. He’s also a Huntress customer, using their outsourced SOC services. They both generously gave up their time for this TubbTalk Live show.

An Interview with Dray Agha and Joe Burns

 

Watch the Video of the Interview

The Huntress Approach to 24/7 Cybersecurity Support

If a business decides to outsource their SOC (security operations centre), then having 24/7 support is essential. It’s impractical for a company to provide this just with local staff.

So, Dray explains: “We have people in the UK, Australia and North America. And what’s cool is we don’t let anyone work outside of 8-4 hours. We don’t want analysts experiencing burnout, so we try to follow the sun and let them do normal hours.

“For me, I don’t want anyone working until 3am to resolve a problem. So international staff is key. But I also want customers to get the Huntress experience regardless of where those analysts are. And we achieve that by immersing employees in the team culture so it’s consistent.

How to Assess Your Cybersecurity Systems

Joe explains that because cybersecurity is a priority for Reformed IT, they make sure that everything they use for their clients they also use. “So our stack is made up of those same tools. We’ve been able to use them to resolve major breaches for clients.

“Of course, nobody is 100% secure, but it’s in our best interest to look at all the potential risks. And then work out how you can mitigate it. Which tools do you need, and what control measures should you put in place?

“But you have to really understand the risk before you can defend against it. Personally, I want to work out how hackers get in. Because once you know that, you can control risks. It’s an evolving cycle of checking and testing.”

How Huntress Support Their Clients to do Cybersecurity Better

Firstly, Dray says Huntress encourage MSPs to protect their own internal assets. One way to do this is through the free Neighbourhood Watch tool that they have. This allows them to quickly identify problems.

“We’re quite good at figuring out when something’s misconfigured. During an intrusion we’ve often pointed things out to a partner and suggested they fix it. And offer support to do that, too.

“We always try to iterate and become better. Sometimes that means coming up with a solution at the point we notice a threat. For instance, we spotted adversaries looking for passwords.

“So we reverse engineered our agent to collect password files and secure them. We didn’t look at them, but we told the partner about it. We want them to be proactive with their defence.”

Understanding Session Hijacking

Joe says that session hijacking is a big thing that the MSP community is seeing at the moment. “I’ll give you an example to help you understand it. One of our clients is based in Nottingham.

“We got a notification to say that they had just signed into Office in Switzerland. We contacted them to make sure they weren’t using a VPN. They had, however, received an email which they clicked on. So the hacker had used it to gain access to their Microsoft mailbox.

“I always recommend multi-factor authentication (MFA). But imagine you go to a festival, they scan your ticket and give you a wristband. As long as you wear it, you can come and go all day. The same applies when you sign into a website, even with MFA. So MSPs need to help clients to lock things down.”

The Importance of Conditional Access Policies

Dray and Joe both agreed that conditional access policies are essential, and the more complex the better. Dray explains: “Say you only use Chromebooks. You can create a policy that only lets Chromebooks access your networks.

“They’re great for frustrating adversaries, but not enough people are using them. One reason they’re so good is because even if the hacker has the right password, they’re still denied access.

“These are cheap obstacles you can put in the way to make things harder for the cybercriminals. And you’ll also get notifications when an attempt is made, which can help to strengthen weak points.”

Why Government Involvement can Help Regulate MSP Cybersecurity

Joe says that he’s in favour because MSPs are in a powerful position. “For instance, we’ve got clients involved in extensive supply chains. So the more protection they have, the better.”

Dray adds: “IT is a sort of governing entity, and it’s so important. That’s things like national infrastructure – electricity, water and so on. We need to protect against aggressive nation states. And we also need to protect our clients from cowboy IT providers.

“And on top of that, companies, schools and hospitals are being ransomed. The more stringent the IT regulation, the better. The only thing I’d add is that the MSP and IT community need to be involved in defining those regulations.”

How to Connect With Dray and Joe

• Huntress
• Follow Huntress on Twitter
• Like Huntress on Facebook
• Follow Huntress on LinkedIn
• Connect with Dray on LinkedIn
• Follow Dray on Twitter
• Reformed IT
• Follow Reformed IT on LinkedIn
• Like Reformed IT on Facebook
• Connect with Joe on LinkedIn

How to Connect With Me

• Subscribe to TubbTalk RSS feed
• Subscribe, rate and review TubbTalk in iTunes
• Subscribe and rate TubbTalk on Spotify
• Follow TubbTalk on iHeartRadio
• Follow @tubblog on Twitter

Mentioned in This Episode

• Tech Tribe
• Security testing: Red Team and Blue Team
• Security qualification: Certified Ethical Hacker
• Cybersecurity best practices framework: CIS Controls
• Defence licences: Huntress Neighbourhood Watch
• MSP conference: Managed Services Summit
• MSP peer group: SBCS Northwest
• MSP business expert: Karl Palachuk
• Microsoft 365 Business Premium
• Cybersecurity certification (UK): Cyber Essentials
• Cybersecurity certification (UK): Cyber Essentials+
• Cyber consultants for small businesses: Cyber Advisor
• Cybersecurity compliance: CompTIA Trustmark
• Cybersecurity certification (USA): CISA
• Information security standard: ISO 27001
• Cybersecurity awareness platform: Curricula 

You Might Also be Interested in

• Podcast interview with Dray Agha: How to Become the Go-To Threat Operations Expert for MSPs
• East Midlands Tech Tribe Meet-up: Local Networking for MSPs
• Webinar: Chilling Cybersecurity Horror Stories From the Professionals at Huntress

You might like: