There have been so many major security incidents in the past year that it’s no wonder the incident response market has picked up.

Of the 5,000 data breaches that occurred in the Verizon Data Breach Investigation Report (DBIR), phishing was the most common security breach attack (more than 30% of incidents). Attacks on web applications (25%) and system intrusions (20%) followed next.

The sheer number of attacks is apparently a major driver of the growing interest in incident response (IR) tools and services. But the severity of these attacks was even more remarkable. The one with the greatest impact on the Canal was that Kaseya attack, which combines two of the more dangerous attack vectors and techniques, the software supply chain and ransomware.

“The incident response market is being driven by the increased frequency and complexity of cyberattacks, the financial implications of a successful breach, and the regulatory requirements of various governments and industries,” said Mike Hanauer, vice president of Managed XDR Sales at Barracuda. “These, coupled with the rapid digital transformation caused by the pandemic, significantly increase the digital footprint of companies and expand their attack surfaces and risks for cyber attacks.”

All of these factors have caused IR’s roughly $ 30 billion to grow at a steep 20% annual rate, according to estimates.

Ransomware powers the IR market

Not all incidents have the same impact. The DBIR found that 61% of the incidents involved credentials and 13% contained ransomware. About 10% of reported ransomware attacks cost organizations, on average, about $ 1 million each (including cash, remediation, and lost revenue). More than any other factor, it is the looming threat of ransomware that has led companies to add or expand on existing IR tools and services.

Maureen Perrelli, chief channel officer at Secureworks, said ransomware is currently the market’s biggest driver of incident response, along with attempts by the cyber insurance industry to better prepare for a ransomware breach.

“Incident response IR skills are needed on a large scale and increasingly focused on being proactive,” said Perrelli.

Also read: Best backup solutions for MSPs to protect against ransomware

Lack of security guards

Another important factor in responding to incidents is the persistent staff shortage. Layoffs at the beginning of the pandemic have lost many security guards to the IT world. Now the Great Resignation is making the problem worse. Since the ransomware scourge has not been around for too long, the number of people trained to detect and fix it is relatively small.

Those with large pockets can afford to hire these experts. But they too have to be on their guard, because headhunters want to lure them away for even higher salaries.

“There is a shortage of security professionals worldwide, and those with deeper expertise in incident response and threat hunting are even more difficult to employ and retain,” said Perrelli.

Hanauer agrees. He noted that small and medium-sized enterprises (SMEs) would have to suffer even more when large companies felt the staffing pressure.

“IT teams just don’t have the time to manage incident response and make sure their network is always up and running,” he said. “This is especially true for SMBs who may not even have a security department or a well-staffed IT department. Because hackers use multiple attack vectors, integration is even more important for effective incident response. “

Also read: Best endpoint security and EDR tools for MSPs

Even SOCs want help

Because staffing is such a problem, Perrelli has observed that even companies with a more sophisticated Security Operations Center (SOC) are looking to partner with experts for their IR and threat hunting services.

“This is an opportunity for MSPs to help companies respond to this skill gap,” said Perrelli. “MSPs are unlikely to be successful in IR if they try to go alone and build their skills from the ground up.”

But it is the SMEs that represent the largest potential market.

“The question is no longer whether, but when an SME suffers a security breach and what its remediation plan should look like in the event of an attack,” said Hanauer. “There is no emergency infrastructure that companies can call when they have been compromised. In the absence of a police response or dealing with the exorbitant costs of an enterprise-centric vendor, MSPs had to step in and meet SMBs’ need for a dedicated security team to not only protect them and take precautionary measures to avoid cybersecurity, but to respond to incidents Respond to incidents that occur most effectively to reduce the financial impact of the attack on your business. “

Chris Cline, product manager at security awareness provider KnowBe4, said companies are increasingly realizing that the phishing problem will not be solved. There are many endpoint protection services out there, and most organizations have one in place. However, they all let some amount of unwanted data through. Regardless of their presence, the total number of incidents continues to increase. He recommended that companies find a repeatable way to respond in a timely and precise manner.

“Once you’ve managed to make your answers repeatable and accurate, your next step is to learn from your answers,” Klein said.

Good questions to ask yourself are: What is the nature of the land? Are you getting more incidents? Are there any similarities? Are there ways to switch from reactive to proactive responses?

Also read: How to start a Managed Detection & Response (MDR) business

MSPs should start small and work together

The range of potential services covered by the IR umbrella is too wide for an MSP to attempt to offer everything. Klein suggested that MSPs should select a specific area of ​​incident response. Get to know that and then let it grow.

“If you choose a focus area, you can secure a market area and learn how to deal with a growing workforce,” said Klein. “Then you can use this number of employees to learn new areas.”

Note that there are already many established players in the IR space with decades of human experience, automation, tools, and threat intelligence. MSPs are therefore advised to go the safe route. Instead of trying to develop your own tools, it’s faster, easier, and less expensive to consider options for licensing an IR platform like Secureworks, Barracuda, or others to prevent, detect, and respond to threats early on.

Huge market

Incident response is becoming a necessary value-added service for MSPs and is expected to grow to over $ 33 billion by 2023, Hanauer said.

“Adopting an incident response service early on will give MSPs a competitive advantage and accelerate their learning curve as cyberattacks become more sophisticated,” he said.

In contrast to many other market areas, the demand for MSP-IR services is more likely to be driven by difficulties. Those in the middle of an incident struggling with a ransomware demand or other malware issue will most likely be calling.

“Companies call MSPs with the ability to react to incidents when they are in a crisis,” said Hanauer. “By helping customers identify and address their security vulnerabilities, one of the biggest challenges they face is more beneficial than any marketing campaign.”

MSPs need to be ready

The demand for incident response services is therefore likely to be high and sudden. The first point of contact in any organization is usually an existing service provider. If they have a good relationship with their current MSP for backup, disaster recovery, remote desktop, or other services, they will likely get in touch and ask if you can provide security and IR services as well.

“MSPs are asked to intervene in the event of cyber problems, regardless of whether they are equipped for them or not,” said Hanauer.

The best approach is to be prepared. Find a trusted service provider who already has IR capabilities. In many cases, they allow you to rename the service as your own and also provide tier 2 support for issues beyond local possibilities.

Continue reading: Top 12 Managed Security Service Providers (MSSPs) as of 2021

Source link
#Incident #Response #Services #Great #Opportunity #MSPs #MSSPs #Channel #insider

Leave a Reply