There has never been more pressure on cybersecurity professionals to help businesses recover from ransomware and other cyber-attacks. We asked CompTIA ISAO members and cyber leaders to share their secrets for keeping their security teams happy and successful. Cybersecurity teams are under increasing pressure to help businesses and other organizations recover from hacks and ransomware attacks.
It’s not unusual for security professionals to work 24-hour shifts to complete ransomware attacks. Criminals don’t take vacations or holidays either, so your cyber staff may miss important events and precious time with loved ones. An MSSP executive complained earlier this year that incident response team members only last for 18 months before asking to be removed from the team or worse, leaving the company. This means that you will need to train and find more cyber staff in a market that is already in dire need of them. It’s a vicious cycle, but there are ways to keep customers, your staff, and your bottom line happy.
Two cybersecurity leaders and CompTIA ISAO members were asked to share their tips for keeping your security teams happy and successful. Here’s what they had a to say.
Ask for help when it’s needed
It can be quite unpredictable to spend a lot of time as a cybersecurity staff member, especially for incident response teams. It is impossible to predict when a prospect will reach out to you for assistance. You also don’t know how many resources or how long they will need. There could be a stretch of time with no cyber incidents. Then, you might get one or more. MSSPs and security companies should have access to trusted external resources in case of emergency. Find a partner or partners to share cybersecurity pros and help balance out the feasting and famine periods.
“Ransomware can be as simple as one engineer or as complex as 20. The unpredictable nature of work, stacking multiple cases at once, and other factors still require stretching all parties,” said Kevin McDonald (COO and CISO at Alvaka Networks) and member of CompTIA ISAO’s SME Champions Council. Ransomware is a serious threat to your ability to assign and coordinate staff. They must be available at all times, often for weeks. To help us hire more staff, we now use highly trusted and carefully vetted partners. McDonald’s said that this, along with a referral pool helps us to rarely say “no”
Find a trusted partner
It is one thing to ask for help, but it is quite another to find a trustworthy partner you can trust. It is crucial to fulfill this requirement in order to fill any gaps in your security coverage. Your customer still sees you as their primary protector, even though your partnership is invisible in the best cases. Eric Weast, president, ECW Network & IT Solutions in Deerfield Beach, Fla. and member of CompTIA ISAO’s Executive Advisory Council, said that you can find the right partner and you don’t have to worry about being everything to everyone.
“We know that we are not experts in incident response and PEN testing. Weast stated that they don’t want to be on that market.
ECW outsources this function to other companies, allowing the company and its cyber staff to focus on its core competencies. This model keeps employees happy and doesn’t stress about them failing customers for something they aren’t skilled in. “Understanding is different from doing, which people often don’t know how to separate. Weast stated that ultimately, we know we can’t do these things alone.
Weast pointed out a recent example that occurred following the March Microsoft Exchange Vulnerability. Huntress Labs, one of ECW’s tech partners was able to detect a web hook in a customer affected by the vulnerability and notified the solution provider around midnight.
Weast stated that “We have a mature 24-hour response capability so while I was sleeping, one of our engineers took it and immediately responded.” He called Huntress and Microsoft late at night. They helped us to resolve the immediate threat and restore our systems. There was a lot of compliance involved in this case. I called the customer the next morning to explain that although we believed our rapid triage had stopped the attack during the night we needed to run a detailed analysis and respond to the incident. We partnered with Dark Cubed, one of our valued partners, to do this over the next 24 to 48 hours.
Share your successes with your team
Although it would not be a pleasant surprise to hear that a web hook was detected, the client appreciated it.
