How to Choose MSSP?

When you decide to find a Managed Security Services Provider (MSSP) which will meet your technological needs and business requirements, the most important thing is to develop a list of criteria to make a proper selection. MSSPs come to stay with you for a long period of time so you should better minimize the number of known unknowns to avoid risks and build successful partnership.

To find a good fit among various MSSPs pay attention to the following:


Customer references will always be the ultimate measure for B2B solutions and services providers. The easiest way is to check whether online reviews of the company in question are available for you. Go to Clutch, GoodFirms, etc or at least use Google and you will definitely find enough pro (or contra) information.

Such references can give you rather realistic idea of how relations with MSSP will develop. In addition, there is always a chance to find some secondary technical or business details which might prove to be valuable exactly for you.

The more sources offer references about your potential partner the better it is for you.

Internal Security

As we all know by now, even cybersecurity companies have no guarantee against cyber attacks. Attacking cybersecurity vendor or service provider may open backdoors to IT assets of dozens and hundreds of their customers. So, a mandatory requirement to every cybersecurity company, including but not limited to MSSPs, is that they have an extremely reliable internal cybersecurity program.

Just get clear and concise answers from MSSP to such questions as where your data will be stored, what kind of encryption is used and what backup and restore policy/solutions are used by MSSP itself and for its customers. As you are going to have nearly the same level of security for your data with this provider.

When MSSP has respective certification, such as ISO 27001, is a very good sign. However, as a rule, they are not mandatory for MSSPs and quite expensive to get. For these reasons they are usually obtained by large MSSPs, but not mid-sized or small. With smaller MSSPs you should first check personal certificates of employees.


Once again, MSSPs can have or can have no certifications from ISO or vendors. If they have, that's great, but do not forget to check their authenticity at websites of issuing bodies. Just to make sure :).

This is a rare occasion that some unscrupulous group of people calling themselves MSSP will forge such certificates. Still, there is sense in going to vendors' sites and checking existence of the partnership status in question.

As far as vendor partnership suggest partner agreements with certain obligations as to selling, MSSP will not necessarily have such statuses. Their managed security provision platforms for surely will be based on solutions and products by some vendors. But MSSP can very well just use them, not sell, as partnership suggests. How will you check credibility of MSSP in such a case? Again, go for personal certificates. All-in-all, it is the MSSP team that guarantees your security, and not simply a set of cybersecurity solutions.


MSSP will have its cybersecurity services platform based on carefully selected and integrated solutions. In most cases the customers will also have their cybersecurity solutions. Sometimes, MSSP might accept your solutions and integrate them into managed security services delivery process. This might simplify transition to partnership for you and increase ROI of your cybersecurity program.

In most cases it will be a preferred scenario for you as a customer, yet MSSP might decline your existing cybersecurity infrastructure because it is outdated compared to its platform, or its platform is perfectly sufficient for selected package of services and MSSP doesn't want additional efforts (and expenses for both of you). Sometimes, MSSP will suggest an alternative to cybersecurity solutions currently used by you. Anyway, if you already have implemented cybersecurity infrastructure, discuss its destiny with your potential managed security provider.


When signing agreement with MSSP it must define, in addition to different SLA aspects, such thing as frequency of communications under normal conditions, when no attack is in progress or no incidents require immediate attention.

Always ask for clearly defined schedule of communications with MSSP. Those can be quarterly, monthly or weekly reports of number of vulnerabilities discovered and removed, incidents handled and so on, weekly video conferences with fixed duration, just to make sure that joint cybersecurity process goes on the way it has to.

Make sure that emergency communications are clearly defined as well, as this is what you are partnering with MSSP for. Readiness of MSSP to meet your expectations in this area will be a clear sign of smooth communications after the contract is signed.

How MSSP Will Close Gaps in Cybersecurity of Your Business?

Security gaps in any business or organization are most commonly caused by:

  1. Absent or insufficient cybersecurity personnel, thus unable to react or react timely on cybersecurity incidents and not available 24x7.
  2. Absent or insufficient cybersecurity solutions protecting your IT assets, leaving vulnerabilities not removed, threats not mitigates and incidents not even detected before it's too late.
  3. Absent or insufficient processes to maintain cybersecurity at a proper level (awareness trainings etc).

All of these issues are addressed by partnership with MSSP:

  1. MSSPs will complement or fully replace the in-house cybersecurity team and in most cases, especially for SMB, the MSSP's personnel will be better trained for mitigating cybersecurity threats in real-time mode. One more important thing it that MSSP can provide SOC services in 24x7x365 mode and they will be much more affordable than in-house team working in such mode.
  2. Collection of cybersecurity tools and solutions is in no way a guarantee for reliable protection. Those tools and solutions have to be properly set up, operated, maintained and, which is critically important, integrated. Data exchange and correlation have to be efficiently done. This is something not always found even in large corporations, to say nothing of SMBs. MSSPs, on the contrary, have their managed security platforms designed, implemented and operated in very high quality and up-to-date manner in most cases, which makes them efficient and adequate to modern cybercrime treats. And this cybersecurity infrastructure with guaranteed efficiency can be made available to customer at very reasonable cost. What's important, the customers will not have to take care of or bear the costs of keeping this cybersecurity platform up-to-date.
  3. It's important to understand that whether you have or have no partnership with MSSP, your personnel has to have proper training in cybersecurity for their usual operational and business activities. Phishing, malwares, ransomware, social engineering etc. But if something goes wrong and some employee makes a mistake or just gets mislead by some cunning attack, MSSP will greatly increase chances that no damage will be caused or it will be minimized to a tolerable level.


Cybersecurity Market in 2021

Cybersecurity remains one of the critically important priorities all around the world, especially in view of the fact that there appear more and more threats, emerge new vulnerabilities and frequency of attacks is very unlikely to subside. Based on it, Canalys analysts forecast further growth of investments into cybersecurity. Below are some considerations by Canalys™ experts.

It is estimated that global cybersecurity spending will grow by 10% in 2021 to surpass $60 billion. According to Canalys this market reached the size of $54 billion in 2020. This amount includes expenses on endpoint security solutions, web and email security, data security, vulnerability analysis as well as identification and access management solutions.

Experts note, that even in the worst case scenario global expenses on cybersecurity will grow by 6,6% in 2021 to reach $57,7. This forecast takes into account the significant and long-lasting economic effect of numerous pandemic limitations as well as proliferation of new virus strains. Canalys analysis shows that despite pandemic, cyber security budgets remain mostly unchanged or even grow. On the other hand, SMB expenses suffered limitations and personnel reduction had an impact on some cyber security contracts, especially in HoReCa, retail and transport. Logistic issues had negative impact on cybersecurity hardware supplies in early 2020 but later the situation normalized. Despite growing cybersecurity expenses the number of incidents including personal data leaks and compromise, as well as ransomware attacks reached a record level in 2020.

According to Canalys, more than 12 records personal data entries were leaked in 2020 while the number of ransomware attacks grew by 60% Among main reasons for growing number of cybersecurity incidents there are errors in cloud data bases settings and phishing campaigns launched against remote employees lacking sufficient cybersecurity protection and training. As far as remote work and education go on and digitalization is developing, analysts expect negative trends in cybersecurity to persist in 2021.


Christmas Fraud or How to Defend Your Money and Business During Sales Time and After

Black Friday is behind with all new online sales and cybercrime records (thanks to COVID-19). The Christmas time has come and new sales seasons are to come so there is no good time to forget about cybersecurity risks of every holiday season. Below are some recommendations from Trilight experts.

If you are a buyer, think twice before trusting e-mails and websites during your deals. While millions of buyers go to online shops for pleasant emotions hackers search for confidential personal and financial data.

A popular fraud scheme is based on phishing letters are messages faking well known online brands and online sellers. Take some simple proactive steps to avoid a catch like this:

1. Before trusting the email which you seem to have received from your favourite retail brands or online platforms, make sure you've read its contents attentively. Unusual grammatical or spelling mistakes make a first hint. A good example here are numerous phishing sites gone online during recent Amazon sales on Prime Day. Study sender's email to find more proofs to your suspicions.

2. Do not succumb to temptation of downloading special holiday seasonal subscription or promo codes from suspicious letter. And, of course, never follow the links from such messages. Fraud phishing messages might contain malware or links to wrong URL-addresses which will download to your device zero day malwares or extortion software putting financial and private data at serious risk.

3. If you are not sure about specific messages, try to correlate link in email address with the target link address by pointing to it. If they lead to different addresses, you may inform your Internet access or security service provider of this email to put an end to spreading potential vulnerability among online buyers.

4. And last but not least. Be careful entering URL-addresses manually. One error and you get to erroneous domain with misprint (similar, yet fake URL-address is often a phishing site). To avoid such risks, think about password manager. They are not only a good line of defense from weak passwords, but they also will not be fooled by malicious URL-addresses often overlooked by human eye prone to errors.For sellers: keep your security systems active, duly protected and compatible with PCI DSS.

As we mentioned above not only buyers can become victims of cybercrimes. Below are the action points for sellers to increase their cybercrime resilience.

1. Start with the security training to introduce latest phishing attacks to your team, including data types hunted for by cybercriminals, as well as cunning fraud emails. Give your team a simple way to inform your cybersecurity personnel of such suspicious emails or similar activities.

2. If you plan to keep your physical shops running, make sure all operating systems used at your points of sale have latest security updates. Consider additional security measures such as effective defense against malwares, NGFW, server protection and encryption to protect critically important systems of your retail network. Network segmentation will also help create limited and isolated zones managed with more refined access control.

3. If your retail business uses cloud applications and you have an extended multisite network of branches, franchise and delivery partners then zero trust philosophy becomes critically important. Basic principle is to trust nothing and check everything. It will help establish reliable access to distributed retail network with higher privacy of card holders.

4. Go through mandatory audit to make sure your existing cybersecurity system meets PCI DSS recommendations.

If your retail business does not have sufficient internal experience with cybersecurity or your IT team is not big enough then it is a good reason to engage a cybersecurity partner which will establish continuous monitoring and protection of your retail network, online system etc. from suspicious activities.

Cybersecurity Illusions or Why MSSP Matters

Today all know that building an unbreakable shield is next to impossible. Surprisingly, quite a lot of IT professionals believe that enterprise IT perimeter will stop any attacks. On the one hand, it’s partially true that you can make penetrating perimeter very difficult and expensive, on the other hand, nobody can guarantee that some perimeter is truly unbreakable.

When IT manager realizes that however strong the perimeter might be it can not guarantee absolute security the next step will be understanding that one now needs invest attention and financial resources into IT infrastructure. It is necessary to create the ability to monitor it, find traces of attackers’ actions and take countermeasures to prevent achievement of attack objectives (theft or destruction of information, financial frauds, extortions, etc.).

Let us stress the importance of it once again:

First and foremost, it is always a very good idea to have information about what is happening in IT infrastructure and not only for security reasons.

Second, no attack develops with lightning speed. Attackers need time to recognise hosts and resources, get understanding of internal infrastructure, access data and execute harmful action. See attack stages as explained by MITRE ATT&CK which is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

The bottom line is that we need to track attackers’ activity and catch them ASAP, before they really get access to data.

According to analytics, time between initial compromise and getting access to data ranges between couple of hours or a day. So we need fast and effective search of suspicious or uncommon actions to find tracks of attackers and localise the attack.

Sure, searching and tracking require certain level of expertise and competence of cybersecurity experts. But it is the only way to increase security to level where attempt to attack your infrastructure will become unprofitable for hacker team.  This is a reason behind dramatic growth of interest to SIEM systems, building on-site cybersecurity teams or switching to services of external teams, or MSSPs.

To achieve necessary level of security one needs to get logs and events from infrastructure to track the inside activities. We rely our experience to create minimal set of such sources to get sufficient enough overview of events and have ability to catch suspicious or uncommon actions:

  • System logs from servers and workstation logs;
  • Specific database logs;
  • Events from antimalware software, antivirus/endpoint protection system/endpoint detection & response;
  • Next Generation Firewall/ IPS/IDS logs & events
  • Router/gateway logs;

Besides, a very effective tool will be Deception or Honeypot systems, which simulate defenceless resources which will be very attractive for hackers, like Domain Server, Data Base, etc. Any attempt to attack or interact with this ghost will be logged and analysed because real user will not access such Honeypot. They just don’t know about such fake resources setup like traps.

Cybersecurity team or MSSP will process total amount of logs and events from all systems, correlate this information, analyse and discover security events (incidents) to investigate, localize and stop harmful activities.

Casualties and Damages of Global Cybersecurity War or Some Examples of Astronomical Values

There is quite a lot of statistics giving not just alarming but truly intimidating figures from global cybersecurity battlefield. For too many businesses it is not about winning, it’s about survival. See the figures and make your conclusions:

1. New hacker attack happens every 39 seconds

According to a Clark School study held at the University of Maryland there occur hacker attacks of computers with Internet access every 39 seconds on average. This alone should be a sufficient reason for making secure logins and passwords to be taken seriously.

2. Small businesses became target of nearly every second attack

According to study by Symantec, 43% of all cyberattacks are launched against small businesses. Of those small businesses 64% have experienced web-based attacks, 62% underwent phishing & social engineering attacks and 51% experienced denial of service attacks.

To understand why this is a problem, learn the figure below:

3. 60% of those hacked small businesses go out of business within six months

Once again. According to study by Fundera, 60% of small businesses which were subjected to cybercrimes, go out of business due to attack consequences: customers’ data loss, financial data corruption, litigations etc. Kill ratio too high to be ignored, don’t you think so? Why it happens, you will understand from the stats below:

4. Global average cost of a data breach for SMB is 3.4 million

This figure by Varonis explains why successful cyberattacks against SMB are so lethal. 3.5 million is too much for vast majority of SMBs. Even if company copes with financial damages, every cyberattack is not just about financial losses, but about reputation as well. Still, that’s almost nothing compared to possible outcomes for publicly traded companies, which should beware infinitely more.

5. Global average cost of a data breach for public company is 100 million

According to a report by Audit Analytics, the average cost a data breach for a publicly-traded company will reach or even surpass 100 million. A hundred million euros. That’s near the total annual revenue which makes it reasonable for a business to go public. Once again: a hundred million euros of damages. Enjoy and indulge in memories of how you screwed your cybersecurity system.

5. Year 2020 brought about a 300% increase in reported cybercrimes

People sit at home, spend more money online and, most importantly heavily rely on remote collaboration and communication tools. Convenience for businesses which turned Bonanza for cybercriminals. 300% increase in cybercrimes since March 2020 reported by FBI might be a shocking indicator, but we will easily make it even more shocking. These are REPORTED cybercrimes. So, actual growth might very well have been even higher. Why so? It’s because:

6. On average 6 months pass before data breach is detected, even in major companies

Even such giants like Capital One or Facebook were subjected to successful cybersecurity breaches, which were discovered long after users’ passwords, credit card details and other sensitive data had been compromised. And this is despite the fact, that funds spent on cybersecurity globally have long ago reached astronomical values:

7. Near $900 billion will be spent globally on cybersecurity by 2021

According to recent Cybersecurity Ventures report, organizations and businesses globally make fundamental changes in their approach to cybersecurity and reprioritize budgets to align with new realities. And still the total cost of cybercrimes is expected to be times higher:

8. Global cost of cybersecurity crimes will surpass 5,25 trillion by 2021

According to the same above report by Cybersecurity Ventures, global business and economy will sustain near 5,5 trillion of damages in 2021 because of cybercrimes. Again, why these truly enormous expenses on cybersecurity do not stop these staggering cybersecurity losses? Why? That’s because:

9. 95% of cybersecurity breaches occur through human error

Criminals and hackers will infiltrate your company’s IT infrastructure or data through your weakest link which is your employees! (not an IT or security team, btw). Good on-board security team, or outsourced one (which is even better, says MSSP) will dramatically improve chances for successful cybersecurity protection. But if you have neither, at least you need a good Cyber Security Incident Response plan to minimize incident losses. Still…

10. 77% of organizations do NOT have a Cyber Security Incident Response plan

Really, why should you need it… You will never be hacked, because Americans never landed on the Moon and the Earth is flat and all hackers, if there are any, will fall over its edge, sooner or later. Still, if you do not want to wait for this cybercrime incident, order a Plan from us, as a bonus to an affordable package of managed security services.

New Security Realities of COVID-19 World

This year hackers got brand new opportunity to get richer based on Covid-19 hype. McAfee detects more and more criminal attempts to exploit current events. This is why organizations and business have to be on aware and understand what new attack methods are used by cybercriminals in Covid-19 world.

Phishing letters now became the best tool for cybercriminals. Amount of such a content has considerably grown over the past few months. Users get faked letters as if from World Health Organization about sales of masks and medications, coronavirus tests and other medical merchandise (subject of such a message would usually be the most relevant for the addressee from specific region).

Phishing letters either contain links to sites with malicious content or to the documents with exploits or malicious macros. The goal of these activities is to get malicious code to the workstation with the purpose of stealing user or payment data. Hackers also try to lure the victim to a faked web resource with such phishing letters.

Criminal web site would imitate appearance of the bank site or payment system where users are offered to enter personal data. Crypto extorter, cyphering the victim PC, deleting shadow file copies and demanding ransom is one more variant of malicious software. It is well known, that today most attacks are conducted not by humans but by autonomous software solutions, collecting information about victims from different sources and sending phishing letter automatically. Information needed for such attacks is often collected from social networks and other open sources, which demands practically no efforts from criminals. For instance, in user files metadata, which are often in open access, there can be found email addresses, IP-addresses, OS versions etc.

This is a very often occasion when hackers us previously stolen user databases to launch attacks. Criminals may deploy any new attack within just several hours, based on social engineering techniques and emotions of potential victims. The best defense from such attack is awareness and informing company employees of cybercriminal methods.

How to Create Safe Passwords

Creating good and reliable passwords is quite a difficult task for many. It becomes especially intimidating when you start considering unique password for each site you visit. Tens of unique passwords like OEjlkasdf34-absde@! will make anyone feel a bit perplexed and gloomy.

A typical response to this problem will be simple and insecure. A user will use one password for all services and resources, or will create several equally simple (to remember) and unreliable passwords. Or there will be some sticker with passwords brightly hidden beneath the keyboard.

Looks like there is a collision between strong passwords you can not remember and weak passwords you can remember but can not use if you want to avoid unauthorized access to your data. First let’s see what a strong (and weak) password is.

Strong vs Weak Password

A strong password will have sufficient length, use various upper and lower case letters with numbers and symbols. It will not contain dictionary words or ties to your personal information.

Passwords like MyPassword1 might look ok considering above advise but they are not. Word password and any other dictionary word is not a good idea for password.

Anna1989:& does contain upper and lower case, as well as numbers and symbols, but it seriously flawed. Name and year of birth can be easily discovered from open sources and they will be, in case a hacker needs your data.

C0ntekst* is a bit more secure, as it has letter o substituted for number 0, and there is a deliberate error in spelling. Yet, it’s too short unfortunately. It will not take too much time for code-breaking software to guess it.

What shall I do?

Luckily, there are several easy to use and efficient tricks you can use to create strong password which will not force you enroll for memory improvement trainings.

Phrases with Personally Valuable Information

Think of something you are unlikely to forget and build a password on its basis. The2o12’sTripT0Pariswas0key is not that difficult to remember but is truly difficult to crack.

Acronyms or shortcut codes

EksEksEksElIz0key4MaiFriend: XXXL is ok for my friend. Spelling errors, numbers instead of letters and words, easy to recall information. Good example, still you can easily make it even better. Just think about using:


Let’s take our example based on our friend’s anthropometry and add some emotion: EksEksEksElIz0key4MaiFriend:-). It’s always good to have a big friend. One of the benefits is when you are glad it makes your passwords even stronger and you will not forget in what way 🙂

Surely, there are many more efficient techniques to build strong passwords. But you don’t have to use them all to make your passwords strong and easy to remember. Just master those listed above and always remember: mix numbers and letters, upper and lower cases, add symbols, make errors and KEEP THEM LONG!