Building a Multi-Layered Defence Strategy: Insights from Industry Experts

In today’s cyber security landscape, a single layer of protection isn’t enough. To safeguard against increasingly sophisticated threats, Managed Service Providers (MSPs) need a multi-layered defence solution that covers all aspects of their customers’ security needs. This concept was the focus of a recent panel discussion at our MSP Cloud Live event, where experts Markus Bauer (Acronis), Mark Deakin (SkyKick) and Nihil Morjaria (usecure) gathered to share their insights on how MSPs can implement a robust, multi-faceted security strategy.

We framed the discussion around the NIST Cyber Security Framework, a set of best-practice guidelines to help organisations manage and mitigate cyber security risks. The NIST framework is structured around five key functions: Identify, Protect, Detect, Respond, and Recover. To make these principles relatable, we used an analogy of parking your car, illustrating each function with scenarios you might encounter.

The Car Analogy: A Framework for Cyber Security

Identify: Have you parked your car in a secure location? Have you identified the potential threats in this location?
Protect: Is your car locked and secured? Have you taken steps to prevent unauthorised access?
Detect: If a break-in occurs, can you detect it quickly? Does your car have an alarm system?
Respond: How do you respond once you’ve been alerted? Do you have a plan in place to take action?
Recover: Does your insurance cover damages, and can you recover the stolen items or the car itself?

1. Identify – Knowing What You’re Protecting

The first step in building a multi-layered defence is understanding what needs protection. For an MSP, this means having visibility over all equipment, software, and data within their clients’ environments. Mark Deakin from SkyKick emphasised that understanding what environment you are in, any industry standards that you need to be aware of and any extra levels of security that you need to apply is very important to keep your customers protected. He went on to say that unlike the analogy of parking your car, you will have hundreds of customers to manage and protect and you need to find a scalable way to do so. 

Nihil Morjaria from usecure added the industry rightly focuses on infrastructure which is vital and should not be detracted from. However, in some cases, there is an unintended consequence of creating a culture with the end user or the IT team where they feel a detachment of responsibility. They see their MSP has put the infrastructure in place, then conclude that the work environment is completely secure – neglecting to stay vigilant or to take steps to identify risks themselves. We know attackers want the path of least resistance, which is why it’s so important we work to educate end-users and change their mindset, helping them to become a proactive part of your security stack rather than reactive or passive. 

2. Protect – Closing the Windows, Locking the Doors

Once you’ve identified potential threats, the next step is to secure the environment. Using the analogy, once you have parked your car, have you closed all the windows? Are the doors locked? And, in some cases, have you put a lock on the steering wheel?

A key part of protecting your environments comes down to habit. Nihil went on to explain that we close the car windows when we leave the car because it’s a habit – throughout our day to day lives we form many small habits making common tasks easy and repeatable. Some of those habits can be maladaptive and some can be productive, but when it comes to a cyber security awareness programme, you have to be honest about what will actually change behaviour.

We often fall into a trap of focusing on metrics such as how many courses someone has completed, how many hours of training they have logged, and so on. But, when you come back after six months, has their behaviour actually changed? So, when developing an awareness programme, it’s essential to focus on creating habits that stick. Keeping the training short, bitesize, relatable and easy to access lowers resistance and ensures it can be integrated seamlessly into daily routines, making new behaviours feel natural and repeatable..

Having considered the “human-risk” side of things, Mark Deakin shared his view on best practice for securing environments (the lock itself). A good starting point is to assess your customers’ current security postures, then work to bring all customers up to a similar baseline. Using the car analogy, this would be things like setting the alarm and putting all of your valuables out of site. Next, look at the industry in which the customer operates – consider what minimum industry standards (if any) they’re obliged to comply with, then create a plan that makes implementation as simple and scalable as possible.

3. Detect – Spotting a Break-In

Even with strong protections in place, threats can still find their way through. This is where detection becomes crucial. Markus Bauer stressed the importance of a solid detection strategies, picking up on the “obvious” attacks. Going back to the analogy, this could be someone attempting to force the lock or break a window to get inside – attacks that are relatively unsophisticated and easily detectable.

However, what if we look at more sophisticated attacks such as cloning a key. How else can we pick up that this is a malicious attack when as far as the “car” is aware, it’s your key that has unlocked the doors. This is when we start to rely on new technologies such as AI, machine learning and machine engines. This enables us to learn people’s behaviours with certain tools to recognise patterns in user activity and, when that activity appears suspicious or out of the ordinary, this can be flagged for further investigation.

Markus emphasised that while alarms/alerts are useful tools, it is essential to quickly distinguish real threats from false positives. Car alarms have become such a regular occurrence that they’re often ignored altogether, but we as an industry cannot fall into this trap with customers’ infrastructure.

Nihil also highlighted the importance of enabling users to spot signs of a breach, such as phishing attempts or unusual activity within their systems. User training is just as important as technological solutions when it comes to detection, and this requires an understanding of the specifics in certain job roles. He gave the example of a finance team that’s trained to pick up on signs of unusual activity, such as a customer asking for a statement of accounts mid-month.

Looking further into enabling users and employees, Nihil emphasised the importance of processes that empower users to know exactly what steps to take if they notice an attack. Using the parked car analogy, he explained that if someone breaks into your car, you instinctively call 999. However, he noted that in the case of security breaches, a similar instinct to raise the alarm is often missing.

4. Respond – Take Action When the Alarm Rings

Once a breach is detected, the next step is to respond effectively. Having streamlined processes in place can make all the difference in mitigating the damage. Markus spoke about the importance of response plans and the need for MSPs to have a clear, well-rehearsed process for addressing incidents. This is essential for ensuring users and stakeholders remain calm and focused when deciding what to do next. This might involve investigation, notifying the client, containing the threat, and beginning the recovery process.

Mark discussed the importance of maintaining business continuity while managing security threats. A “slick” process ensures that operations can continue, and if this process is clear and accessible, it doesn’t necessarily require an expert to be present to initiate the response process. For example, collating reports can minimise delays in remediation. This allows experts to review the information and make informed decisions promptly.

5. Recover – Getting Back on Track

Recovery is the final phase of the process after responding to a breach, where backup solutions and insurance come into play. Markus emphasised that a robust recovery strategy is essential for minimising the impact of a breach, and for ensuring businesses can quickly recover lost data or damaged systems. While backup is often considered the last line of defence, without proper infrastructure or backups monitoring, there’s a risk of recovering infected data. This is where having a Plan B, such as a disaster recovery solution, becomes crucial, enabling businesses to recover while maintaining continuity.

Lastly, we discussed the role that multi-layered defence can play in not only securing data but also reducing insurance premiums. By showcasing comprehensive security measures, MSPs can help clients demonstrate their risk management to insurers, potentially lowering their costs while also providing greater peace of mind.

Starting the Journey Toward a Multi-Layered Defence

As the discussion concluded, all panellists agreed that implementing a multi-layered defence strategy is essential for MSPs looking to protect their customers in today’s threat landscape. The journey begins with identifying potential risks, but it doesn’t end there. MSPs need to build comprehensive solutions that span every layer of protection, from prevention and detection to response and recovery.

One key takeaway shared by all panellists was the importance of starting small and building a layered approach over time. For MSPs beginning this journey, the focus should be on taking steps to assess the customers’ current security postures and start implementing improvements where possible.

Conclusion: Partnering for a Safer Future

In today’s digital age, cyber security is no longer optional, it’s essential. MSPs must offer their clients a comprehensive, multi-layered defence strategy. Many organisations may lack the resources to build their own in-house cyber security team, but they don’t have to face the challenge alone. By partnering with experts and leveraging solutions from providers like SkyKick, usecure, and Acronis, MSPs can build robust security solutions tailored to their clients’ needs.

The experts at the event stressed the importance of collaboration with cyber security specialists to build defence plans that provide multi-layered protection based on client requirements and budgets. Whether you’re looking to improve end-user awareness, strengthen security infrastructure, or streamline your incident response, MSPs have access to the resources and solutions needed to succeed.