Account compromise: the bane of MSPs’ existence. And the threat isn’t going away any time soon.
Phishing and stolen or compromised credentials were two of the most prevalent attack vectors leading to account compromise, according to IBM’s 2023 “Cost of a Data Breach” report. These were also among the top four costliest incident types.
Unfortunately, the news gets even worse. (“Worse than that?” you wonder.)
Yep: An account compromise usually flies under the radar for more than six months. According to the IBM report, it takes an average of 204 days to detect a cybersecurity breach.
In 204 days, you could train for a marathon (or two), write a book or learn a pretty good chunk of a new language.
And a hacker? Well, they can steal massive amounts of data (or money) in that time span.
Shortening that timeline is an incredibly important piece of an MSP’s job — because the future of your clients’ organizations depends on it.
Pretty much anything. Hackers could jump into the account of your customer’s Head of Finance — then send fake invoices and trick the organization into paying the bill.
Bad actors could steal intellectual property or other sensitive files.
If a hacker has infiltrated a Head of HR’s account, they could take employees’ personal information, like Social Security numbers or addresses.
They could delete important documents and generally make a mess of any internal filing system.
The list could go on: Hackers are creative. Your job is to keep them at bay.
Just like with medical maladies:
The faster you realize something is wrong, the faster you can treat the problem.
Think about what early detection could mean for your clients:
For every emergency, we have some kind of alert system:
… and so on.
What MSPs need is their own kind of tornado siren (hackers cause as much damage as a tornado — just virtually).
To better protect your clients, their data and their finances, you need an early warning system.
At SaaS Alerts, we provide the tools to not only detect account compromises early — but also to define what an account compromise actually looks like for that organization.
For example, maybe one of your customers has a flexible work-from-home policy where end users log in from all over the world. You can still keep an eye on those logins. But you know a foreign login isn’t always an immediate sign of mischief.
Related: How MSPs Use IP Geolocation to Protect Clients
However, maybe another customer is a hospital — where all end users are logging in on-site. Naturally, a foreign login from an end user in that environment will set off a louder alarm.
Being able to customize your alerts based on customer needs, geography and industry can be a critical strategy for early detection.
SaaS Alerts offers monitoring tools to flag suspicious activity — then sets off a notification process that both empowers quick action and helps prevent false positives. If you get a high-priority alert, you know it’s time for action. The others can wait.
The key to avoiding alert fatigue? Categorization.
SaaS Alerts’ notifications fall into three buckets:
MSPs can proactively set up their own “indicators of compromise” for what an account compromise looks like.
Then, through SaaS Alerts’ Respond module, you can set up automated remediation actions to eliminate the hacker’s access before a loss can occur.
Read more about how this automatic remediation helped one of our partners shut down threats without lifting a finger.
For example, if an end-user account:
… and then the fourth attempt is successful — well, that’s probably bad news.
But SaaS Alerts can lock down the account immediately, based on these triggers alone.
(And yes, that remediation still happens outside of working hours. You and your team can carry on with happy hours or sleeping schedules.)
“SaaS Alerts makes everything easier for MSPs because it’s designed for MSPs. It helps us cover our SaaS by keeping us on top of our clients’ security issues — so we can respond quickly at the times they need us most.”
Dylan Hall, Founder and Managing Director at Geeks on Wheels