Elevating the MSSP from the Backroom to the Boardroom

Chris Griffith
July 9, 2020 | 6 min read | Cybersecurity Strategy

As the COVID pandemic rages on, the impact on global economies has been palpable. While some industries have benefited from this rapidly changing environment, the majority have been negatively impacted. As a result, enterprises are looking to cut costs and consolidate, focusing on improving efficiency while reducing risk. Approached strategically, this is a huge opportunity for MSSP partners to not only preserve their existing customer base, but to grow their business by becoming a more strategic partner to the enterprise. In doing so, you’ll elevate your MSSP business from the backroom to the board room.

Over the past several years, your customers (enterprise CISOs) have finally gotten a much desired audience with the board, but they have struggled to capitalize on this opportunity because they haven’t yet learned to speak the board’s language. While security teams are mired in vulnerability and patching metrics, the board really only wants the answers to three simple questions:

  1. Where are we on the cyber-risk spectrum?
  2. Where do we want to be?
  3. How will we get there?

The answer to these deceptively simple questions lies not in technical speeds and feeds, but in quantifying cyber risk to the business.

Many of the managed security services that you already provide play a critical role in breach risk reduction. Board level presentations to show risk reduction, a key job for CISOs, succeed when the CISO is able to answer the board’s questions in a language that they understand.

We’ve recently redesigned the Balbix platform to ensure ultimate flexibility and usability for CISOs that find themselves in this position. The opportunity for you, as an MSSP, is to leverage platforms like Balbix to automate the process of board reporting on cyber risk, fully customized to your customers’ businesses.

Below is a dashboard customized for “Griffith Industries,” meant as a CIO/CISO view of overall business risk. You can quickly see where risk lies by asset type, by division, location, and attack vector. This would be an example of the go-to daily view for cybersecurity leaders in your customers’ organizations to track risk trends across their organization, avoiding big surprises in the lead up to the quarterly board meeting.

Custom dashboard for overall business risk

Questions about asset inventory are bound to come up regularly in discussions with your customers. It is only once you understand an attack surface that you can adequately protect it. This next dashboard gives a clear picture of your asset inventory by device type and site, with drill down sunbursts that show the greatest areas of risk by asset group.

Custom dashboard for asset inventory

The next chart is a “Board Update” dashboard that I created for Griffith Industries. Here we have quantified breach risk trends – exactly the type of thing the board wants to see. You can see where breach risk is trending by division, along with the dollar value of that risk. You also see trending across the organization – where breach risk was, where it is today, and where the organization aspires to be in the future.

Custom dashboard for board update showing risk trends

These improvements are just the tip of the iceberg – Balbix can help your MSSP business, not just at the CISO/board level, but throughout your operational/SOC offerings as well. Balbix helps security teams drastically increase their efficiency by prioritizing vulnerabilities based on business risk. Balbix also provides visibility into all device types and 100+ attack vectors they may be vulnerable to. Instead of an overwhelming focus on hunting for indicators of compromise, you can spend more of your time proactively mitigating risk and preventing breaches.

Now is the perfect time for your MSSP business to be engaging with Balbix to ensure that your offering plays a central role in boardroom discussions on cybersecurity.

Like to learn more? Reach out and our team will be happy to give you a demo, and to discuss with you the value of partnering with us to grow your business.