Full Report
Cybersecurity Awareness Month (CAM): Learn how partnering with an MSSP helps organizations meet the foundational security goals recommended by CISA. Managed Security Service Providers (MSSPs): Discover how an MSSP manages technical security burdens like vulnerability management, strong access controls, and MDR to achieve a "Culture of Cybersecurity." CISA's "Four Essentials": See how our solutions, including Managed Detection and Response (MDR), align with CISA's cybersecurity suggestions for resilience and incident response. Cybersecurity Awareness Month (CAM) 2025 is well underway, and while the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCSA) are pushing basic cyber hygiene tasks, there is another level organizations need to consider to remain secure and resilient. Certainly, patching, strong passwords, and email security training are important, but is the organization capable of teaching these lessons or ensuring security is up to date? This is where partnering with a Managed Security Service Provider (MSSP) can help an organization attain the goals set by CISA and NCSA. So, let’s take a dive into how Trustwave, a LevelBlue Company, and its MSSP solutions can help implement best cybersecurity practices and establish the "Culture of Cybersecurity" that CISA says is needed as part of its CAM security suggestions. Mapping CISA’s Director to What an MSSP Delivers As the world’s largest pure-play MSSP, we can keep an organization secure by acting as an extension of your security team to manage the technical burden, allowing the organization to focus on the human-centric goals of awareness month. Here is the role an MSSP can play, based on the information provided by CISA: 1. Enabling Cybersecurity Awareness Training and Culture: Implementation Partner: CISA stresses the need to "Teach Employees to Avoid Phishing" and make security training a regular part of staff onboarding and ongoing development." An MSSP can directly provide or manage phishing simulation services and deliver the required "engaging cybersecurity training activities" to create the necessary culture of cybersecurity. Validation: The MSSP's security reporting and management services help "Evaluate the effectiveness of security trainings" by tracking security incidents and improving detection rates. 2. Managing the Technical "Four Essentials" and "Level Up Your Defenses.” An MSSP manages and monitors the critical security controls CISA recommends, ensuring they are implemented correctly, which is the foundation that awareness efforts build upon. This includes: Identity and Access Management: Enforcing the requirements for Strong Passwords and managing Multifactor Authentication (MFA) across all business systems. Vulnerability Management: Ensuring systems are protected by promptly installing security updates and patches (CISA's Update Business Software recommendation). Monitoring and Response: Implementing and monitoring logging on business Systems to detect signs of malicious activity and handling the processes required to report cyber incident information to CISA when necessary. Trustwave’s SpiderLabs team has decades of experience with helping implement Strong Access Controls: Trustwave's identity and access management solutions help healthcare organizations implement stringent access controls, such as Single Sign-On and Multifactor Authentication, ensuring that only authorized personnel can access patient data. Trustwave’s managed vulnerability scanning service provides a programmatic approach to vulnerability management. It focuses on consistently identifying and addressing vulnerabilities across your organization's databases, networks, and applications. MVS takes the heavy lifting out of vulnerability scanning by managing all aspects of the process to help you achieve your security goals. Trustwave’s Managed Detection and Response (MDR) and Co-Managed SOC (SIEM) conduct monitoring and logging through a systematic process involving collection, normalization, analysis, and includes an expert review process. 3. Building Resilience with Incident Response and Recovery: The MSSP helps the organization create an incident response plan and, through its services, provides the tools to maintain Focus on continuity. This includes managing the technical solutions for Back Up Business Data and verifying that critical systems can stay operational during an incident, which is a key component of being cyber-ready. Trustwave’s Digital Forensics and Incident Response (DFIR) services and its elite SpiderLabs team of security experts deliver on building resilience with incident response and recovery by offering both proactive readiness and rapid reactive response. Incident Response Plan Development: They assist in creating or reviewing a formal Computer Security Incident Response Plan (CSIRP) that details roles, responsibilities, and procedures for responding to cyber incidents. Breach Preparedness and Training: This often involves conducting tabletop exercises and simulated exercises to test the organization's response plan and train staff to recognize indicators of compromise and respond effectively, ensuring the organization maintains a Focus on continuity. Capability Assessments: They assess your current detection and readiness capabilities, identifying gaps in your existing incident response procedures and security posture. Please keep an eye out for the Trustwave blog for additional 2025 CAM blogs!
Analysis Summary
# Best Practices: Achieving Foundational Cybersecurity Goals via Technical Management and Culture
## Overview
These guidelines focus on implementing foundational security controls recommended by CISA, moving beyond basic cyber hygiene to establish a resilient security posture and a strong "Culture of Cybersecurity." The strategy emphasizes leveraging managed services (MSSP/MDR) to handle complex technical burdens so internal teams can focus on human-centric security goals.
## Key Recommendations
### Immediate Actions (Foundation & Awareness)
1. **Implement Phishing Simulation/Training:** Immediately begin providing or managing regular, engaging cybersecurity training activities, focusing explicitly on teaching employees how to avoid phishing attempts, as stressed by CISA.
2. **Enforce Strong Access Controls:** Immediately enforce strong password policies and mandate the enrollment and usage of Multifactor Authentication (MFA) across all critical business systems.
3. **Initiate Vulnerability Scanning Program:** Begin a programmatic approach to vulnerability management by deploying managed vulnerability scanning across networks, databases, and applications to identify high-priority weaknesses.
### Short-term Improvements (1-3 months)
1. **Establish Logging and Monitoring:** Implement comprehensive logging across all critical business systems and establish systematic monitoring processes (e.g., SIEM/SOC setup) to actively detect signs of malicious activity.
2. **Develop/Review CSIRP:** Create or formally review the organization's Computer Security Incident Response Plan (CSIRP), clearly documenting roles, responsibilities, and procedures for handling cyber incidents.
3. **Conduct Initial Capability Assessment:** Assess current detection and incident response readiness capabilities to identify immediate gaps in procedures and security posture.
### Long-term Strategy (3+ months)
1. **Validate Training Effectiveness:** Systematically use security reporting and incident management data to evaluate the ongoing effectiveness of security trainings, tracking improvements in detection rates and reduction in successful security incidents.
2. **Implement Business Continuity Measures:** Establish and test technical solutions for backing up critical business data, ensuring processes are in place to verify the operational continuity of essential systems during an incident.
3. **Conduct Incident Response Drills:** Regularly conduct breach preparedness activities, including tabletop exercises and simulated incidents, to train staff on recognizing indicators of compromise and responding effectively, thus embedding a focus on continuity.
## Implementation Guidance
### For Small Organizations
- **Focus on Outsourcing Technical Burden:** Prioritize partnering with an MSSP/MDR provider immediately to handle the heavy lifting of Vulnerability Management and 24/7 Monitoring/Response, as internal resources are often insufficient.
- **Prioritize Critical Access:** Focus initial IAM efforts on securing privileged accounts and external-facing services with mandatory MFA (e.g., email, VPN, cloud services).
### For Medium Organizations
- **Integrate Training Validation:** Use MSSP reporting alongside awareness training to create measurable metrics for continuous improvement in employee security behavior.
- **Formalize Incident Response:** Use MSSP expertise (DFIR/Consulting) to build a formal CSIRP, moving beyond ad-hoc responses.
### For Large Enterprises
- **Adopt Programmatic Vulnerability Management:** Utilize managed vulnerability scanning services for consistent, organization-wide remediation tracking across complex environments (networks, applications, databases).
- **Strengthen Identity Federation:** Leverage advanced IAM solutions like Single Sign-On (SSO) integrated with MFA for stringent, centralized access control, especially for access to sensitive data (e.g., patient data in healthcare).
## Configuration Examples
The implementation guidance heavily suggests reliance on service deployment rather than specific local configurations. Key technical areas requiring configuration/management include:
* **Identity and Access Management:** Configuring and enforcing SSO and MFA across all applicable business systems.
* **Logging Infrastructure:** Configuring endpoints, network devices, and systems to output relevant security logs to a central collection/normalization platform (SIEM/SOC).
* **Backup Verification:** Implementing automated checks to confirm the integrity and recoverability of business data backups.
## Compliance Alignment
- **CISA's "Four Essentials"**: Directly aligns with CISA's recommendations for foundational cyber defense.
- **Incident Reporting**: Aligning system monitoring and response processes to handle necessary reporting requirements to government agencies like CISA when incidents occur.
## Common Pitfalls to Avoid
- **Treating Training as One-and-Done:** Failing to make security training a regular, ongoing part of employee development.
- **Neglecting Technical Foundations:** Assuming effective employee training compensates for weak technical controls (e.g., unpatched systems, lack of MFA).
- **Having a Paper CSIRP:** Writing an Incident Response Plan without regularly testing it via exercises (tabletop or simulated).
## Resources
- CISA Cybersecurity Awareness (Primary framework source).
- NCSA (National Cybersecurity Alliance) guidelines for awareness efforts.
- Managed Detection and Response (MDR) services for continuous monitoring.
- Digital Forensics and Incident Response (DFIR) services for proactive readiness and reactive response development.