onShore Security

Because Security Gives Us Freedom.

onShore Security Named to MSSP Alert’s 2023 List of Top 250 MSSPs

By

onShore Security, a leading provider of enterprise-grade cybersecurity solutions nationwide, ranks among the Top 250 Managed Security Service Providers (MSSPs) for 2023, according to MSSP Alert, a CyberRisk Alliance resource. The company rose in the rankings to 146, compared to 192 in 2022.

“We are honored to continue to be included in the MSSP 250 list, and are pleased to have moved up in the ranking yet again this year,” said Stel Valavanis, CEO of onShore Security. “I believe our pure-play approach and our own Panoptic Cyberdefense platform are what make onShore Security stand out. No other company has network detection and response (NDR) integrated directly into their platform.”

The 7th annual list and report identifies and honors the top MSSP, managed detection and response (MDR), and managed security provider (MSP) companies. The rankings are based on MSSP Alert’s 2023 readership survey combined with the site’s editorial coverage of MSSP, MDR and MSP security providers. The research also highlights key MSSP business, security and market trends. The complete list and research report are available online at https://www.msspalert.com/top-250.

Key findings include:

  • MSSP Revenue Growth & Financial Performance: MSSP honorees, on average, expect to generate $56.3 million in revenue for 2023, more than double the number from our 2022 report.
  • Geography: Honorees are headquartered in 37 different countries.
  • Profits: 87% of MSSPs surveyed expect to be profitable for fiscal year 2023.
  • Security Operations Centers: 67% have in-house SOCs, 23% are hybrid, 8% completely outsource their SOCs, and 1% are reevaluating their SOC strategies.
  • Cyberattack Trends: The most frequent attacks targeting MSSP customers in 2023 include phishing (95%), vulnerability exploits (91%) and ransomware (86%).
  • Cybersecurity Solutions: Larger MSSPs were more likely to run their SOC entirely in-house (85%) while just half of our smaller segment MSPs ran their SOCs in-house.
  • Key Managed Security Services Offered: Almost all of the larger MSSPs (90%) provided 24/7 security event monitoring and response for threat detection use cases on their own.

“MSSP Alert and CyberRisk Alliance congratulate onShore Security on this honor,” said Jessica C. Davis, editorial director of MSSP Alert, a CyberRisk Alliance resource. “The Top 250 MSSPs continue to outperform the overall cybersecurity services market in 2023. It’s an indication of the strength of managed security services provided by these specialists at a time when cybercrime has accelerated and threatens businesses of every size and from every industry.”

Inclusion in the list follows several 2023 highlights for onShore Security. In April, onShore was one of more than 150 private sector companies to endorse principles developed by the Cybersecurity Tech Accord to curb the growth of cyber mercenaries. onShore executives presented at industry conferences including Inventures Canada, Blue Team Con and the ISACA Chicago Convergence Conference, and CEO Valavanis will present at the upcoming CornCon. In addition, the company launched the second season of its popular cybersecurity podcast, onSecurity.

onShore Security Press Release

Implementing the Cyber Workforce and Education Strategy in your organization

By

Implementing the Cyber Workforce and Education Strategy in your organization
– Josh Eklow

The Biden Administration recently released another cyber strategy document: the National Cyber Workforce and Education Strategy. While parts of the document focus on how the Federal government will work to further the cyber education of potential government employees and to grow the cyber workforce available to the public sector, they also outline a strategy that strives to raise the general level of cybersecurity awareness and training of all organizations and citizens, enrich the workforce for the private sector, and close the cybersecurity employment gap in the US in both public and private sectors. There are several tactics laid out in the strategy that can be implemented in your organization to manage the cybersecurity workforce gap. Much of the Biden Administration’s strategy is focused on long-term planning and many of the goals will not be realized for many years. In the meantime, businesses should position themselves to be part of the solution, both in their own organization, but also in their industry and national economy.

One tactic that the government plans to use in its efforts to close the cybersecurity gap is to work more closely with private entities to fill positions and ensure protection. This is something businesses already do: working with vendors and outsourcing to partners. Integrating third parties and private companies in the public sector will mean a great opportunity for practitioners and organizations to contribute to public and Federal cybersecurity efforts. These efforts will benefit from the experience and knowledge developed within the private sector. They also will try to benefit by doing something many businesses have already done: reform and rethink their hiring requirements and strategy. By looking more widely at the skills and experience of potential practitioners, they not only access resources they previously eschewed, but they also widen the knowledge base and diversity of their own organization.

Another tactic that can be implemented in private organizations at any level is to integrate cybersecurity and best cyber practices into the design, management, and operation of all parts of an organization. The government will make the cybersecurity of the organization the responsibility of all and will develop this culture across all departments, beginning with training and education. Instilling a similar understanding in your team will greatly raise the cybersecurity maturity of your organization. Employees must understand that every position at the company holds a vital role in cybersecurity, not merely the IT or IS staff. All staff should receive training on cybersecurity, especially as it relates to their positions. Management should consider cybersecurity issues in team meetings, planning, and assessment. By making everyone at the company a stakeholder in the cybersecurity of the organization, you greatly increase the digital resilience of your organization and employees. Much as the Federal strategy includes measures to generally educate the public in order to create a safer ecosystem for all, the efforts an organization takes to create more secure employees will mean that they bring this higher level of awareness and best practice home and to other parts of their life online. This indirectly helps your organization by raising the general level of security around you, but also will directly impact your organization. The line between personal and business is often fuzzy online, and bad security practices at home can lead to vulnerabilities in your business. 

Part of the strategy touched on in Pillars 2 and 3 is to integrate with the greater cyber ecosystem, specifically in the area of education and training. Time and energy spent developing the cybersecurity climate of tomorrow will pay dividends to your organization for many years. There are many ways that your company can do this today and you can start however makes the most sense for your team. Many industries have cybersecurity groups that are focused on their particular businesses. Attend events, as a company and as individuals, and get involved in boards and information-sharing groups. Incentivize your team to get involved in areas relating to their particular role, in CISO groups for example. Sponsoring events is a great way to show that your company is a stakeholder and to build culture at your company. Get involved with local colleges and educational and training programs. Attend cybersecurity events that are tailored to students or hosted at universities.

As the National Cyber Workforce and Education Strategy is put into practice, it will be to the benefit of all to consider how these ideas and tactics can be enacted in our own organizations. The hybridization of the workplace, accelerated by the COVID pandemic, is not slowing, and the future of the workplace itself is online. It is the American way to innovate and take advantage of the opportunities new technology presents. With this strategy, our leaders have laid out a plan to do so, while also acknowledging that they will need to adapt and change.

onSecurity Podcast – Episode 19: Inclusion and Community Engagement

By

Episode 19: Inclusion and Community Engagement


In cybersecurity, teamwork is everything. Every part of the practice is about being part of a team, from playing your part in your organization to being part of the larger community and ecosystem. Cybersecurity conventions, such as the upcoming Blue Team Con, are a focal point for team building at every level, with knowledge sharing and training, networking, and volunteering. Many cybersecurity events are run by volunteers, seeking to learn more about cybersecurity and organizing, meet active and involved members of the community, and take part in building the culture. 

This episode, onSecurity is joined by Phoenix Fier, security analyst for Funko and volunteer coordinator for the upcoming Blue Team Con. Phoenix discusses the importance of inclusion in cybersecurity events, the opportunities that volunteering at an event presents, and why getting involved is a critical step in your career.

onSecurity Podcast – Episode 18: Securing IoT and Operational Technology

By

Episode 18: Securing IoT and Operational Technology


In an interconnected world, the rapid proliferation of IoT (Internet of Things) devices and the integration of Operational Technology (OT) into critical infrastructure have unlocked tremendous opportunities. However, these technological advancements have also exposed us to unprecedented security risks. To counter these risks, businesses can quickly and efficiently turn to the practice of maintaining a comprehensive asset inventory. By identifying and cataloging all IoT and OT devices, organizations can better understand their attack surface and implement targeted security measures to safeguard their networks.

Huxley Barbee, CISSP and CISM of RunZero, joins onShore Security CEO Stel Valavanis on this episode of onSecurity as we delve into securing IoT and OT systems, exploring the significance of asset inventory in fortifying these vital networks against potential cyber threats, and identifying common pitfalls.

onSecurity – Episode 17: AI and Chatbots in Cyberattacks

By

Episode 17: AI and Chatbots in Cyberattacks


The emergence of artificial intelligence (AI) has introduced a new set of challenges to the field of cybersecurity. While AI offers immense potential for enhancing security measures, it also presents unprecedented risks and complexities. One of the primary concerns is the use of AI by malicious actors to develop sophisticated attack techniques, such as AI-powered malware and intelligent chatbots that can mimic human behavior. These AI-driven attacks have the potential to bypass traditional security defenses, exploit vulnerabilities at an unprecedented scale and speed, and even autonomously adapt and evolve to evade detection.

In this episode of onSecurity, we delve into the emerging threats posed by artificial intelligence (AI) and chatbots in cybersecurity, exploring how these technologies are being leveraged and the necessary adaptations cybersecurity professionals must make to safeguard our digital landscape. James Moore, Director of Online Learning at DePaul University, joins us to discuss the alarming ways in which AI and chatbots are being weaponized by adversaries, the increased sophistication of these attacks, their potential impact on industries, and the challenges faced by cybersecurity professionals in countering them.

312-850-5200

216 W. Jackson Blvd.
Chicago, IL 60606

info@onShore.com