Logging into your organization’s network is one of the first things employees go through daily. Each successful authentication also opens up a direct route into your company’s resources, creating a session between the two systems. 

However, trust shouldn’t be without limits—indefinitely keeping the session open can be detrimental to your security. This is something that a hacker could exploit when looking for ways to hijack your employees’ connections. Therefore, NordLayer unveils a new security feature designed to prevent this risk—Active Session Timeout.

Active Session Timeout using NordLayer

The new NordLayer feature allows you to choose a user’s session duration. When the time expires, the user is logged out from the Control Panel or NordLayer application and required to re-authenticate. This makes the action window during which the hacker could decrypt the connection shorter, making it much harder to hijack. This can be very beneficial if your users are handling sensitive data.

How does NordLayer’s Active Session Timeout feature work?

This feature automatically logs users out of the NordLayer application or Control Panel after the set period. It affects all users regardless of whether they were connected to the gateway during that time.

The setting is enforced automatically, and the session length can be adjusted by the admin in the Control Panel for the entire organization. The minimum duration length in the Control Panel and application can be set up to 1 day. Meanwhile, NordLayer’s default—and maximum—session duration time is 30 days. It adds a safeguard that is sure to be appreciated by a company’s IT personnel.

How is NordLayer’s Active Session Timeout different?

Unlike typical session management, NordLayer’s feature offers more flexibility and control. It not only addresses the typical use cases but also adds an extra layer of security, which is especially useful in remote working scenarios:

• The feature will have a setting allowing you to select a preferred session duration period.

• Session control has a predefined optimal default time of 30 days if there’s no preference for session duration time.

• The functionality is applicable for both Control Panel and NordLayer application, so gives more control to manage admins’ and users’ reauthentication.

Benefits of Active Session Timeout

Stricter session management is recommended by various organizations like The Open Web Application Security Project (OWASP). It can significantly contribute to your organization’s cybersecurity hygiene.

The benefits of Active Session Timeout controls include better security adherence in the organization, more efficient users and internal policy management, and increased overall network and data protection.

• Enhanced security: shorter session durations minimize the window of opportunity for unauthorized access.

• Compliance alignment: the feature allows organizations to align with security protocols, thus reducing vulnerabilities.

• Risk mitigation: in scenarios like device theft, the exposure period is significantly reduced, leaving a smaller time window for bad actors to exploit.

• Integrates with Single sign-on authentication schemes. This feature enables network administrators to control access to work resources more precisely and align them with their internal policies.

This functionality has benefits to all organization units, from the end user to the manager:

Overall the feature automates and optimizes processes for all organization units, adding an additional functionality to network and data security.

Entering NordLayer’s Active Session Timeout

To adjust your currently used session duration:

1. Head to the Control Panel and click Settings

2. Select Security configurations and find the Active Session Timeout section

This allows you to change session duration times for your users in applications and the Control Panel. You can choose the desired time from 1 day to 30 from the dropdown menu.

The user will be shown a dialog box just before the session ends, asking to reauthenticate to start a new session running.

The landscape for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) is on the brink of significant transformation. As businesses increasingly depend on digital technologies, the role of MSPs and MSSPs is expanding beyond traditional IT services to more complex and integrated solutions, particularly in cybersecurity. 

Key takeaways

• Market growth and investment in security: Gartner’s projection that security service spending will reach $90 billion in 2024 highlights a growing demand for comprehensive cybersecurity services.

• Cybersecurity as a central focus: with 42% of security and risk management spending geared towards security services, MSPs and MSSPs must prioritize enhancing their cybersecurity capabilities to grow and expand customer relationships.

• The critical role of SSE in cybersecurity: the integration of Secure Service Edge (SSE) frameworks, including technologies like ZTNA, FWaaS, CASB, and SWG, is essential for MSPs and MSSPs to protect client data and ensure robust network security efficiently.

• Expanding service offerings: with cloud security, data protection, and identity and access management, an MSP business can differentiate itself, attract more clients, and enter new markets.

• Enhancing client retention and trust: effective data protection and robust IAM practices not only retain clients but also build trust, positioning MSPs and MSSPs as reliable partners in cybersecurity.

• Scalability and compliance: offering scalable solutions and staying ahead of compliance help MSPs and MSSPs meet the evolving needs of their clients and adhere to regulatory requirements.

MSPs predictions and trends

According to Gartner, spending on security services, which includes consulting, IT outsourcing, implementation, and hardware support, is anticipated to reach $90 billion in 2024. This impressive figure highlights how businesses increasingly prioritize fortifying their digital defenses.

Moreover, the global market for managed security services is expected to grow at an average annual growth rate (CAGR) of 11.66% over the next five years, with a projected market size of $36,129 million by 2024. This rapid growth underscores an expanding opportunity for MSPs and MSSPs to offer comprehensive cybersecurity services.

The emphasis on cybersecurity is more pronounced than ever, with 42% of security and risk management spending expected to be directed towards security services. This trend indicates a shift from traditional IT support to more specialized security-focused offerings.

For MSPs and MSSPs, this move means that enhancing their cybersecurity capabilities is not just an option but a necessity. As cyber threats evolve and multiply, providing robust security solutions will be a critical factor in maintaining and expanding new customer relationships.

Cybersecurity solutions for MSPs’ and MSSPs’ growth

MSPs and MSSPs are pivotal in safeguarding client data and ensuring robust network security for companies that need external security and technological support. But what solutions best aid MSPs and MSSPs in this task?

The Security Service Edge (SSE) framework is an agile and flexible solution that is easy to customize based on business needs. SSE through Zero Trust Network Access (ZTNA) combines access controls, FWaaS helps with network segmentation by managing the traffic flow, Cloud Access Security Broker (CASB) enhances cloud security, while Secure Web Gateway (SWG) prevents unsecured traffic from entering the network.

By strategically adopting SSE frameworks, MSP and MSSP providers can leverage advanced cybersecurity solutions like cloud security, data protection, and Identity and Access Management (IAM) to drive business growth and enhance client safety.

Cloud security

At the heart of SSE, cloud security is fundamental for MSPs and MSSPs aiming to protect clients’ cloud-based systems and data. This solution includes encrypting data both at rest and in transit, deploying security configurations that automatically update to counter new threats, and implementing strict access controls.

By offering comprehensive cloud services, MSPs and MSSPs can assure clients of their ability to protect sensitive information against emerging threats, thus strengthening client trust and satisfaction. It’s crucial for establishing new customers and expanding on MSP growth.

Data protection

Data is the lifeline of modern businesses, making its protection critical to expanding for sustained growth and compliance. Under SSE, data protection strategies encompass various technologies like backup solutions, encryption, and intrusion detection systems.

These tools help MSPs and MSSPs prevent data breaches and ensure quick recovery from incidents, minimizing downtime and financial loss. Effective data protection not only helps retain existing clients but also positions MSPs and MSSPs as reliable guardians of data security that are attractive to prospective clients.

Identity and access management (IAM)

IAM is crucial for controlling who can access what within a network. This includes multi-factor authentication, single sign-on services, and user access reviews., All of these are aligned with SSE principles to ensure that only authorized users gain entry to sensitive systems and data.

By implementing robust IAM practices, MSPs and MSSPs can offer tailored access solutions that bolster security while improving the user experience. This supports client operations in a secure, efficient manner.

SSE solutions benefits for MSPs and MSSPs

• Expanding service offerings: By adding cutting-edge SSE solutions in cybersecurity offerings, MSPs and MSSPs can differentiate themselves from competitors, appeal to a broader client base, and enter new markets.

• Enhancing client retention: by providing dependable, state-of-the-art cybersecurity measures, MSPs and MSSPs can improve client satisfaction and loyalty while increasing their revenue. Clients who feel their data is secure are more likely to renew their contracts.

• Building trust through compliance: demonstrating compliance with data protection regulations makes MSPs and MSSPs providers partners of choice in industries where data security is paramount.

• Offering scalable solutions: SSE enables the provision of scalable cybersecurity solutions that grow with clients’ businesses. This flexibility is attractive to clients at all growth stages, ensuring that MSPs and MSSPs can meet evolving security needs.

By focusing on primary challenges to counter modern cyber threats and offering tailored advanced security solutions, MSPs and MSSPs can position themselves as strategic partners in their clients’ digital transformation journeys. These solutions are not complex, resource-intense, and complex

Cloud services allow managed service providers to expand their scope and revenue with little costs for clients, making it a win-win situation for all parties.

Expand MSPs and MSSPs with NordLayer

To capitalize on growth opportunities, MSPs and MSSPs must focus on expanding their service offerings. Opting to collaborate with a strong partner ensures a firm background for future client relationships.

While MSPs and MSSPs operate as consulting services that help businesses understand and implement the right security strategies for their specific needs, NordLayer stands strong as a network access security tool provider that offers solutions in different setups:

Secure Remote Access

Scenario: With a dispersed workforce, companies need to ensure secure access to corporate resources from anywhere in the world.

NordLayer solution: Provides secure and scalable remote access solutions that MSPs can manage for their clients, ensuring employees can access what they need securely and efficiently.

Enhanced network security

Scenario: Businesses face increasing threats from cyber attacks but often lack the internal expertise to effectively counter these risks.

NordLayer solution: Offers advanced network security features, including threat protection and data encryption, enabling MSPs to bolster their clients’ defenses against cyber threats.

Simplified compliance

Scenario: Companies operating in regulated industries require robust compliance measures to protect sensitive data and avoid penalties.

NordLayer solution: Helps MSPs ensure their clients meet compliance standards by providing tools for data protection, secure access, and audit trails.

Streamlined IT infrastructure

Scenario: Businesses seek to minimize IT complexity while ensuring their teams have the necessary tools and access.

NordLayer solution: Enables MSPs to offer streamlined, cloud-based security solutions, reducing the need for multiple vendors and simplifying the IT landscape for their clients.

Cybersecurity without internal experts

Scenario: Many SMBs cannot afford or find the cybersecurity talent needed to protect their operations.

NordLayer solution: MSPs can step in to fill this gap, using NordLayer’s intuitive platform to provide top-notch cybersecurity services without the need for in-house experts.

Scalable security solutions

Scenario: Growing businesses need security solutions that can expand with them without requiring constant reinvestment or reconfiguration.

NordLayer solution: Offers scalable security services that MSPs can easily adjust to fit the changing needs of their clients, supporting growth without compromising security.

Humans, by nature, are complex creatures resistant to change and education. 

Dr. Abbie Maroño explains that the struggle lies not only in our cognitive limitations but also in our emotional makeup. Overcoming these barriers requires motivation, passion, and consistency—qualities that are not always easy to foster.

In a fascinating dive into the intricacies of human behavior and social engineering, Dr. Abbie Maroño shares her journey into psychology, sparked by a youthful curiosity and an early commitment to research. Her path from academia to applying her expertise in the private sector demonstrates her strong commitment to understanding human dynamics, particularly its intersection with cybersecurity.

In the context of social engineering, this article highlights the powerful influence of group dynamics and the principle of social proof.

The interview’s highlights

• Educating humans is challenging. Success in educating humans hinges on motivation due to our natural resistance to change and limitations in memory and cognitive capacity.

• Embracing shame for personal growth. Dr. Maroño’s work suggests that acknowledging and understanding shame can catalyze deep personal development, challenging the notion that shame should be entirely dismissed.

• Group dynamics’s role in social engineering. Cybercriminals exploit social proof and our propensity to follow the crowd. Awareness and resistance are key to safeguarding against these tactics.

• Real-world cybersecurity training is crucial. Dr. Maroño advocates for simulation-based training over traditional methods, particularly in sectors like healthcare, to make learning more relevant and effective.

• The power of self-relevance in learning. Effective education requires making cybersecurity personally relevant, using real-world simulations to improve engagement and practical application.

• “Trust but verify” enhances cybersecurity. Emotional intelligence and critical thinking are vital in defending against manipulation, emphasizing a balanced approach to trust.

Key insight #1: motivation and engagement are crucial for effective learning.

NordLayer: Abbie, you’ve been studying human behavior for a while now. What’s your conclusion? Are humans easy to train and educate by nature?

Dr. Abbie Maroño: No, human beings are not easy to educate. The memory system is very prone to errors, and we have a limited cognitive capacity. No doubt, we have the ability to be educated, but it really depends on a ton of different factors.

Educating someone against their will, especially in areas like security practices, is ineffective. For learning to be effective and for information to transition into long-term memory, the learner must be engaged and attentive.

Without motivation, information will likely enter one ear and exit the other. This is supported by research indicating that mere exposure to information is insufficient for learning—attention to the material is essential.

However, learning becomes much more attainable if there is motivation, passion, and dedication. The concept of ‘cramming’ before an exam illustrates this well. It’s a widespread belief that we can quickly absorb information, but the reality is that both the brain’s short-term and long-term memory functions require time and consistency to learn truly.

Key insight #2: Group motivation and social proof influence individual decision-making in social engineering contexts.

NordLayer: Speaking of motivation—personal or collective motives—can bring better learning experiences and results?

Dr. Abbie Maroño: While individual self-interest can drive motivation, the presence of group motivations can significantly amplify it.

Being part of a team with shared goals fosters a sense of responsibility and accountability, much like the dynamic observed in programs like Weight Watchers. Despite criticisms of Weight Watchers for its food quality and the psychological implications of its “sins” concept, the program’s success is attributed to the strong social support and collective mindset it promotes.

This group cohesion encourages individuals to stay committed to their goals, as the sense of being observed and held accountable by peers increases their motivation to maintain progress.

NordLayer: How do peers (a group) influence an individual’s decision-making in the event of social engineering?

Dr. Abbie Maroño: Social proof influences our decisions by making us more likely to trust or choose something endorsed by others. This tactic is frequently utilized by social engineers, who manipulate appearances to blend in or create false endorsements, leveraging our tendency to trust familiar figures or the majority.

For instance, mentioning a known colleague like Sally from accounting in a story can foster trust by association. This principle is also why celebrity endorsements and the phenomenon of joining a queue at a busy restaurant work effectively.

Key insight #3: embracing and understanding shame is essential for genuine personal growth instead of eradicating it for the narrative of mental health and empowerment.

NordLayer: As a published author, your latest book explores personal improvement through shame. Can you tell us more about the premise of this approach?

Dr. Abbie Maroño: My first book will officially be released in July, though I’ve already been sharing it with select individuals and doing book signings. My second book is set to come out in December.

I started writing this self-help book, “Work in Progress,” because I noticed a significant need for a deeper understanding of our emotions. Many self-help books and popular media, though well-intentioned, lack a scientific approach and often suggest that we must rid ourselves of shame to achieve good mental health and empowerment.

However, this doesn’t align with the complex nature of the human brain or how we actually process emotions. Our brain, which is a significant energy consumer despite its small size, doesn’t generate emotions without reason. Emotions are signals, meant not always to be acted upon but to inform us. Dismissing shame overlooks a crucial aspect of our emotional well-being and self-awareness.

My aim was to create a book that’s honest, raw, and relatable, challenging the overly optimistic narrative that “everything will be fine” with a more grounded, realistic approach to personal development.

Key insight #4: cybercriminals manipulate nonverbal cues to scrutinize first impressions.

NordLayer: In your Forbes article, you said that certain social skills can help people elicit the information they want. What are these skills, and how do cybercriminals use them?

Dr. Abbie Maroño: Cybercriminals exploit nonverbal communication to manipulate perceptions, leveraging our instinctual habit of making rapid judgments about people’s personalities based on their appearance and behavior, a process known as “thin slicing.”

This evolutionary trait, which helped our ancestors quickly assess threats, today leads us to assign traits like friendliness or competence based on superficial cues like smiles or confident demeanor, often without any supporting evidence.

Cybercriminals use this knowledge to their advantage, presenting themselves as authoritative and trustworthy to bypass our defenses.

Our reluctance to revise first impressions makes us vulnerable to such manipulation, as we seek to validate our initial judgments rather than question them. Thus, understanding and being aware of these cognitive biases can help us better defend against the tactics of social engineers.

Key insight #5: emotional awareness is critical in resisting manipulation by social engineers and making more informed decisions.

NordLayer: Can you share what personality traits and psychological defenses should be nurtured to resist social engineering attempts?

Dr. Abbie Maroño: General emotional awareness in cybersecurity, explaining how social engineers exploit emotions to manipulate their targets, is important.

Recognizing when emotions like fear or anger influence decisions is crucial, as these emotions can cloud judgment and lead to quick, unthoughtful actions.

For example, taking a moment to breathe and assess one’s feelings before reacting to a potentially malicious email can allow the brain’s logical centers, like the prefrontal cortex, to engage and evaluate the situation more critically. This approach is vital because, despite the sophistication of attacks, the final decision to engage (e.g., clicking a link) rests with the human user.

Beyond technical measures, fostering a security mindset that includes emotional regulation and awareness is key. This not only helps individuals resist manipulation but also adapts to evolving threats, emphasizing the role of human judgment in cybersecurity defenses.

Key insight #6: effective cybersecurity training requires real-world simulations and engagement.

NordLayer: Let’s explore dynamic and sensitive environments like healthcare where cybersecurity awareness is crucial, but there’s no time to train and educate specialists. What human behavior traits and social engineering tactics could be exploited to achieve positive learning results?

Dr. Abbie Maroño: Learning is most effective when information directly relates to the individual.

Traditional security training, like online videos, often fails to engage healthcare professionals because it lacks this personal relevance and fails to bridge the gap between theoretical knowledge and practical application.

This approach not only identifies vulnerabilities but also personalizes the learning process, making it more impactful. By engaging employees in scenarios like simulated phishing (vishing and smishing) attacks, they learn to recognize and react to threats more effectively.

Positive behaviors are reinforced, while areas for improvement are identified and addressed. It is important to invest in comprehensive security training to protect sensitive information proactively, warning that the costs of inadequate training far outweigh the investment in robust, interactive learning experiences.

Key insight #7: “trust but verify” ensures safety in cybersecurity by combining trust with critical verification of requests.

NordLayer: What benefits should be amplified, and what behaviorist tactics should be used to help people become more aware of cyber threats? What should be included in the cybersecurity training, in your opinion?

Dr. Abbie Maroño: Tactics like “trust but verify” emphasize the balance between maintaining trustful relationships and being cautious.

This method allows for cooperative relationships to flourish while safeguarding against manipulation. Verification becomes a critical step in this process, ensuring that one does not blindly fulfill requests without appropriate scrutiny.

Such an approach relies heavily on emotional responses and critical thinking to discern the legitimacy of requests, advocating for a balanced stance of trust with a readiness to verify, avoiding the pitfalls of unwarranted suspicion.

Thank you.

Dr. Abbie Maroño’s passion for understanding human behavior ignited at 17, leading her from early research endeavors in university to a fulfilling career in academia and, ultimately, into the private sector.

Dr. Maroño’s work reveals the intricate dance between human psychology and cybersecurity, highlighting the need for an empathetic, informed approach to educating and protecting against cyber threats. Her emphasis on emotional awareness, group influences, and innovative training methods offers a fresh perspective on building resilient cybersecurity defenses rooted in understanding human nature.

How NordLayer can help

NordLayer can significantly enhance an organization’s cybersecurity posture by fostering a culture of “trust but verify” within the workplace.

NordLayer empowers employees with the tools and knowledge necessary to scrutinize and validate requests, thus minimizing the risk of social engineering attacks. Its advanced security solutions, designed to address the nuanced challenges discussed, such as the need for emotional awareness and critical thinking, provide a robust framework for organizations to protect their sensitive data.