It seems many cybercriminals have begun to set their sights on Managed Service Providers (MSPs). In fact, 80% of MSPs say their organization has been targeted by ransomware.
Not unlike the rest of us, cyber attackers want to work smarter, not harder. If they are able to successfully infiltrate one MSP’s network, they can potentially gain access to all of their clients’ systems as well. The more systems attackers can reach, the more ransomware they can spread, thus increasing their pay out.
These economies of scale make MSPs attractive, high-value targets for malicious actors. And as cyber attack techniques continue to evolve and improve, more and more hackers will want a piece of the action.
It is imperative for MSPs to use highly effective cyber security measures. Afterall, they are not only protecting themselves, but their clients as well. Additionally, as clients begin to see more news about ransomware attacks on MSPs, they will need assurance of their service providers’ security posture. Below are a few ways MSPs and their clients can help prevent ransomware attacks.
Stolen credentials contribute greatly to the spread of ransomware. Employees often fall victim to credentials theft via email phishing. Additionally, if staff members fail to practice proper password protocol and other security essentials, they inadvertently create ransomware opportunities. The best way to guard against these issues is through education and awareness. For MSPs, the challenge to educate is two-fold. They must educate and train appropriately internally, but also encourage (and possibly require)their clients to do the same.
Both the service provider and the client should understand that cybersecurity awareness training is not a one-and-done endeavor. Hacking techniques continue to evolve. Regular security training is required to keep employees informed and vigilant about the most current threats and methods. It is recommended to offer essential security training during employee onboarding as well as at a regular cadence, such as quarterly.
While these are not new recommendations, there are a few cyber hygiene basics that bear repeating when it comes to protecting against ransomware.
- Antivirus and DNS Filtering – Bare minimum, MSPs must have enterprise-grade antivirus and DNS filtering installed on all machines. It would be wise to mandate that their clients take these security steps as well. These basic measures must be applied throughout the client/provider continuum in order to be effective.
- Keep Patching – Patch software early and often. It’s a common recommendation, and for good reason. It’s crucial to run software patches as soon as they are available to protect against the latest cybersecurity threats. Patches can contain a fix or remedy to a vulnerability that has been discovered within the software. It is only a matter of time before that weakness is exploited if it isn’t patched quickly. Both service providers and their clients need to observe this best practice.
Proper access management can thwart many cyberattacks, including ransomware initiatives.
- Set Limits - System access and permissions should be limited to only what is necessary, both on the client and the service provider side. This is known as the Principal of Least Privilege (POLP). Essential-only access benefits both parties by improving security across the board and reducing the opportunities for user errors that introduce security vulnerabilities.
- No 2FA? No Play - 2-factor authentication should be enabled and be a default setting on both the provider and client side to help guard against unauthorized access. If possible, service providers should make it a mandatory requirement for clients.
BOLO - Access logs should be monitored for any suspicious activity, including a large number of failed log-in attempts, privilege escalation, and increased file share access. These are indications of possible breach attempts.
Back up Your Back up
Service providers need to ensure their backups are running effectively and that they are adequately protected. Unfortunately, some organizations do not discover their back ups failed to run regularly until there is a ransomware attack. At that point it is too late.
Backup files should be kept isolated and offline, to protect against ransomware that gains access to administrator credentials. It is recommended that organizations keep at least 2 or 3 copies of their back up in different forms, including one that is offsite. If an organization does end up needing to restore data from back up, it is a good idea to run a proactive threat scan to ensure no previously undetected malware is reintroduced.
Of course MSPs hope to avoid restoring from back up, which is why the proactive security measures listed above are so important. With widespread use of the right prevention, perhaps service providers will become less attractive ransomware targets in the future.
When it comes to your businesses’ cybersecurity, there are many moving parts to safeguard. Identify and eliminate system weaknesses effectively and easily with our vulnerability and threat management solutions.