What would you think is a greater threat, an outside attack or someone from the inside – often times not intentionally trying to do harm? This is an ongoing debate, but we can say that insider threats are harder to prevent because in most cases there is no ill intent. Cyber criminals are not using traditional attack methods to invade business systems and infrastructures. This means you can’t use traditional cybersecurity defenses to stop them. Not all risks come from external sources, many are internal, and companies are starting to take note of the high risk this imposes.
Outsider threat cases appear on the news, but not the insider cases, which creates a false sense of security when it comes to a “Trojan Horse.” Many businesses that work with Managed Service Providers (MSPs) and MSPs themselves are facing internal risks. With cyber attacks at an all-time high, MSPs need to be vigilant protecting both themselves and their customers.
These four tips will help ensure you are on the right path to protecting your livelihood and your customers as well.
1. Don’t forget about yourself.
As an MSP, your risk of being breached is just as high, if not higher, than your customers. Hackers have found that if they gain access to an MSP’s system, they will have easier access to all of their customers’ systems and information. Recently, the U.S. Department of Homeland Security (DHS) warned MSPs, Cloud Services Providers (CSPs), and Managed Security Service Providers (MSSPs) to remain vigilant as cyber gangsters are exploiting them to creep unnoticed into their customers’ networks. Hackers are attacking service providers as the weak link in a supply chain. The DHS strongly advises service providers to take the proper measures and lock down their systems.
The report from DHS highlighted instances of phishing attacks on MSPs targeting three main areas: stolen credentials, misused admin tools, and signature-based malware faults. Once attackers had breached the service provider’s system, they used common admin tools to access their customers’ networks. This in particular shows the ineffectiveness of Remote Desktop Protocol (RDP) and the need for a tightly-controlled Remote Management Tool (RMM). Remember, if a hacker can hack your systems, they can easily gain access to your customers’ systems.
2. Go back-to-basics.
Patching your programs is an important step. Due to testing and scheduling, most companies take more than 100 days to roll out patches, which is far too long to ensure systems remain uncompromised.
Just patching Windows isn’t enough. In addition to rolling out patches in a timely manner, it is also advised to patch individual programs. Some of the most targeted programs are Java and Adobe Acrobat Reader. If you can’t ensure every application is updated and patched on your customers’ systems, you need to plan to monitor for breaches that leverage common applications.
3. Don’t forget the little guy.
Keep your small-to medium-sized business (SMB) customers protected just as thoroughly as your larger customers. Your SMB customers could be your most vulnerable. SMBs often feel they are not a target because they are small and can go unnoticed by hackers. They couldn’t be more wrong. A breach is virtually inevitable for SMBs. Ponemon calls out that 81% of SMBs report that exploits and malware have evaded their anti-virus solutions. In addition, Verizon DBIR reports that 58% of all malware attack victims are small businesses.
Traditionally, hackers target the end users as the weakest link. Every end user needs to be trained by their employer to be vigilant for phishing attacks and other threats. As their MSP, you have to plan for their end users to make mistakes. Remind your SMB customers that training their employees is necessary to help prevent cyber threats and breaches.
4. Traditional defenses are a thing of the past.
According to Ponemon, 77% of successful attacks in 2017 utilized “file-less” techniques that bypassed traditional perimeter defenses. It is predicted that one third of all attacks in 2018 will use “file-less” techniques. Firewall, anti-virus software, and email security aren’t enough to evade modern day cyber threats. So, what has changed? A survey of IT professionals indicates two factors are at play: the increasing complexity of the threat landscape and expensive security technologies to combat new threats.
The threat landscape of today demands focus on detection, response, prediction, and continuous monitoring. This means a successful deployment of technologies is dependent on the human element. MSPs are turning to co-sourcing staff that has experience with Security Information and Event Management (SIEM) technology to ensure they are properly protecting themselves and their customers. No matter what technology you deploy, it is important to have a game plan for detecting when perimeter defenses are breached.