For MSPs, 2018 was anything but a dull year. Change is constant in the world of cybersecurity and the year delivered on that truism in spades. Before 2018 slips into the rearview mirror, let’s look back at some of the biggest security trends MSPs battled. We asked Ahmed Banafa, a noted security expert at San Jose State University and author of the newly released “Secure and Smart Internet of Things using Blockchain and Artificial Intelligence” for his commentary on the trends he witnessed. So without further delay, here are the areas where we saw the some prominent security trends of 2018:
Latent CPUs at universities and hospitals appealed to cryptominers in search of some “easy” Bitcoin or Monero. Unfortunately, if one of your client’s systems was breached by miners, they would have been hampered by slow speed, a signature symptom that miners may have gained access. The miners tend to stay away from, say, the corner doctor’s office and instead have their sights set on entities with large networks with a lot of power. This made entities such as universities, hospitals, and banks especially alert to potential attacks. MSPs were tasked with defending these large networks from miners and that was one of the year’s biggest challenges.
AI has many positive attributes and 2018 saw its promise begin to come to fruition as everything AI began its IoT infusion.
“AI may prove to be a double-edged sword as 91% of security professionals are concerned that hackers will use AI to launch even more sophisticated cyber-attacks,” Banafa says.
As an example, Banafa cites AI’s ability to automate the collection of information, perhaps relating to a specific organization and its ability to assist hackers unlock passwords by narrowing down the number of probable passwords based on geography or demographics. The power of AI has caused some companies to step back and really think about its use.
“Just because AI can be used doesn’t mean it should,” Patrice Samuels, an analyst at Parks Associates, tells SmarterMSP.
Medical device security
2018 may well be remembered as the year MSP security became a life or death matter – literally. As more and more medical devices become IoT devices, security has moved to the forefront. Abbott was forced to release a patch for 350,000 of its pacemakers because of a security vulnerability. Other companies had to initiate recalls. The emergence of medical devices in the IoT in 2018 has opened up new opportunities for MSPs, whose services are increasingly being sought to safeguard them.
The emergence of medical devices in the IoT in 2018 has opened up new opportunities for MSPs, whose services are increasingly being sought to safeguard them.
Ransomware and the IoT
IoT’s proliferation in 2018 also opened a new line of attack for hackers and bad actors: ransomware. The prospect of holding a city hostage in exchange for a pay-out was just too irresistible. Atlanta was brought to its knees for a time, but so were small cities. Some paid, some didn’t. Either way, it didn’t stop hackers from trying.
“We should be very careful not to underestimate the potential damage IoT ransomware could cause,” Banafa said. For example, hackers may choose to target critical systems such as power grids, explains Banafa. For MSPs, ransomware brought opportunity in the form of more municipal contract opportunities.
Cybersecurity has gone beyond keeping the college-kid hacker at bay. The emergence of organized crime online and state-sponsored breaches became clearer in 2018 and that is troubling to experts like Banafa.
“The rise of nation state cyber-attacks is perhaps one of the most concerning areas of cyber-security. Such attacks are usually politically motivated, seeking more than financial gain. Instead, they are typically designed to acquire intelligence that can be used to obstruct the objectives of a given political entity,” Banafa says.
He explained that nation-state attacks can be used to undermine voting systems or to sway public opinion. A country that is ordering an attack will have all the tech tools and financial backing necessary.
Banafa suggests that given the level of expertise and finance that is behind these attacks, they may prove very difficult to protect against. Governments must ensure that their internal networks are isolated from the internet and that extensive security checks are carried out on all staff members.
Shortage of skilled staff
One of the biggest security issues MSPs faced in 2018 had nothing to do with malware or hackers. This is an issue that SmarterMSP ran into frequently in conversations with MSPs in 2018: a shortage of skilled techs is hobbling the MSP industry, especially in medium and smaller-sized markets. Add to the mix the growing sophistication of attacks, and that is a problem, according to Banafa. With less security talent to go around, there’s a growing concern that businesses will lack the expertise to thwart network attacks and prevent data breaches in the years ahead. So, what to do to keep qualified techs?
In our “Ask An MSP Expert” feature, MSP-Ignite CEO Steve Alexander advised, “Most MSPs can’t compete on salary. You simply don’t have the money to sink into it. Instead, compete where others can’t: quality of life issues, swing shift, company cars, casual work environment, TV screens, etc. All of these things are a minimal cost but offer maximum value.”
Most MSPs can’t compete on salary. You simply don’t have the money to sink into it. Instead, compete where others can’t: quality of life issues, swing shift, company cars, casual work environment, TV screens, etc. All of these things are a minimal cost but offer maximum value
The whole IoT ecosystem has evolved into a complex, multi-layered parallel universe of connectivity and that creates its own set of problems, according to Banafa.
“Manual tracking of the health of these systems, even when they operate in a highly integrated manner, poses massive challenges. For most businesses, the only practical method of embracing advanced (and expensive) cybersecurity technologies is to prioritize their IT systems and cover those that they deem critical for business continuity,” he suggests. This can give MSPs opportunities for package pricing, a la carte and pay as you go packages to try to encourage clients to expand their defenses.
“Currently, cybersecurity is reactive. That is to say that in most cases, it helps alert IT staff about data breaches, identity theft, suspicious applications, and suspicious activities,” asserts Banafa. ”That the shift should be towards prevention rather than reaction.”
Blockchain technology emerged as a force, not just for shadowy cryptominers, but the decentralized, ledger-based transaction system that has anonymity as a hallmark. This emergence has opened up new possibilities in cybersecurity and IoT. It seems everywhere one looked in 2018, blockchain was blossoming in a new venue. Banafa discussed blockchain’s promise with SmarterMSP earlier this year saying:
“Blockchain offers new hope for IoT security for several reasons. First, Blockchain is public. Everyone participating in the network of nodes of the Blockchain network can see the blocks and the transactions stored. Despite this heightened visibility, users can still have private keys to control transactions.”
All in all, it was another action-packed year in terms of security and for the managed service providers trying to protect their customers. 2019 is around the corner, with a whole new set of trends, threats and opportunities coming our way. Buckle up — wee can’t wait to see what the New Year holds for MSPs!