Up until mid-March, 2020 was shaping up to be a banner year for MSPs: a robust economy, new opportunity, and the typical menu of cyberthreats. What a difference a month or two makes!
Now, much of an MSP’s fortune depends on what type of client portfolio they’ve cultivated. If you specialize in restaurants, you’re likely to be feeling the pandemic’s full impact on business. If your clients are in the healthcare arena, you probably are busier than ever.
The world is in flux right now, and part of an MSP’s challenge, especially those that have offices in more than one location, is to know what rules are in place where. Some states in the United States are beginning to emerge from weeks of lockdown. Some countries are gingerly doing the same. Meanwhile, other states and countries are continuing their lockdowns longer, depending on the local COVID-19 conditions.
Smarter MSP caught up with Hussain Aldawood, international cybersecurity expert and Director of Cybersecurity at GulfNet Solutions, to talk about various cybersecurity concerns as the world begins to emerge from lockdown.
“When the cats are away, the mice will play.”
Who hasn’t heard that common refrain? The little verse could easily be changed to, “when the employees are out, the hackers find a route.” While most of the attention has shifted to what cybersecurity risks employees can counter at home, less attention has been paid to ones left behind at the office while everyone is gone, Aldawood points out.
A workforce that has mostly moved to telecommuting has created challenges for cybersecurity. Offices are empty, network traffic is down, and there aren’t as many “eyes” on a system. This creates an irresistible opportunity for bad actors to exploit the absence. One of the most significant risks is that the large servers at shuttered universities, colleges and other institutions could prove irresistible to crypto miners.
With #COVID19 continuing to impact the global economy, cyber attacks remain a constant threat. #MSPs must focus on these #CyberSecurity aspects, as the world beings to emerge from lockdown.
Companies might not detect the intrusion until they get clobbered with a massive utility bill. MSPs need to be keeping as close an eye on the network infrastructure back at the client’s office, as you are doing for the corps of suddenly remote workers, advises Aldawood.
Aspects of cybersecurity to consider during this transition period
Permissive access: While many larger companies have turned to VPNs during the COVID-19 crisis, smaller businesses have instead relied on a patchwork of devices to get through this, and that means any device can be used to log into the company network.
“This can be a problem for IT teams and their ability to monitor access as it opens their data up to unauthorized persons, malware or other viruses, as personal devices won’t be as secure, may use outdated operating systems or won’t employ strong anti-virus programs,” Aldawood says. So while everyone is away, MSPs should make sure to secure and inventory all external devices that can access a network.
Outdated web protection: “Attacks are more sophisticated today than they ever have been before,” Aldawood states. This means that organizations need the latest web protection these days. For example, web filtering blocks malicious webpages that might contain spyware, malware, and other viruses. Filters can also act as blockers based on URL, page type, the user, or the device they are using. So while everyone is out of the office you should make sure your client’s web protection is up to date.
Lack of asset tracking: One of the significant threats with the flexibility of mobile access is that devices become quite powerful ports of corporate data. While it’s great for staff to be able to view and work on relevant content on the go, it gets tricky if one of the devices goes missing—either lost or stolen—or falls into the wrong hands. Make sure that an inventory is kept of clients’ remote devices during this pandemic so that you don’t inadvertently enable a breach because a device falls into the wrong hands.
“If an organization does not provide secured communication tools for remote connections and doesn’t use secured protocols, including implementation of VPN and proactive endpoint protection, along with meeting the minimum security standards, they will put their network infrastructures at high risk,” Aldawood advises.
Risk mitigation: Another step MSPs should take is to implement a risk mitigation strategy while everyone is away, and before everyone comes back. Aldawood notes thatmany companies rely on their information systems and the digital world for managing supplies, shipping, and procuring contracts with governments and business partners. Therefore, a risk mitigation strategy will help those organizations prioritize their risk so they can allocate resources efficiently. MSPs should make sure that their mitigation strategy is completed and updated continuously.
Traditional cybersecurity approaches have focused on prevention controls and compliance standards, Aldawood says. These have an essential place, but it is evident that an expanded focus is needed on cybersecurity incident monitoring, detection, response, and recovery capabilities. This expanded concept of cyber resilience is the ability to prepare for, respond to, and recover from cyber incidents and disruption.
As the world begins to emerge from #COVID19 lockdown and workers return to the office, #CyberSecurity remains a challenge. Here’s what #MSPs should be doing to mitigate cyberthreats during this transition.
One of the lasting legacies of the pandemic – and only time will tell for sure – is that as offices begin to reopen over the weeks ahead, fewer people may be coming to them. Companies may realize efficiencies from keeping some employees at home, so some will stay there.
It will take a while for the economy to recover and that will allow underground hackers to take advantage of the COVID-19 outbreak by accelerating their activities to spread their own infections.
“Since the beginning of January 2020, during the period where initial outbreaks were being reported, over 16,000 new coronavirus-related domains were registered,” Aldawood adds. And many of them are, unfortunately, put up by bad actors.
Other cybersecurity side effects of the pandemic
Loss of internal cybersecurity talent: While it’s too early to draw conclusions, a prolonged economic slow-down may impact and reduce cybersecurity budgets. If the IT staff of various MSP clients gets hollowed out that could lead to vulnerabilities, and MSPs may be called upon to fill more gaps.
Beware the homebound hackers: Hackers also are under lockdown. Their social lives are in the tank and their jobs may be shuttered.
“Amateur hacking attempts may increase due to their presence at home most of the time due to the lack of many social events in these situations,” Aldawood asserts.
Even hackers have social lives and when they don’t, that time get filled in less productive ways. As such, cybersecurity teams need to be on high alert. The next few weeks will be interesting as we watch lockdowns lifting and, hopefully, a new normal settles in.
Photo: ImageFlow / Shutterstock