As we approach the halfway point of 2020 (yes, hard to believe), this is an excellent time to look at the cybersecurity landscape to see what trends have emerged and how you can position your cybersecurity offerings for the remainder of the year.
MSPs need to be constantly updating their service portfolio and making the case to clients to up their cybersecurity budgets — not for your bottom line, but for the short and long-term well-being of your customers. Let’s examine five threats that have emerged in the first half of 2020 that MSPs should be monitoring as we enter the second half of the year:
The world comes to cybersecurity
If trends continue the way they have been for the rest of the year, then 2020 will be known as the year that whatever is in the news becomes the next cybersecurity threat. There has been the emergence of 5G motivated attacks on towers in response to conspiracy theories.
Next, the first few months of the year were punctuated by COVID-19 cyber scams and clickable maps of COVID-19 cases that deployed malware. And we won’t forget the phishing emails designed to look like they were from the World Health Organization purporting to offer advice about COVID-19, but in reality were unleashing viruses, instead.
Then, as protests spread across the United States, they moved into the cyber-realm, with police and city government offices coming under attack. MSPs with healthcare or municipal clients have had to be on guard all year. And yet, the national election is still months away and sure to carry its own passel of risks.
Cybersecurity comes home
Due to the sudden spread of COVID-19, MSPs and their clients have had to create a from-scratch work-from-home environment. The Times of Israel reports:
As more and more employees worked from home, hackers were given even more fertile ground for attacks as they sought to find weaknesses in personal computers or cloud-based servers to access valuable information.
Hackers might relish the new frontiers that remote working offers, but the work-from-home movement can be a boon to MSPs that can step in to expand their cybersecurity and networking offerings.
Hackers might relish the new frontiers that remote working offers, but the #WFH movement can be a boon to #MSPs who can expand their #cybersecurity and networking offerings.
Rise of ransomware
After slowing a bit in 2019, ransomware is ramping up again in 2020. The potential for debilitating and expensive attacks against clients should have MSPs concerned and vigilant. Cities, hospitals, and even the Nipissing First Nation in Canada found themselves victimized by ransomware in the first half of 2020.
MSPs need to be especially aggressive and proactive in countering the threat of ransomware. Look for weak points in a client’s network. If you don’t find them, hackers will. Passwords are a common entry point.
“MSPs need to use, implement and maintain multi-factor authentication on all endpoints,” John Anderson, a cybersecurity researcher in Phoenix, Arizona, tells Smarter MSP. He also advises that MSPs be on the lookout for key logger malware that can steal passwords
Anderson suggests simpler MFAs, like a blend of pin, password and a security question, ones that users can sail through seamlessly, but would hinder a hacker. A hacker, Anderson says, is like a hungry bear at a campsite, if the food is locked away and stored up off the ground, the bear will usually quickly move on. The bear, like the hacker, is looking for easy pickings.
While MFA is a great fix for many issues, it is crucial for warding off ransomware.
Fileless malware attacks
For the first time, fileless malware is more common than the old line downloadable attachments.
Fileless malware is more labor-intensive for MSPs to hunt down, and that can make it a harder sell for clients. MSPs need to make a strong case, however, that fileless malware is the new front-line in cybersecurity and that additional features need to be deployed to combat it.
#MSPs need to be constantly updating their offerings and making the case to clients to up their #cybersecurity budgets.
Anderson advises implementing a robust patch management regimen and privilege management as being key to combating fileless malware.
“You would be surprised how many excellent MSPs, and I am talking brilliant, top-flight MSPs, still sometimes skimp on patch management. It’s just not as `sexy’ as some of the other cybersecurity fixes, not as glamorous, but it is so important since those are known security flaws. If Microsoft knows about them, you better believe the hackers do,” Anderson states.
AI goes on the attack
This year has also seen increasing incidences where AI has powered cyberattacks.
“AI was previously used by cyber professionals to thwart attacks, but what has kept people like me up at night is the fear of weaponized AI, and we are beginning to see more of that,” Anderson says.
He advises that MSPs need to conduct inventory management of their cybersecurity arsenals and see where they can add their own additional AI tools.
“The only way to fight AI is with AI, and at some point, it becomes this AI arms race with the good guys and the bad guys trading the lead,” Anderson declares.
The year is only just approaching the halfway point, so we’ll have to see what the rest of 2020 brings for cybersecurity, and as always Smarter MSP will keep you in the loop!
Photo: patpitchaya / Shutterstock