From the supply-chain attack at the beginning of the year, to the ransomware attack that took down a major pipeline in the United States, cyberattacks have been doing significant damage in recent times.
Now, the latest supply-chain attack that some managed services providers (MSPs) are actively dealing with shows that cybercriminals will target all businesses, and we are all just a click away from the next devastating hack.
Note: If you are looking for the latest insights into current attacks or cyberthreat trends, we recommend SKOUT Cybersecurity’s Threat Advisory.
Prepare a cybersecurity checklist
All of this reminds us that MSPs must be vigilant and be prepared for when a cyberattack occurs. I spoke with Mark Whiffen, Senior Product Manager at Barracuda MSP, and he recommends the following cybersecurity checklist to prepare for any cyber incident event.
-
- Develop a cyber incident response plan: a cybersecurity incident response plan prepares you for the inevitable and equips your team to respond before, during, and after a cyberattack. The plan should consist of:
- Emergency contact information of required personnel, including the IT team, as well as executives who needs to be involved
- Actions required when an attack is first detected such as isolating the infected devices, removing all connection to the network, and so forth to reduce the damage of the attack.
- Recovery actions such as the sequence of which parts of the network need to be restored first, identifying a clean version of the backup, and many more.
- Develop a cyber incident response plan: a cybersecurity incident response plan prepares you for the inevitable and equips your team to respond before, during, and after a cyberattack. The plan should consist of:
This will ensure that you will have a consistent recovery plan across all your customers’ environments and reduce the amount of time and effort it takes when a cyberattack strikes.
-
- Be vigilant with documentation: a well-documented IT environment enables MSPs to operate efficiently and effectively. But it doesn’t end there. Written documentation can also help in recovering all key business information in the case of a disaster such as a cyberattack. Strong documentation includes all your customers’ information with detailed guidelines for specific operations and recovery processes that should be followed in the event of a disaster. This will prevent the MSP from reinventing the wheel if a disaster strikes when restoring their customers’ environments.
- Develop a customer communication plan: MSP should communicate with their customers during a cyber incidence. The communication plan should include who they need to communicate with and the questions they need to answer. In addition, it should include contact details of your incidence team, who has message approval rights, who the message needs to go to, and the communication channel(s) to deliver the messages.
- Test your customers’ backup: a reliable backup is a key to a successful and speedy recovery. It is important to regularly test your customers’ backups to ensure that the latest data is available. It is also important to have a backup solution that offers features such as immutable storage. An immutable backup or storage means that your data is fixed, unchangeable and can never be deleted. Further, having an/ air gap, or the absence of a direct or indirect connection between a computer and the internet, is also key to protecting data.
Avoid cyberthreats with these steps
In addition to the cybersecurity checklist, Mark also recommends that there are many preventive security measures MSPs should take now to ensure their customers and themselves are protected from the heightened cyberthreat landscape. These measures include:
-
- Proactive security updates. Ensures clients and their own systems are up to date with security patches to eliminate security vulnerabilities.
- Turn on multifactor authentication. Can prevent unauthorized access from cybercriminals to businesses’ resources.
- Audit access control. Frequently auditing access to businesses’ systems to remove inactive users or users who are no longer with the company can minimize cybersecurity risks.
- Deploy security solutions across all attack surfaces. This includes email, network, web applications, web, and antivirus for all devices and users in an organization.
- Consider upgrading VPNs to Zero Trust Network Access (ZTNA). Zero-trust technology not only provide access control to company’s resources, but it verifies the security posture of the device prior to granting access so that unsecured devices are blocked from sensitive applications or data.
- Educate end-users with security awareness training. Acts as the last line of defense. Educated users will not click on malicious websites or links but will instead report suspicious links to IT to ensure the threats are removed from the system to prevent damage.
The cyberthreat landscape is at its worst and despite the preventive measures being used by companies, it’s inevitable that a security incident will occur. It is best to be prepared and to recover quickly when it does occur.
Barracuda MSP has been helping MSPs for over 15 years with remote monitoring and management, security, and data protection solutions. To learn more, please visit our website at www.barracudamsp.com.
Photo: eakasarn / Shutterstock