Just like your home, your cybersecurity practices could use a spring-cleaning. It’s a great time to “dust off” you and your customers’ devices and data to ensure best practices are followed. Afterall, there is no greater mess than trying to clean up the damage of a ransomware attack.
While many ransomware incidents are high-profile, most attacks are against small and midsized businesses where business disruptions and ransom payments can be significant enough to bankrupt victims.
The first ransomware attack happened in 1989 when a disgruntled scientist sent out a trojan on floppy discs to lock up data on computers used by AIDS researchers. Things have steadily gotten worse in recent decades.
According to a recent Barracuda survey, 73 percent of respondents had experienced a ransomware attack. Of those, 63 percent were hit more than once because they had failed to take the necessary steps to close the security gaps that allowed the first attack. Attack frequency is also increasing, with ransomware incidents more than doubling in some industries between 2022 and 2023. Many of these attacks are against healthcare organizations, municipalities, school systems, utilities, and other companies that, while not large, may be more likely to pay a ransom because of how critical their systems are.
So, what can MSPs do to help protect their clients from these expensive, disruptive attacks? Unfortunately, there is no silver bullet. Guarding against ransomware requires diligence and a multilayered security approach.
Mitigating attack damage from ransomware
At the heart of nearly all successful ransomware attacks is human error, which accounts for more than 80 percent of these incidents, according to several surveys. When unaware employees fall victim to well-constructed social engineering attacks, attackers can quickly steal credentials and gain access to sensitive systems.
While you cannot eliminate human error, you can mitigate the severity of these attacks by educating clients and their employees about essential cybersecurity hygiene, best password management practices, and how to spot and report phishing emails. Companies also need proactive monitoring and threat detection through regular security assessments and establishing a 24/7 security operations center (SOC) that can identify emerging threats and respond quickly.
Setting up a SOC is expensive but mandatory to protect against ransomware. Fortunately, outsourced SOC options are now available that can help MSPs provide these critical services to clients without incurring prohibitive costs. This type of monitoring can help mitigate the damage of these attacks through early detection. In many cases, the threat actors in these attacks are active on the network for as long as 180 days before anyone notices.
Back to the basics
There are several best practices that MSPs can help their clients deploy to provide comprehensive protection against ransomware:
- Asset inventory: Cataloging all hardware, software, and cloud assets in an organization to establish a robust security infrastructure. This foundational step helps in designing concentric rings of security, creating multiple defense layers to safeguard critical assets. A well-maintained asset inventory enhances incident response, ensures compliance, and optimizes resource allocation for better operational efficiency.
- Establish endpoint protection with 24/7 monitoring. Modern endpoint solutions look at behavior at the endpoint, which provides good first-layer protection.
- Update security patches. Unpatched systems can provide easy access to cybercriminals. Clients need to understand their assets and what needs to be protected. Automated patch management solutions can help keep the entire environment up to date.
- Block malicious IP addresses. Using geo-blocking and other restrictions can help harden systems against attack.
- Maintain a strong password policy. This requires balancing security with user convenience, but regular password updates can mitigate many attacks. Stolen credentials are worthless if they regularly change.
- Multi Factor Authentication: MFA is a security mechanism that requires users to provide two or more forms of identity verification before granting access to a system. These factors can include something you know like a password, something you have like a smartphone or security token, and something you are like a fingerprint or other biometric data. By requiring multiple forms of identification, MFA significantly enhances security by making it more difficult for attackers to gain unauthorized access, even if they manage to compromise one of the authentication factors.
- Provide security awareness training. Many options are available for running simulated attacks and measuring employee responses. Barracuda, for example, provides a managed security awareness training service and simulation tools. Staff need to be aware of how to spot a malicious email, and there should be clear policies around credentials, payment and invoicing processes, and other activities so that social engineering attacks are less likely to succeed.
- Establish a data protection strategy. This means offering a solid backup solution and ensuring the backup is secure and everyone understands how restoration processes will work in the event of an attack. Clients should have an incident response plan and regularly run drills to test it.
- Least privilege: Providing individuals or systems with the minimal levels of access or permissions needed to accomplish their tasks. This proactive measure minimizes potential damage in the event of a security breach, as malicious actors or processes are limited in what they can access. Implementation requires a thorough analysis of what access rights are necessary for each user or system component. Regular reviews and adjustments also help maintain a tight security posture.
Get a head start on spring-cleaning now
Good cyber hygiene can help prevent your customers from becoming a cyber victim. By delivering a multilayered managed security service offering, MSPs will have a competitive advantage as the ransomware problem continues to grow. Get a head start on your spring-cleaning, download Barracuda MSP’s Conversational Managed Security Services for MSPs eBook to learn how.
This post was originally published at ChannelBuzz.
Photo: Maglara / Shutterstock
these are great reminders, we get bogged down with the day to day stuff and gloss over the basics, for me least privileges as someone takes on a new role, most times people for get to change the current to new access.
Great reminder about vigilance. I would add one key task to Spring Cleaning – reconcile inactive users (and devices) and remove them.
Very good, we should all aim to do this more often, at least once a year. Not necessarily in the spring, but when it’s most convenient for the customers, depending on their periodic workload. Changing passwords, deleting inactive accounts, checking MFA, etc. all help to keep the bad boys out.
Some things don’t change, great to bring this back to top of mind.
Provide security awareness training
This has been a key subject with our clients this year, and is often mentioned on cyber security insurance forms we’re filling out on behalf of our customers. Glad to see owners taking initiative and protecting/educating their users on these types of risks.
Great reminders on things we should do to help our clients.
Great reminders and spot-on recommendations from the other comments.
Thanks for this article. I would add : reduce your attack surface by removing/disabling anything that is not used; and schedule the availability of what is not regularly used
Great information, it brings to light the need to check the security of your systems.
All things that should be on the checklist.
Excellent tips and reminders! Thank you for sharing!
Helpful annual reminder!