Every successful high-profile ransomware attack that winds up gaining a lot of mainstream media coverage is generally good for managed service providers (MSPs) that specialize in helping organizations recover from such attacks. In the last few days, coverage of ransomware by mainstream media organizations has reached a new height, in the wake of coordinated ransomware attacks against 23 local government agencies in Texas.

What makes these attacks especially troubling is they appear to be part of a growing number of ransomware attacks that are being targeted at businesses. A recent report notes that there has been a 363 percent increase in ransomware attacks targeted at businesses. The state in the U.S. where those attacks are occurring most frequently is Texas. Whether these latest attacks in Texas are part of some larger nefarious cybersecurity conspiracy or a simple coincidence remains to be seen.

It’s almost impossible to prevent a ransomware attack

Ransomware today is not only embedded within documents that end users unwittingly open, it’s also embedded within ‘malvertising’ sites. More troubling still, ransomware is now often the payload being included in a blended attack that starts with a variant of a Trojan being embedded on to a system that may not be activated for days or weeks. The best defense against these attacks is to have a robust data protection plan in place that makes it possible to recover pristine copies of data that was encrypted by the attackers.

The challenge MSPs face is making customers aware of the best way to combat ransomware without appearing crass or unseemly. It may be tempting to launch a massive marketing effort every time ransomware becomes a major news story. Most customers, however, are not going to respond well to a sales and marketing initiative that uses the misfortunes of others as a scare tactic aimed at getting them to implement preventative ransomware measures. Instead, MSPs should focus their efforts on education-oriented marketing messages. After all, there are very few business and IT leaders that are not already aware of the ransomware attacks launched this past week in Texas.

What’s keeping business and IT leaders up at night is how to best go about protecting their organization from similar attacks within the confines of their available budget. Research published by Cybersecurity Ventures estimates the cost of ransomware will exceed $20 billion by 2021, up from an estimated $8 billion in costs incurred last year. It reportedly cost the city of Atlanta roughly $21 million to clean up after a ransomware infestation last year, while estimates for cleaning up a similar attack against Baltimore are now in the range of $18 million. Obviously, the cost of a data protection plan that would make those catastrophic attacks into something more akin to an annoyance is substantially less.

Protecting vulnerable customers

The challenge MSPs face is finding a way to have those conversations with customers before they become the next victim. The good news is there should be a lot more business and IT leaders that want to have a conversation about how to cost-effectively mitigate ransomware attacks. Frankly, business and IT leaders that are not receptive to that conversation about ransomware are going to be more trouble having as a customer than they are worth, in the long term. Rather than wasting their time trying to market recalcitrant customers into submission, savvy MSPs should focus their limited sales and marketing resources on the customers that show the most inclination to value their services. 

It’s unfortunate it takes attacks that inflict millions of dollars in damage to get customers to focus more on ransomware threats. The opportunity for MSPs now is to leverage that increased awareness in a way that comes across as being more dignified than crude.

Photo: thansak253700 / Shutterstock

Mike Vizard

Posted by Mike Vizard

Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike blogs about emerging cloud technology for Smarter MSP.

Leave a reply

Your email address will not be published. Required fields are marked *