It’s reported that hackers attack every 39 seconds, which averages 2,244 times a day. Based on this, you have either already been attacked, are being attacked right now, or you’re about to be attacked. If that’s not enough to get your attention, consider these statistics:
- 43% of breach victims are small businesses. (Verizon)
- Smaller organizations (1–250 employees) have the highest targeted malicious email rate at 1 in 323. (Symantec)
- Every day, around 230,000 malware samples are created by hackers. (Panda Security)
- Cyber-attacks are the primary reason for around 60% of small companies to go out of business. (Small Business Trends)
- Around 94% of targeted emails use malicious file attachments as the payload or infection source. 91% of cyberattacks begin with a “spear phishing” email. (KnowBe4)
- About 30% of phishing emails are opened by users, and 12% of those users click on the infected link or attachment. (Verizon)
- Only 5% of company folders are properly protected, on average. (Varonis)
- Financial and manufacturing services have the highest percent of exposed sensitive files at 21%. (Varonis)
- The average cost of a ransomware attack on businesses is $133,000. (SafeAtLast)
Clearly, both the frequency and severity of cyber-attacks are on the rise. Of particular concern is the increasing number of attacks directly targeted at Small to Medium Business (SMB) and Managed Service Providers (MSPs) and their customers. What is worse, the attackers often leverage MSPs own automation and remote-control tools to directly access and compromise their customers.
Security is a shared responsibility between vendors and partners, and it is imperative that partners also exercise best practices in securing their platforms, tools and devices to minimize risk to themselves and their customers.
In this article, I highlight some critical security practices that should be incorporated into your standard operating procedure (SOP) checklists. This list should not be considered comprehensive, but instead suggest mitigation for the risks and threat vectors seen most often.
Ensuring Password Security
Increasingly bad actors are leveraging network monitoring and key-logging software to observe their intended victims for some time, capturing critical administrative passwords and familiarizing themselves with the target environment ahead of their attacks. Due to the skilled and patient nature of these attacks, it is no longer enough to rely simply on strong passwords. Reusing a single password across multiple customers or environments is particularly dangerous, as once compromised, you are potentially exposing multiple customers.
A common vulnerability in all too many environments is the presence of default passwords left in place on firewalls, IPMI interfaces and other areas. Default passwords allow attackers to gain dangerous access and privileges within the network. Always make sure default passwords have been replaced to deny this avenue of attack against your systems.
Mitigating Ransomware and Data Destruction
By far the most common attacks involve the use of ransomware (e.g., CryptoLocker) software against your servers and workstations. Once encrypted, your data and systems are held hostage by a ransom demand, and paying the attackers provides no guarantee of recovery. In fact, even if payment results in the release of your systems, it is almost certain the attackers have left root kits, back doors, and even time bombs, so they can strike again in the future. Only a complete recovery of all compromised systems, from a backup prior to the intrusion, can truly guarantee your systems are no longer under control of the hackers.
Avoiding Exploits of RMM and Other Tools
Several high-profile attacks are accomplished by improperly gaining access to popular remote monitoring and management (RMM) tools, then exposing hundreds of servers and thousands of workstations across multiple customers, to simultaneously attack with the click of a mouse. Partners must secure such tools to keep malicious attackers from potentially destroying your customer data.
General Security Recommendations – Cyber Security Framework
The National Institute of Standards and Technology released a framework for improving your Critical Infrastructure Cybersecurity. The Framework uses business drivers to guide cybersecurity activities and consider cybersecurity risks as part of your organization’s risk management processes. The Framework offers a flexible way to address cybersecurity, including the effect cybersecurity has on physical, cyber and people dimensions. It is applicable to organizations relying on technology, whether their cybersecurity focus is primarily on information technology (IT), industrial control systems (ICS), cyber-physical systems (CPS), or connected devices more generally, including the Internet of Things (IoT).
Final Thoughts – Backup
In this escalating threat environment, backup should be your last line of defense against such attacks. Your ability to recover is dependent on the vendor you choose, their security framework, and their ability to recover your client’s data.
Work with a vendor that takes a multi-layer approach to mitigating these risks, while also applying best practices in its operations, including authentication, patching, secure software development, penetration testing, and overall corporate and network security.