Over the past year, businesses and individuals have been ravaged by cyberattacks that have impacted their ability to operate, have put personal data at risk or threatened their access to critical resources or supply chains.
Many of these attacks made headline news around the United States and the world. The Colonial Pipeline attack, for instance, affected businesses and individuals alike, as it shut down fuel to a significant portion of the East Coast of the United States. Other significant attacks, such as a data breach at T-Mobile, exposed the personal information of more than 50 million people, or threatened food supplies, connectivity access, essential utilities, personal data, and other critical items.
As a whole, cyberattacks such as these are estimated to have cost businesses worldwide more than $6 trillion in 2021, up from around half that sum in 2015. Ransomware, in particular, saw a rise in its negative effect on businesses during the year, with reports that costs to businesses reached $20 billion in 2021, up from $5 billion in 2017.
The attacks have gotten so bad that one recent survey of more than 1,500 IT security decision makers found that more than 60 percent said attacks, specifically ransomware, have reached the same threat level as terrorism when it comes to impact and overall risk. Some common characteristics in this regard are the extreme damage potential, their indiscriminate nature and even the potential for national security risk.
They aren’t alone. Even the US Department of Justice said in June 2021 that it would give ransomware attacks a similar priority to terrorism following the Colonial Pipeline attack. The guidance around the change reportedly called for more sharing of case details, centralized notifications, as well as taking a broader look at how those investigations tie in to the broader cybercrime ecosystem.
These attacks, especially when compared to the risk terrorist attacks pose, are affecting businesses in every size and industry. For managed service providers (MSPs) that support these businesses, that means that their role is more important than ever before. In particular, MSPs play a critical role in helping their clients evaluate their existing strategies and technologies to ensure they are ready to meet the current level of risk, as well as any new risk they may face in the future as threats continue to rise.
Further reading One Ransomware Gang Down, More to Go: Now Is Not the Time to Be Complacent
More aware, but are we more prepared?
There’s no question that the attacks of 2021 have made every business leader and individual aware of the impact cyberattacks can have — whether they experienced one themselves or saw it on the news. Yet, are they more prepared when it comes to the technology they have in place to defend against these types of attacks? The reviews are mixed.
Of the same group of 1,500 IT security decision makers, less than one-third said they felt they had the necessary basic security controls to break the ransomware kill chain. That said, 77 percent said they felt the tools they had in place could protect them from ransomware attacks. While the latter statistic is encouraging, there is still clearly some progress to be made.
MSPs can play a critical role in helping a company evaluate where their business stands on this spectrum. Once a risk evaluation has been done, they can then help the business and IT leaders chart a course to further mitigate any risk they might face. This can include ensuring they’re leveraging modern security tools to break the ransomware kill chain earlier in the cycle, as well as those that are built into the security and development processes.
Additionally, MSPs can support with the adoption of new security tools, ongoing monitoring, backup and disaster recovery, cybersecurity training, incident response plans, and more.
Further reading Will Ransomware Drive Innovation in 2024?
When ransomware attacks — now what?
When it comes to ransomware attacks, more organizations have experienced it than you might think. For instance, more than 67 percent of the IT security leaders at organizations with more than 500 employees and 80 percent of IT security leaders at organizations with 3,000-4,999 employees surveyed said their organization had experienced a ransomware attack in the last 12 months.
For that reason, it’s important for MSPs to consider how their organizations can help their customers in the unfortunate event of an attack. What’s more, they should also prepare their customers for how they should respond, including establishing incident response protocols and coaching them on important steps before an attack even occurs. This preparation can also include making sure proper backup and disaster recovery solutions are in place.
One important question that many have to consider when it comes to ransomware is: Do you pay? The answers to this question are mixed. The same survey of IT security decision makers found 37 percent would pay the ransom, while 22 percent said they felt it would be “morally wrong.” Of those who were already attacked, 17 percent admitted they had paid the ransom in that case. The government still discourages paying ransoms to attackers, and even could move to require companies to publicly report payments within 48 hours, if they are made.
The critical roles of MSPs
As already mentioned, MSPs have a critical role to play in helping their customers combat this rising ransomware threat — especially as it potentially escalates in severity to the same level as terrorism. To start with, an MSP should do a thorough risk evaluation to understand how mature their client is on preventing cyberattacks, especially ransomware.
From there, an MSP can help the client implement basic cybersecurity protections such as antivirus, continuous monitoring, and other technologies and services. Additionally, since much of the ransomware still enters the organization through phishing, they can help their clients implement software to identify potentially malicious emails, as well as offer training to help employees know how to spot emails that could put the organization at risk.
Further reading End-User Training Guide for MSPs
An MSP can also implement further proactive steps that can help a customer better recover from an attack, in the event one does occur. This can include establishing secure backup and disaster recovery systems that a customer can use to recover quickly. It’s important that this backup is kept separate from the customer’s working environment to ensure it can’t be compromised by any attack entering the organization.
Further reading How to Stay Safe from Ransomware with MSP360
Additionally, an MSP can help the customer incorporate this backup as part of an overall incident response strategy and practice it regularly, similar to how the client might also hold fire drills to ensure a smooth response in the event of a building fire.
Each of these areas presents an opportunity for an MSP to show themselves as a true trusted advisor to their customers, as well as potentially expand the revenue they get from their customers through necessary technologies and services. It’s an unfortunate reality that ransomware is likely not going anywhere anytime soon. In fact, many have predicted that it will only get worse in the years to come, further surpassing other threats that we see targeting organizations.
With that in mind, MSPs have a responsibility to help their customers navigate these difficult waters and better prepare themselves to limit any risk they might face.
- Cloud and local backups protection
- Backup and recovery operations
- How to use backup software to centralize backup operations
About the author
Kurt Abrahams is the Vice President of Marketing at MSP360 with expertise in technology marketing, cybersecurity and AI based technology.