{"id":43686,"date":"2020-09-03T14:34:39","date_gmt":"2020-09-03T10:34:39","guid":{"rendered":"https:\/\/www.msp360.com\/resources\/?p=43686"},"modified":"2023-03-20T15:31:53","modified_gmt":"2023-03-20T11:31:53","slug":"every-month-is-cybersecurity-awareness-month","status":"publish","type":"post","link":"https:\/\/www.msp360.com\/resources\/blog\/every-month-is-cybersecurity-awareness-month\/","title":{"rendered":"Every Month Is Cybersecurity Awareness Month"},"content":{"rendered":"

October is known as National Cybersecurity Month in the US. Due to the accelerated growth of cybersecurity risks, this sounds appropriate for end or home users but, at the same time, the situation is equally dangerous for any knowledgeable managed IT provider.<\/p>\n

The malefactors have turned their attention not only to companies but also to MSPs. So it is obvious that September should also be known and publicized as Cybersecurity Month -- as well as, quite frankly, any other month of any upcoming year.<\/p>\n

In this article, we will provide some statistics about the latest cybersecurity incidents and risks, and define what you should do to protect both yourself, as an MSP, and your clients.<\/p>\n

Cybersecurity Statistics<\/h2>\n

Ransomware Hits 51% of All Companies<\/h3>\n

According to Sophos<\/a>, 51% of companies were hit by ransomware during the last year, 73% of these attacks being successful. According to Sophos, that 51% is a slight decrease compared to 54% the previous year; but it\u2019s still huge.<\/p>\n

It's all about people.<\/strong> According to IBM, user error is the cause of 95% of cybersecurity breaches. That figure is doubled in the report of the National Centre for Cyber Security<\/a>, which states that 45% of users are reusing their email passwords on other services. (And, the worst fact of all is that \u201c123456<\/strong>\u201d is the most popular password in the world.)<\/p>\n

Further reading<\/span> 17 MSP Statistics to Show the Value of Managed Services<\/a><\/p>\n

Lack of Backups<\/h3>\n

It seems a bit weird to be talking about the necessity for backups in 2020, and yet, 75% of small businesses have no disaster recovery plan<\/a> in place.<\/p>\n

The Obvious Help of Backups<\/h3>\n

According to the same report, 96% of companies with a trusted backup and disaster recovery plan were able to successfully recover after ransomware attacks<\/a>.<\/p>\n

Further reading<\/span> Using Backup to Elevate a Cybersecurity Offering to a Cyber Resilience Offering<\/a><\/p>\n

MSPs Under Attack<\/h3>\n

The US Secret Service released a note in 2019 for public and governmental organizations that MSPs are now the prime target for cybercriminals. While there are no solid statistics on successful attacks on MSPs, there is the recent law in Louisiana<\/a> obliging MSPs to register with the state, the order to register each public or governmental data breach that happens under managed IT surveillance. Also, if you imagine that ransomware is basically about paying half a Bitcoin for your data, you are in for a surprise. In June 2019, an MSP paid a hacker more than $150,000<\/a> to recover data after a ransomware attack. Learn how to to respond to cyberattacks on your business<\/a> in our article.<\/p>\n

Further reading<\/span> Takeaways From 2019 Ransomware Attacks on MSPs<\/a><\/p>\n

\n
\n
The MSP\u2019s Response Guide to a Ransomware Attack [PDF]<\/div>\n<\/div>\n
\n

\"CTA\"<\/a><\/span><\/span><\/p>\n<\/div>\n<\/div>\n

Securing Your MSP: Best Practices<\/h2>\n

Managed IT providers are a really enticing target for malefactors. They basically own keys from their clients\u2019 tens and hundreds of IT infrastructures. In 2019, according to Huntress Labs<\/a>, in the US alone there were at least 63 successful reported MSP attacks which resulted in ransomware in their clients' networks.<\/p>\n

On the other hand, there is a second, more discreet attack vector. In the same 2019, ConnectWise reported<\/a> that, due to an exploit in their massively popular RMM, hackers were able to spread crypto lockers across end-users.<\/p>\n

All that resolves to a single conclusion. Before securing your clients, you, as an MSP, should perform an IT security audit<\/a>, find all pain points, and eliminate all possible attack vectors.<\/p>\n

The single best practice is to perform a security audit on a monthly basis. It should be based upon a checklist of your software and hardware solutions. All changes during the previous months should be carefully noted. Here are some cybersecurity basics to include in your list:<\/p>\n

Manage Passwords<\/h3>\n