Small and midsize businesses are developing a growing appreciation for the necessity of cybersecurity measures to help protect them from cyber attacks. Both local and national media have increased coverage of breaches as cyber threats reach record numbers. The assumption that some businesses are too small to be targets has been disproven. Indeed, 43% of all data breaches involve small and midsize businesses.
Targeted businesses may experience attacks almost on a daily basis. When the attack is successful, a breach occurs, even if it’s not immediately detected. In fact, according to IBM, the average breach goes undetected for 220 days! For more than seven months, a cyber criminal sits quietly in the background of an infected system collecting data to either sell on the dark web or use in social engineering malicious activity.
Recent cyber attacks demonstrate that it is more than just data breaches of sensitive information businesses need to defend against – as if a breach was not bad enough. Sophisticated email phishing scams and ransomware attacks show just how vulnerable business operations can be when critical infrastructure computer systems are under attack and inaccessible.
Just as no size is immune to an attack, neither is any industry, as the recent attack on security software provider Kaseya and its managed services clients sadly demonstrated.
A Trickle-Down Cyber Attack
The Kaseya cyber attack is an example of a “supply chain” hack where cybercriminals target a trusted security software company or IT provider in order to infect their customers. The hackers find a way to breach network security and infect the trusted provider, which in turn, trickles down to infect their clients. The Kaseya attack first infiltrated the company’s remote management and monitoring software, which many managed services providers (MSPs) use to support their clients.
The attack on Kaseya infiltrated via a software vulnerability. This led the cyber criminals to Kaseya clients – MSPs. Those MSPs using the compromised Kaseya software inadvertently released ransomware to their clients, encrypting company data and holding it hostage until a ransom was paid.
According to cybersecurity firm Huntress, the Kaseya attack compromised about 30 MSPs. A single MSP can have dozens, if not hundreds, of clients. In this case, approximately 1,000 business customers of those compromised MSPs were hit with ransomware.
One of the biggest reasons businesses work with MSPs is to improve security and operational stability. Whether your IT (information technology) provider is a Kaseya client or not, this new threat through the IT supply chain may seem worrisome. The very IT experts you rely on are also targets. It is important to remember, however, they are also more equipped to both prevent, and respond to cyber threats and cybercrime.
Expertly Configured Advanced Security Tools
One of the most obvious ways an MSP improves a business’ cybersecurity protection is by leveraging the IT provider’s access to advanced security tools. A single small business of thirty people most likely does not have the resources, nor the knowledge, to deploy the advanced cyber defense security protection demanded by today’s cyber attacks.
A strong MSP will implement layered security tools including antivirus and anti-malware protection, intrusion detection, web filtering, crypto blocking, encryption, multi factor authentication, spear phishing protection, and spam filtering. Their engineers will expertly configure data access management, security software, firewall, and networking equipment to improve network defenses. In addition, most managed IT providers will incorporate 7x24 monitoring to provide instant breach notification alerts and better risk management.
Since MSPs work with many organizations, they can use that collective weight to gain access to tools, resources and cybersecurity professionals that the average small to midsize business cannot. In addition, they build strategic relationships with both hardware and software vendors to help clients get the right equipment at the best cost.
Documented Security Process
Even the best tools are not enough to guarantee protection from new and changing cyber threats. The way the tools are deployed and how they are integrated into the environment is key. This is where defined and documented security processes come into play.
A managed IT provider will utilize tools that allow for remote administration to keep clients’ systems up-to-date. They are also proactive in ensuring data integrity through documented access management, whether that be least privilege access or zero-trust policy.
Another benefit of working with an MSP is documented security policies. Daystar develops comprehensive written information security policies for its clients to guide the organization in access management, acceptable use, social media policies and more.
A great MSP will go further and guide its clients in preparing a business continuity plan, complete with data backup procedures, disaster recovery processes, and an incident response plan. They may also encourage you to seek out cyber liability insurance. Think of the complete package as a cyber resiliency plan. They work together to document how you will respond and recover from a security incident.
Security and Industry Expertise
Cyber risks are constantly changing and evolving. It is not possible for a business owner or manager to stay on top of everything. An MSP is comprised of a team of technologists who collectively provide expertise across various areas, like intrusion detection, access management, network configuration, and more. MSPs are constantly training and developing their staff to defend against the latest threats and risks, and adhere to developing regulations and compliance requirements.
You may notice yet a new acronym in the field of private sector outsourced IT providers, the MSSP. This stands for managed security services provider. An MSSP provides outsourced monitoring and management of security systems. Some MSPs have chosen to transform into full-blown MSSPs. Other MSPs decide the pieces of risk mitigation they will manage and then partner with a security provider to address more advanced security needs. The latter arrangement allows the MSP to address the technology needs of businesses with varying levels of risk tolerance more effectively.
More MSPs are providing cybersecurity training to clients. This enables businesses to educate staff and create a more cyber aware employee culture. At Daystar, we couple online cybersecurity training with ongoing phishing tests to help our clients become more equipped at identifying a compromised email. If an employee clicks on a link in a phishing test email, they are directed to more online security training. This helps educate the employee and creates a more cyber savvy workforce to protect against potential attacks.
Innate Security Philosophy
The very nature of an MSP relies on security, stability, and performance to be successful. MSPs manage their clients’ technology environments for a flat monthly fee in return for defined service parameters and outcomes. To accomplish this, MSPs work proactively to prevent problems before they turn into issues. Security is a main component of that. An unsecure network environment will not meet the service levels that managed services clients expect.
A successful MSP will create a service offering that promotes security to protect businesses from a data breach, ensure the integrity of data, and support performance stability.
The recent attack on Kaseya put a spotlight on how security vendors and IT support providers are targeted by cyber criminals. Still, MSPs have the expertise, resources, and ability to respond to attacks swiftly to mitigate the risk and severity.
Learn more about how Daystar’s managed IT services can help protect your data, secure your network, and reduce your risk by visiting our cybersecurity services.