How can MSPs prepare for cybersecurity threats in 2021 and beyond?
2019 was the year that threat actors realized the havoc they could wreak by going after MSPs. 2020 was the year that many MSPs began learning how to hold their own. 2021 is still up for debate, but there’s no doubt about one thing: for MSPs and SMBs alike, cyber incidents are increasing across the board.
If you’re an MSP putting yourself in the shoes of a threat actor, you understand why you’re a prime target. You’re the gateway to the networks and hosts of the organizations you manage. Instead of targeting dozens of individual SMBs, threat actors can target one MSP and get access to dozens of SMBs in one fell swoop.
So, in a time like this, what’s an MSP to do? How can you prepare yourself for the threats you face in 2021 and the ones you’ll face beyond that? Understanding the situation around you is a good start. And as the saying by Winston Churchill goes, “Those that fail to learn from history are doomed to repeat it.”
How’d we get here? What happened in 2020?
For starters, Perch Security, a ConnectWise solution, released the 2021 MSP Threat Report – the second edition of its annual report that looks at the top MSP cybersecurity threats from the previous year.
In this cyber threat report, Perch came to a few conclusions from 2020:
- Buffalo jumps (that scenario above where threat actors go after MSPs to access SMBs) continued
- Data exfiltration became the norm
- Ransomware started moving to the cloud
But that’s not all that happened.
Looking beyond the findings of the 2021 MSP Threat Report
- Small- and mid-sized businesses haven’t been spared from cybercrimes
While we see large enterprises in the news for cybersecurity incidents, small- and mid-sized businesses aren’t spared from the danger. In fact, according to the 2021 Verizon DBIR, the gap in incidents between SMBs and large enterprises is closing, with nearly half of all incidents occurring to SMBs.
In its own cyber threat report, Perch found that nearly 73% of MSPs had at least one client involved in a cybersecurity incident in 2020. It also found that 59% of MSPs had a client incident that involved ransomware.
Those aren’t small numbers to balk at, and it shows the danger SMBs face going into the latter half of 2021 and into 2022.
So, what’s the takeaway here? No business is too small; no information is too “invaluable.” Companies of all sizes need to look at their security posture and see what can be done to avoid a data breach or ransomware attack.
- Employees were a risk
According to the 2021 Version DBIR, 85% of breaches involved the “human element.” 61% of breaches involved credential data. How did threat actors get access to the credentials? Phishing, most likely - 36% of breaches, according to Verizon’s dataset.
When threat actors have access to login credentials, it allows them to do significant damage. Some ways to better protect your clients against this kind of breach include the mandatory use of multi-factor authentication and a password manager. So, even if an employee makes a mistake, there are redundancies to help prevent a breach.
Another equally important way is through education. Cybersecurity tools can only do so much to protect your organization. At the end of the day, employees need to be educated on cybersecurity.
That said, it should start from the top. Leadership needs to understand the value their organization’s data has to a threat actor and emphasize this to their employees. For MSPs, this means evaluating both your security posture and then that of your clients. You must be able to secure your own house before attempting to secure others. Using a tool like Fortify Assessment can help you build a plan of action.
Ultimately, if there is a will, there is a way. Cybercriminals are notorious for being sneaky, trying every trick in the book to get your data. They’ve even resorted to using one attack to phish for another, by leveraging the Colonial Pipeline attack to entice users to install malicious software. This is one reason many organizations adopt an “assume breach mentality.”
- The cloud was a key factor
Speaking of employees, 2020 saw many of them working from home. We don’t need to go into the details as to why (we’ve heard it enough), but with the move came significant risks. Companies needed to act quickly to provide their employees the tools they needed to continue working. With the swift move to remote work, many standard infosec procedures weren’t followed.
However, securing the cloud is quite a bit different than securing a physical location. And criminals were ready to take advantage. A prime example? We saw Zoom, one of the most popular pieces of software for the past year, get hacked.
When it comes to MSP cybersecurity, MSPs also realized that traditional antivirus software and firewalls weren’t going to be enough. Remote work means needing endpoint detection and response, dark web monitoring, password policies, multi-factor authentication, mobile device security, and more.
Where MSPs should go from here
Going into the second half of 2021, what should be top-of-mind for MSP cybersecurity?
- MSPs and their clients need to embrace the fact that their data is at risk. No matter a company’s size, their data is valuable.
- MSPs need to assess not just the security posture of their clients but also themselves. Fortify Assessment is a great place to start.
- MSPs should put a plan together for their clients to help them improve their security posture for 2021 and beyond.
- MSPs need to make sure any temporary changes to accommodate a remote workforce are made permanently secure. According to the cyber threat report from Perch, MSPs should also evaluate each security solution in use to understand how users working from home impact its operation.
If you haven’t already, check out the 2021 MSP Threat Report webinar and download a copy of the report. Inside, you’ll get an even more in-depth look at everything that happened in 2020, plus my top 3 predictions for 2021 (like whether or not regulation is coming for MSPs).