The statistics regarding information security are alarming. PwC reported that in 2016, there was a 38% increase in information security incidents. There are few barriers to entry into cybercrime — costs are low and the level of technical knowledge required is less than you might think. And when a company does get hit, not only are there direct costs associated with restoring normal service, but there is often significant damage to the brand.
Small businesses are not immune — nearly a third of all cyberattacks target SMBs. If your clients haven’t been targeted, they are probably worried about it. Which means you as their managed service provider should also be worried about it. Throughout the month of January, we are going to explore what security means for MSPs in 2017.
A starting point is just being able to understand — and communicate to clients — what the different types of security risks are. Cybercrime is a field that moves quickly, and it can be difficult to keep up with the latest. Here are the major threats that your clients are going to be facing this year.
Ransomware is easy to obtain, and cybercriminals use it to lock a victim’s systems, demanding payment to release the system. Kaspersky estimates around 40% of victims pay to have their systems released, but they also estimate that damage to the brand is around 7.5 times the cost it takes to remove the ransomware. So it’s easy for cybercriminals, highly profitable, and creates substantial economic loss for victims.
58% of corporate PCs were hit with an attempted malware attack in 2015. There are different types of malware, with things like Trojans targeting money directly. The different types of malware and its easy availability for criminals mean that it will continue to be a threat. But because it often arrives via email, it is also one of the easier threats to defend against.
People still do it, because it still works. Companies often fall into the trap of thinking that their employees are too smart, or too well-trained, to fall for phishing attempts. And yet it continues to be an effective means of parting companies with their money.
Senior executives and those with access to valuable passwords, codes and information are usually the best targets. Being a VP doesn’t mean that you’re too smart to get sucked in by a phishing attempt — and criminals know it.
Denial of Service
A distributed denial of service (DDoS) attack is when a target system is overwhelmed by traffic, resulting in downtime. Downtime not only affects revenue directly, but weakens the brand as well, which is what makes this an effective technique. Companies are more than willing to pay to stop such an attack because their ability to do business is affected not just today but for the future as well.
Internal threats are the biggest single source of information loss for companies. Information is either not properly protected, or the people with the keys to protecting information fail in that task. An insider knows what information is valuable, and can exploit that.
There are steps that a company can do to defend against internal threats. And it’s not just malicious actors, either. An estimated 42% of confidential data loss comes from within the organization, and often the person is simply forwarding confidential materials unknowingly to a criminal, rather than committing deliberate sabotage.
So what does this mean for MSPs? Well, for one, it means opportunity. The next couple of posts in this series will talk about how much opportunity there is in security, and what that opportunity looks like. So check the IT Glue™ blog regularly or sign up for weekly updates.
At IT Glue we are committed to the principle that when our partners succeed, we succeed. So we want to do what we can to make your MSP the best possible. That means providing you with a constant flow of product upgrades and value-added services, a Knowledge Base over 150 articles strong, and an entire team committed to your success. Let’s take this journey together.