Managed services providers (MSPs) are facing increased cyber security concerns in two areas. First, when selling cyber security, there are increasing threats to their customers. Second, the emerging cyber security threats the MSPs are facing against their own systems are keeping them up at night.
The Threats You Need to Know About When Selling Cyber Security
As an MSP, you need to know about the trends in cyber threats to help you do the best job of protecting your customers when selling cyber security. The statistics regarding cyber security will give you an idea of what your customers are facing. CSO Online1 and Comparitech2 gathered a variety of statistics to describe the state of cyber security. Here are some of their key findings.
Attacks Are Increasing
It’s no secret that cyber attacks are increasing, with hackers mounting one attack every 39 seconds. And, in 2019, a U.S. survey indicated that 82.6% of the participants were victims of at least one successful attack.
Attacks Frequently Start With Human Error
You and your customers need to take employee training very seriously. Protecting systems isn’t just the responsibility of the IT department. Human error and inattention to detail are big factors in how hackers are breaching systems.
- 94% of malware gets into networks and systems by being delivered in an email.
- Phishing attacks, where the email looks like it comes from a trusted source, make up more than 80% of security incidents.
- Vulnerabilities where patches are available but not applied account for 60% of data breaches.
Ransomware Is Still a Popular Type of Attack
The number of ransomware attacks had been decreasing, but there were nearly 200 million of them in the first nine months of 2020, which represented a large increase over 2019. Almost half of those infected end up paying the ransom, which cost U.S. companies over $7.5 billion in 2019.
To make things even worse, the average downtime rose from 12.1 days in Q3 2019 to 19 days in Q3 of 2020. This points out the critical need for business continuity plans in addition to disaster recovery plans.
Malware Trends Show Bad News for Businesses
Kaspersky has identified 24,610,128 unique malware infections in 2019, which was a 14% increase over 2018. Hackers are also getting smarter about picking their targets. Malware attacks against consumers dropped, but business threats increased by 13%.
Costs of Cyber Attacks Are Rising
Malware attacks are surprisingly the most expensive, since one attack can cost up to $2.6 million. Ransomware attacks only cost $646,000 on average. While some ransomware hackers ask for relatively small amounts, in the case of the Broward County School System,3 that wasn’t the case. Their ransom was set at $40 million. While they tried to convince the hackers that their public school system didn’t have that much money, the hackers were unmoved.
It’s no wonder that CIO.com’s State of the CIO study found that 34% of CIOs see security and risk management as the number one priority for IT spending.
Emerging Cyber Security Threats for MSPs
MSPs are attractive targets for cyber criminals. Once a hacker has gained access to an MSP, it’s a quick jump to the MSP’s customer data. As mentioned before, hackers are looking for targets with the most potential, and MSPs are the next logical target.
In June of last year, the Secret Service issued a security alert4 based on the work of their investigations team, the Global Investigations Operations Center (GIOC). They wanted MSPs to know that the number of cyber attacks on MSPs was growing, especially due to the remote administration tools MSPs use. MSPs must be mindful of this threat to protect themselves as well as their customers.
The problem is complicated by the fact that many SMEs use MSP services, and those smaller companies don’t always have the budget to maintain a sophisticated security program. MSPs need to provide streamlined cyber security solutions to help their customers protect themselves to the greatest extent possible. There are also a range of security options that you can recommend to your customers that aren’t investment intensive:
- Use multi-factor authentication for remote logins
- Restrict administrative access for those logging in remotely
- Give the least amount of privilege as a standard for accounts
- Conduct cyber training and education programs for employees on a regular basis
- Take advantage of outside expertise by using tools like the NIST Cybersecurity Framework5 to move toward best practices for managing risk
As an MSP, there are also things you can do to manage risk:
- Talk to your customers and work to understand their business and where they may have unique vulnerabilities
- Keep your remote administration tools up to date and apply patches quickly
- Create a solid response plan to allow for rapid response to threats
Partnering With UniVoIP Can Help
UniVoIP is proud to be the only cloud communications provider that guarantees that your customers will be satisfied with their communications system. With UniVoIP, you can provide your customers with affordable services that meet their needs and white glove service levels. Learn more about our channel partner program, or contact us for more information.
Sources:
- https://www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-statistics.html
- https://www.comparitech.com/vpn/cybersecurity-cyber-crime-statistics-facts-trends/
- https://abcnews.go.com/US/wireStory/large-florida-school-district-hit-ransomware-attack-76818911
- https://assets.documentcloud.org/documents/6980788/US-Secret-Service-PIN-on-MSP-attacks.pdf
- https://www.nist.gov/cyberframework