Businesses are now inherently digital. They’re implementing more systems and using more applications to manage their day-to-day operations, share critical information and complete vital tasks. As they use different devices, back-end systems and applications, they generate and exchange a surplus of data.
But all of these different data sources also present risk: They have potential vulnerabilities that make businesses easy targets for cybercriminals and ransomware (opens in new tab). In the first quarter of 2017, reports of mobile ransomware (opens in new tab) increased 250% over the same quarter in 2016, according to the security firm Kaspersky. Global damage costs from ransomware are expected to top $5 billion in 2017, up from just $325 million in 2015 according to Cybersecurity Ventures (opens in new tab)
IT service providers (ITSPs) are on the forefront of protecting their clients, their proprietary data, as well as financial and client information. The increasing number of employees working remotely and on-the-go has also created risk for your clients. By 2020, remote workers (opens in new tab) will account for 72% of the U.S. workforce, according to an International Data Corp. forecast.
Among ITSP clients, data security is the No. 1 priority (opens in new tab), according to the Autotask Metrics That Matter 2017 ITSP survey, cited by 44 percent of respondents. In the past several years, the percentage of revenue ITSPs derive from security has skyrocketed from 6 percent in 2013 to 44 percent currently.
Workers who are exchanging critical business data using smartphones, tablets and personal laptops are especially vulnerable to cybercriminals. Employees can easily download malicious applications that will infect their devices and hold data hostage. ITSPs need to ensure their clients (and their data) are protected every step of the way. Most of all, they need to have the processes in place to successfully restore data should an attack occur.
A best-in-class approach to tackling ransomware includes:
- Anti-virus and network monitoring
- Backup and disaster recovery
- Endpoint backup
- Secure file sync and share
- Education and awareness
New Cyber Threats Pose New Security Realities
When thinking about cybersecurity, it’s not just about if a business will be attacked, it’s about when a business will be attacked. Infection methods have become more sophisticated, and phishing scams look more realistic than ever. Two of the more recent ransomware attacks serve as valuable evidence.
In May 2017, a phishing scam posed as a Google Docs (opens in new tab) request. When people clicked a link within the email, the hacker was able to access all their emails and contacts, as well as send and delete emails within accounts. The attack compromised more than one million Gmail accounts.
PayPal accounts (opens in new tab) were also targeted with a highly sophisticated phishing scam that asked people to take a selfie while holding credit cards and a form of identification. Why were these attacks so successful? Because people immediately trusted the emails they received. By leveraging the logos and powerful brand recognition that Google and PayPal have, the creators of these attacks were able to catch people off guard and, in turn, infect more devices.
But perhaps the most destructive ransomware that we have seen this year is WannaCry, which has worm-like capabilities. While most ransomware typically limits infection to the device that clicked and installed it, malware like WannaCry can spread across a network and replicate itself onto other devices. Once WannaCry infects a device, it finds and encrypts files, displays a “ransom note” and demands bitcoin payment from infected users.
In the first few days after the WannaCry virus was widely reported (opens in new tab), it had spread to 150 countries, impacting 10,000 organisations, 200,000 individuals and 400,000 machines (opens in new tab). A few days later, a new variant of WannaCry emerged, infecting 3,600 computers an hour (opens in new tab).
These occurrences reaffirm that cybercriminals are more clever than ever, their targets are larger and their attack methods are more aggressive. IT service providers need to be prepared to help their clients should ransomware infect their devices and, most of all, ITSPs must be equipped to minimise or prevent critical business data from being stolen.
How to Prepare your Clients
Much like biological viruses, there are many ransomware threats circulating the web. Some are well-known, while some are new and others are not yet known. With each occurrence, the sophistication of these viruses is increasing in a multitude of ways, including how they spread and encrypt data.
What this means for ITSPs is that there is no single-prong approach for protecting clients—or their business—from ransomware. Being able to mitigate or prevent attacks is to have an agile, multi-layered approach that can adapt as new and increasingly hostile threats emerge. A best-in-class approach consists of six layers:
Patching. The most basic layer of protection is to monitor and patch all computers and applications as soon as patches are released. The latest patches can close all known OS security vulnerabilities. Patching provides the most basic layer of protection to operating systems, especially once a security flaw is uncovered. When clients have the latest patches, they can ensure their operating systems are running at peak performance and that all system vulnerabilities are addressed.
Anti-virus and network monitoring. People are being targeted through more sources than ever—email, ad networks, mobile applications and devices. Anti-virus and network monitoring examines all files and traffic, filtering them against all known threats. Keeping virus definition files current is critical to ensuring these systems are running at peak performance.
Backup and disaster recovery. There is sometimes a gap between when a threat is first introduced and when a vendor is notified and develops a remedy. Making a full-system backup protects back-office systems when an attack occurs and provides a recovery option for unknown threats and even the most catastrophic failures.
Endpoint backup. Although there’s a layer of protection on back-office systems, backup and recovery of data for these devices are still needed. These devices create, share and store business data, and if a cybercriminal captures this proprietary and sensitive information, it can have a significant impact on business productivity and profitability. Enabling real-time data backup on these endpoints can prevent business-critical information from being compromised.
Secure file sync and share. Allow employees to collaborate securely from any location and using any device—even their smartphones and tablets. Grant access and editing controls for specific documents, such as Word documents, Excel spreadsheets and PowerPoint presentations, and allow employees to recover documents that are maliciously or accidentally deleted.
Education and awareness. IT service providers must educate clients and their employees about cybersecurity risks, new ransomware strains and best practices for spotting phishing attempts, suspicious emails and other security risks. Empowering them to be proactive and encouraging them to report questionable content using rewards and incentives will help increase awareness and decrease overall risk.
Although larger companies are more attractive to cybercriminals, no company is safe. The issue of data security and the potential for ransomware and other types of cyberattacks should be top of mind for all ITSPs.
Mark Banfield, Senior Vice President & General Manager International at Autotask (opens in new tab)
Image Credit: Carlos Amarillo / Shutterstock