By Eric Weast, ECW Network & IT Solutions
Ransomware attacks are only becoming more prevalent, more dangerous, and more costly. A recent report from SonicWALL finds that ransomware attacks increased 158% in North America last year. The FBI’s own annual internet Crime Report similarly found that year-over-year ransomware costs to businesses have increased by 200%.
For MSPs, the continued headlines are a particularly loud wake-up call: ransomware is an ever-growing danger to your clients (and yourself) that demands robust and strategic security protections. At the same time, the MSPs best positioned to thwart these rising attacks aren’t those that simply react to the current risk du jour, but those that take a well-planned, comprehensive, and non-negotiable tack to their managed security services. Offering a comprehensive security stack that fills all the potential gaps ransomware attackers may exploit – or by which devices and data may be compromised – is increasingly crucial to your success as an MSP.
Achieving this layered approach to security requires assembling a solution stack that covers the following: perimeter security, employee training, interior protection, and endpoint detection and response (EDR).
An antivirus firewall is a crucial block of any layered security stack. Firewall implementation is a naturally bumpy process, though, and no single firewall product available today can guarantee complete protection on its own. Select a firewall that best meets your specific use case and needs as an MSP. You also will want to enable application whitelisting (as a more effective alternative to blacklisting), which allows users to install a variety of approved applications while preventing installs of any that may be harmful. Be aware that attackers will thoroughly test all applications and plug-ins on your client's systems and take advantage of any security exploits available. Patch all software as part of your regular security regimen to deny attackers the opportunity to take advantage of new vulnerabilities.
Clients’ employees and their behaviors remain the greatest potential risk to the organizations you’re responsible for protecting. Full stop. Like the legendary vampires that must be invited in before they can do harm – but have mesmeric powers to fool their victims into doing so – ransomware organizations (and that’s what they are now) regularly infiltrate systems through tricky phishing and business email compromise attacks.
For MSPs, protecting clients with comprehensive security requires providing regular employee security training as-a-service. MSP-friendly solutions from companies like Breach Secure Now, KnowBe4, and others can do the heavy lifting on training and tracking individual employee progress recognizing and avoiding phishing emails, spearphishing attacks, suspicious ads, and links, etc. These products also can regularly test employees with realistic but benign email attacks to ensure the effectiveness of their training.
While a twisted and malicious form of encryption enables ransomware itself, encryption security measures are foundational to preventing data breaches and ensuring clients’ compliance with regulatory frameworks such as HIPAA. MSPs must be sure to select a solution that allows you to deploy and manage encryption seamlessly to protect every device capable of accessing a client’s sensitive data – including PCs and Macs, employee-owned mobile devices, and USB drives.
Daily data backups are an essential protection against ransomware, and effectively offer clients a “get out of jail free card” if ransomware takes hold. By ensuring that a client has a safe and server backup of all sensitive data, that data can be restored and ransom demands can be safely ignored. Take caution, however, to implement backups that secure data in an inaccessible server and be aware that ransomware attackers are often highly conscious of the danger that backups pose to their schemes. Relatedly, make sure you have a disaster recovery plan prepared for each of your clients to enact a swift recovery in the aftermath of an attack.
Endpoint Detection And Response (EDR)
Leveraging an EDR solution featuring flexible remote access controls, policies, and alerts valuably expands MSP abilities when it comes to responding to threat scenarios and providing comprehensive security. For example, your EDR could enable automated responses when a user reaches a set number of failed login attempts, first providing the user a warning dialog and then revoking access. An EDR should provide instant and automatic detection and mitigation in response to any attempts to disable security features as well, whether caused by attacks over the network or by users themselves.
To protect your clients with open work-from-home policies – which allow employees to access sensitive data from offices in their own homes, some modern EDRs offer geofencing-based security rules. As the MSP administrating the EDR, this technology allows you to set geofencing boundaries around the homes of each work-from-home employee, sending automatic warning alerts and then revoking data access if devices stray from those locations. Your EDR should also be able to revoke access and protect all client data on at-risk offline devices, enabling you to practice zero-trust policies (and restore data and access when appropriate). Vendors are continually advancing to meet MSPs’ evolving needs in these areas; for example, we use the Beachhead RiskResponder features on the BeachheadSecure for MSPs platform to command these capabilities.
Building a comprehensive security stack will not only ensure positive outcomes for your existing clients in the face of ransomware and other cyber-attacks but also will serve to differentiate your offering on the competitive landscape. Ransomware attacks will continue to rise. MSPs have the choice to ignore it at their peril or heed the call to address this threat and position themselves for far superior outcomes going forward.
About The Author
Eric Weast is the owner of, ECW Network & IT Solutions, a managed services provider headquartered in South Florida.