Q&A

VARs, MSPs, Need To Help Clients Guard Against Spear Phishing, Ransomware Attacks

Christine Kern

By Christine Kern, contributing writer

Keeping your clients networks and data secure is a top priority, and there are a number of challenges to security that you need to help businesses guard against.  

In an interview with Business Solutions, David Haadsma, VP of business development for AVG Technologies explained one common tactic: “Looking at the data breaches that have affected some of the world’s largest companies over the past year there is a common method of attack that was used: spear phishing. There are different types of phishing attacks and this particular variant is a targeted email to an individual that uses personally identifiable information, which makes the email look and feel official and legitimate.”

“In the case of the Sony breach in the fall of 2014 analysis by security experts shows that a number of executives at Sony had been targeted with a spear phishing email that asked them to confirm their Apple ID.  Once passwords, personal data, and account details are known then cybercriminals can easily gain access to sensitive corporate and consumer data through social engineering or by installing malware,” Haadsma said.

He reminds VARs and managed services providers (MSPs) that they “are in a privileged position, holding access to data and management rights to their customers’ networks.” Haadsma said it’s important to take precautions against social engineering attacks including spear phishing. You can impose strict access policies that may include two-factor authentication necessary to gain access to sensitive customer systems.

Andrew Bagrin, founder and CEO of My Digital Shield (MDS), adds that VARs ad MSPs must stay up to data on news about ransomware. New strains of ransomware are constantly emerging, as cybercriminals become more sophisticated and targeted in their attacks. “Ransomware is a special kind of malware, such as CryptoLocker, CryptoWare, or CryptoWall, and it’s extremely annoying and disruptive. When a law firm, for example, gets hit with this malware, all of its files are locked up and inaccessible, causing productivity loss and missed deadlines. The firm may end up paying cybercriminals to recover its data unless it has a good backup system in place that will allow it to roll back to a pre-infected state,” Bagrin says.

He adds that the retail space is also particularly at risk. Customer credit card database breaches are a big threat to retail/hospitality businesses. If they succumb to this kind of attack, there’s a good chance they’re closing their doors.”