Founder, BeforeCrypt Ltd – A Leading Ransomware Expert In Europe.
The Kaseya ransomware attack is one of the most famous examples of ransomware hackers targeting a managed service provider (MSP). Between 800 to 1,500 Kaseya clients were affected, causing a total shutdown of a supermarket chain in Sweden. The gang demanded a $70 million ransom in exchange for a decryptor.
In the case of Kaseya, the U.S. government intervened. President Joe Biden called Vladimir Putin, warning him that if the Russian government didn’t take action against the hackers, the U.S. would. Four days of Russian inaction later, the U.S. took down the gang’s servers. Over a week after that, Kaseya clients announced they had received a decryptor from an anonymous third party.
Kaseya and its clients were fortunate that the U.S. government stepped in to save the day, but not every MSP targeted by ransomware is so lucky. I think that MSPs have a special responsibility to protect their clients, so they should look to have a higher level of vigilance against ransomware attacks.
This article will cover some of the most important ransomware mitigation strategies that MSPs can understand and implement.
Why Do Ransomware Hackers Target MSPs?
MSPs aren’t just responsible for their own cybersecurity but also for hundreds and sometimes thousands of other organizations. This responsibility means that they need both a higher level of cybersecurity than most organizations and special security features that protect their clients.
An MSP can represent a gateway for hackers to gain access to the networks of multiple companies at the same time. This is why multiple government agencies, including the CIA, FBI, NSA and others, warned MSPs worldwide that ransomware hackers are specifically targeting them.
So what measures do MSPs need to take to prevent and mitigate ransomware attacks?
Best Ransomware Mitigation Strategies For MSPs
Many cybersecurity measures are general to all organizations, but there are some areas in which MSPs need to give extra attention.
1. Ransomware Planning
With ransomware, it’s very important to hope for the best but plan for the worst. The first step of a good ransomware response is to have a good plan in place.
Ransomware attacks can be extremely high stress, so having a well-rehearsed plan in place can save a lot of time and confusion and sometimes greatly reduce the damage hackers can do.
When it comes to designing a response plan, MSPs need to keep in mind how they manage communications with clients. Clients may need to know about a breach as quickly as possible to take their own security measures.
2. Ransomware Incident Response Services
Especially for smaller MSPs that don’t have the budget for a large in-house cybersecurity staff, it can make sense to outsource many cybersecurity functions. Ransomware incident response is no exception.
Contracting ransomware incident response and forensic team on a subscription basis means having a team of experts standing by to help deal with every aspect of a ransomware attack—from stopping ransomware from spreading in a network once detected to ensuring that you comply with all relevant laws and regulations and, if necessary, communicating with the attackers.
3. Cybersecurity Awareness Training
A big proportion of high-profile ransomware attacks involve some kind of phishing or social engineering. A good defense against this is phishing awareness training, which helps employees to learn the latest tricks used by hackers.
MSPs, specifically, need to consider that phishing attacks may come from hackers pretending to be clients.
4. Multi-Factor Authentication
I find that multifactor authentication (MFA) is a must for ransomware protection; you can never guarantee that login credentials won’t be compromised. When it comes to MSPs, make sure that MFA is implemented both for in-house and client-facing infrastructure.
5. Robust Backup Policy
A good backup strategy is key to mitigating ransomware. A significant part of the power of ransomware hackers is their ability to shut down an organization’s workflow, but secure backups can prevent this from happening.
Following the 3-2-1 principle (three copies of your data kept on two distinct media with one copy off-site), using air-gapped backups and a sound data retention policy are all good practices. It’s worth spending the time to find the sweet spot between security and convenience.
MSPs also need to make sure they have streamlined procedures in place to help clients recover data and get back to work in the event of a ransomware attack.
6. Partitioning Client Data
It’s important that MSPs structure their networks so that client data is compartmentalized. Data for different clients should be independently secured with their own unique encryption key to reduce the risk of attackers spreading through a network and accessing the data of multiple clients.
The Usual Suspects
As can be seen, all the regular cybersecurity guidelines are doubly important for MSPs— endpoint monitoring, the principle of least privilege and staying up to date with patches and updates.
The ransomware threat does not appear to be subsiding, so it can be worth investing in an aggressive and proactive anti-ransomware stance. Reputation is extremely important for the success of an MSP, so having a good record of protecting client data can be highly profitable in the long run.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
Read the full article here