Cyber criminals have become increasingly more sophisticated in their methods and companies need to be further ahead of the curve to combat them than ever before.
That was the key message from Paul Colwell, CTO at Wavenet, who was presenting on the challenges faced by MSPs, ISPs and MSSPs when dealing with cybersecurity at this year's Channel Live at Birmingham’s NEC.
“Cybersecurity is a fast-paced industry that is changing all the time,” said Colwell. “The cyber criminals have adapted and can move so quickly through a network now, which is why you need to be able to see what’s happening at all times and respond both quickly and accordingly.”
A good starting point, said Colwell, is to determine if a customer's network and systems are secure. While many may say they are currently, they may be overlooking future threats that don't exist at present, he said.
New methods
Colwell said that cyber criminals have changed their attack vector from delivering malware via an email which someone clicks on and it delivers the payload into the network. Nowadays, he said the preferred method is that of access brokers getting in and stealing a person or company's credentials.
“Rather than delivering malware in, which is going to raise immediate flags, now they log in and act as a normal user,” said Colwell. “Once they have worked out the log in, they sell those credentials to a ransomware group that then use them to deliver ransomware to your business.”
Another key difference, said Colwell, is the speed of attack. Previously, he said that it would typically take 180 days for a cyber criminal to completely take over a network, but now, on average it's only 84 minutes from initial compromise for them to gain a foothold.
“The cyber criminals move much faster now,” said Colwell. “That’s why speed of response is critical.”
Colwell said that the three most common modes of attack were through passwords, phishing and patching. He said that despite multi-factor authentication being increasingly used to improve security, cyber criminals are still gaining access, either by tricking the user into giving them the code or by sending them messages requesting they enable them to log in.
“Phishing is another big problem,” said Colwell. “If customers ask me where they should spend what may be a limited budget, I always say, on protecting their users against phishing through the likes of advanced technologies to detect it, sandboxes or educating them how to identify it in the first place.
“Then there is patching. As cyber criminals will target a customer’s vulnerabilities, it’s key to ensure that you keep on top of patch management.”
Rise of ransomware
The overriding motivation behind ransomware attacks – the main form of cyberattack - said Colwell, is to extract money from the victim. But, in some cases, he said that it’s to steal intellectual property.
“Double extortion has become the standard now,” said Colwell. “It's not just the ransomware that blocks access to your computers and systems, but it’s the demand you pay for the release of that data.”
In the event of a breach, Colwell said that inevitably customers look for someone to blame and generally that’s their MSP. To mitigate against that, he said MSPs can sell security licences to their customers and overlay those on top of existing services such as managed firewall or patching solutions, thus increasing their level of protection and building a greater trust and relationship with them.
Colwell said that, while a breach is primarily an IT concern in the immediate aftermath of an incident, to get the company back up and running, it impacts the wider business too, from a legal and compliance perspective and a PR and customer response. That requires up-front planning so that every function knows exactly how to respond should the worst happen, he said.
“From an MSP's perspective, there are key steps you can take to protect your customer,” said Colwell. ”The main one is to protect their data at all costs by deploying multi-factor authentication everywhere as standard; to deliver patch management; to carry out regular penetration tests; and to create and put in place robust incident response and disaster recovery plans.”
Tim Swainson, channel account executive, MSP/CSP, at Sophos, who was also talking about cybersecurity as a service opportunity, said that to tackle the problem companies need to carry out a vulnerability assessment to determine the security they need in place. Added to that, he said that MSPs need to educate their customers on the steps they must take to reduce the risks they face.
“Data is key here,” said Swainson. “By being able to identify security threats, find out what has caused them and respond accordingly, you can deliver the most benefit and value to your customers.”