Channel, Networking

Getting Proactive About Ransomware Security

Credit: Getty Images
Related Podcast: Amy Luby, chief channel evangelist, Acronis
Author: Amy Luby, chief channel evangelist, Acronis

As any security pro will tell you, with today’s sheer volume and sophistication of cyberthreats, even the best cyber protection solutions can’t guarantee your perpetual safety. Rather than an “assumption of protection” thanks to their anti-malware software, businesses must adopt an “assumption of breach”: You will be attacked, and you will eventually be compromised in some way.

That’s not to say that there is cause for panic, nor that you should abandon the idea of trying to defend clients against cyberthreats — doing so would all but guarantee disaster, and sooner rather than later. Rather, MSPs must act in anticipation of a cyberattack, shifting their approach to include proactive as well as reactive solutions.

The importance of a proactive approach

By thinking of data breaches as inevitable, providers should immediately see the need to adopt a layered approach to security — one that minimizes the number of breaches as well as the damage that they can cause. What are you doing at this very moment to limit your attack surface? If cybercriminals have already breached your systems (and they very well may have), what processes do you have in place that can contain the threat?

A modern approach to cybersecurity necessitates proactive measures, such as:

  • Vulnerability scanning, to identify security gaps for remediation
  • Patch management, to quickly deploy available security fixes across systems and networks
  • Email and URL filtering, to block malicious resources before users have the chance to interact with them
  • The incorporation of smart protection plans that can be automatically adjusted based on active threat intelligence updates

Successful attacks against a client can result in large-scale data leaks or destruction before you even have time to react. Adopting solutions that rely on procedural changes and behavioral mitigation is the only way forward.

Ransomware is one of MSPs’ biggest security challenges

Over the past 18 months, we’ve all seen a massive change in how business gets done. The COVID-19 pandemic effectively forced 92% of companies around the world to adopt new technologies that would support remote work — including solutions for workplace collaboration, privacy, and endpoint security. Many have stuck with this remote-first model, or adopted a hybrid approach that still relies heavily on remote access being available and secure.

This global shift created huge opportunities for cybercriminals, and they’ve wasted no time in accelerating and evolving their attacks to meet the moment. Even those who don’t follow security news closely are aware of recent attacks like the SolarWinds breach that penetrated several U.S. federal agencies, the Colonial Pipeline shutdown that impacted fuel availability across the U.S. East Coast, or the attack on Kaseya’s VSA software that compromised 1,000+ small businesses.

These attacks — and many others — were all the result of ransomware, which has become the defining danger of 2021.

Modern ransomware is a more sophisticated threat than some realize. Now that data backups are fairly commonplace, attackers explicitly target backups as well for deletion or encryption. They often exfiltrate sensitive data from infected systems before beginning the encryption process, and threaten to release it publicly if their demands are not met. These tactics allow them to increase their leverage over victims and quickly extract huge payments. Unfortunately, most SMBs are both ill-equipped to make significant ransom payments and unable to weather the consequences of extensive downtime or data leaks.

Service providers are SMBs’ lifeline

As an MSP, the quality of your security — both what you deliver and what you possess — can quite literally make or break your clients’ survival as a business.

The average cost of a data breach rose to $3.56 million during the first half of this year, as was shown in the Acronis Cyberthreats Report: Mid-year 2021, and four out of five organizations experienced a cybersecurity breach originating through their third-party vendor ecosystem during that same period. Data is hugely important for everyday operations at businesses of all sizes, and much of it is highly personal in nature; any data loss or interruption in business continuity will result in severe reputational damage and plenty of missed revenue opportunities. SMBs are no less vulnerable than deep-pocketed enterprises — they are arguably more so, since they often lack dedicated security professionals.

Indeed, because today’s cyberthreats are largely automated, not even the smallest company can rely on being “too small to target” — it takes no extra effort on the cybercriminals’ part to find and attack them. And most SMBs are simply unable to survive losing six or seven figure sums to downtime and recovery costs.

The most effective way to protect clients is to adopt comprehensive cyber protection solutions — ones designed with both proactive defenses against ransomware and other cutting-edge cyberthreats, and reactive disaster recovery capabilities. It’s no hyperbole to say that your clients’ very existence is at stake.

Learn more at the Acronis #CyberFit Summit World Tour 2021

Proactive protection and the threat of ransomware are sure to be major topics of discussion at the Acronis #CyberFit Summit World Tour 2021, kicking off later this month. Hear what the channel’s top thinkers and leaders have to say about security, efficiency, productivity, and profitability — and engage with Acronis’ leadership and get an inside look at our product roadmap and cyber protection initiatives for the coming year.

Join Acronis live at the Fontainebleau Hotel in Miami, or tune in to the many keynotes, workshops, and roundtable discussions on-demand from the comfort of your own home.

This guest blog is courtesy of Acronis and authored by Amy Luby, chief channel evangelist, Acronis. Read more Acronis guest blogs here. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.