It’s sometimes hard for an MSP to start the discussion about the value of the IT security services they provide. WannaCry, the latest widespread ransomware variant, offers the perfect conversation starter.
WannaCry has infected hundreds of thousands of systems in just a few weeks, encrypting files and holding them for ransom. Using a tool developed by the NSA, WannaCry exploited a Microsoft Windows vulnerability in the implementation of the Server Message Block protocol. Although Microsoft issued a patch in March 2017, many systems were still unprotected when WannaCry first appeared two months later on May 12, 2017.
This threat differs from past variants of ransomware in several ways, making it particularly damaging. Its developers gave WannaCry the capability to spread rapidly through a system, taking advantage of additional vulnerabilities. It also includes a backdoor that allows hackers to retain access even after the ransom is paid.
Bad News Spreads Fast
WannaCry has received an enormous amount of media attention in the past month from all over the world. A recent Google search revealed more than three million news articles detailing the threat, how organizations are fighting back, and the damage it has caused victims ranging from individuals and small businesses to healthcare organizations and auto maker Renault SA.
Even with past media coverage of ransomware like CryptoLocker, you have probably still encountered a lack of awareness — and even indifference — from prospects when it comes to the need for security. Within the past few weeks, however, ransomware awareness has become more common. All you have to do to start a conversation about security is ask, “Did you hear about the latest ransomware attack, WannaCry, which has affected hundreds of thousands of systems worldwide?” No matter how the prospect responds, a viable follow-up question could be, “Did you know that most of the successful attacks were caused by companies not taking advantage of a free patch update?”
Growing Your Business Despite the Hype
Although WannaCry presents an opportunity to grow your business, it will require a well-planned strategy. It’s essential to frame your marketing message carefully — you don’t want to appear like you’re circling overhead looking for victims to exploit. Instead, put the value of your security services and expertise front and center in blogs, newsletters, and on your website to let people know you are a knowledgeable source of information and a trusted solution provider. Use WannaCry as a compelling example, rather than trying to use it as a scare tactic
Although WannaCry is currently capturing a lot of media attention, it should serve as a reminder to MSPs that ransomware has become the new norm, and it’s not going away anytime soon. If your company hasn’t been proactive in the past about educating customers and prospects about this new reality (and other malicious cyberthreats), now’s the perfect time to start. Some suggestions for getting started are:
- Offering free risk assessments
- Hosting a lunch-and-learn
- Conducting a webinar or
- Offering training sessions on topics such as recognizing a phishing email or suspicious link.
Establish yourself as an expert on the subject, letting prospects know they can trust your company to handle their security needs.
Resources are available from your vendor partners that can help you market your business and educate prospects on their need for security solutions. Intronis MSP Solutions by Barracuda, for example, offers e-books, interactive quizzes, and an extensive partner tool kit that includes rebrandable educational assets and “event in a box” planning materials.
Eliminate WannaCry Tears with Backup and Security
You can also leverage vendors to provide information that will prepare your team to handle questions customers and prospects will ask, as well as training on the solutions that can protect them from ransomware and other cyberthreats.
The best approach is to put solutions (e.g., next-gen firewalls, email security) and strategies in place that prevent customers’ systems from becoming infected in the first place, starting with a proactive patch management process. In the case of WannaCry, the attack exploited Windows (especially Windows 7) devices that were at least two months behind on security updates. While security solutions and patching can go a long way toward thwarting cyberthreats, nothing is 100-percent foolproof. And, that’s why a managed backup solution is a must. If a customer’s system is infected with WannaCry or another ransomware strain, the only way to recover without paying the ransom is to roll back the customer’s system to a preinfected state.
To learn more about implementing a security and backup strategy for your customers, download The Smarter MSP’s Guide to Ransomware or contact Intronis MSP Solutions by Barracuda.
Brian Babineau is general manager, MSP Solutions, for Barracuda Networks. Read more Intronis MSP Solutions blogs here.
