The Not So Great Cybersecurity Revelations of 2021
During 2020, we longingly looked to 2021 as a year of freedom from our homes and the burdens of pandemic life. With hopes of returning to the old ‘normal,’ complete with office re-openings and mask-less smiles, many wondered what cybersecurity in the post-pandemic era would look like. Turns out, that accelerated digital transformation opened a lot of security loopholes that are hard to close. Here are three not-so-great things that taught the channel big lessons in 2021.
#1: The Hackers Are Killing It
Managed Service Providers (MSPs) and SMBs alike have to face the facts…the bad guys are winning the game. Strategic, targeted, sophisticated, and complex cyberattacks continue to rise year-over-year at an undeniable pace. This year, they started coming for the very thing we’ve relied on up until now: our backups. While these rapid changes in the cybersecurity landscape may have killed backups, MSPs aren’t out yet.
Business continuity and disaster recovery (BCDR) is taking center stage as the superheroes in the fight against evil. Luckily, the industry’s leading solution providers are supplying MSPs with the comprehensive BCDR solutions necessary to keep businesses running even after an attack takes place. As always, it’s not a question of if you’ll get attacked, but rather when. This year’s supply chain, ransomware, and phishing attacks reinforced the fact that business availability is not promised, and the cost of an attack could be fatal. Be sure you and your clients are protected and prepared in 2022 because chances are, you’re gonna need it!
#2: The Government is Stepping In
With the influx of successful attacks on SMBs, enterprises, and government agencies, 2021 welcomed a new challenge for MSPs: formal regulations. Louisiana was the first state to enact MSP-specific legislation requiring public reporting of cyber incidents and ransomware payments. Other states followed suit, expanding data breach notification laws and adding new penalties – including the Texas public ‘wall of shame’. While new laws attempt to shift blame from the business that was attacked, to the business that was supposed to be preventing data loss – i.e. MSPs and MSSPs – implementation has been slow and confusing. Keep up with the latest changes to your local regulations to avoid penalties on top of a cyberattack.
#3: Insurance Carriers Are Turning Up the Heat
Much like the government, cyber insurance carriers took note of the uptick in data loss and cyberattacks during 2021. In response, many companies are refusing to cover MSPs altogether, or significantly intensifying the approval process for coverage. It’s not because they’re invested in preventing data loss – it’s because they don’t want to pay claims for cyber events that could have been avoided.
Applications take a deep dive into your administrative, physical, and technical safeguards, while also assessing your vendors and solutions. To get coverage in 2022, MSPs not only have to increase their own security solutions, but clients need to follow suit. While better security is best, the trickle-down effect from carriers, to MSPs, to clients, will undoubtedly lead to minimum security requirements, increase the cost of doing business, and expand the role of vCISOs and CIOs.
Making the Most of It in 2022
So what’s an MSP to do? Up your own security game! Without a specific set of standards for MSPs, it’s up to the channel as a whole to prove our ability to protect data. Utilize these tools to make sure that if you do have an incident, you’re able to recover and restore the data, emphasize your reputation as a security-first provider, and remain competitive for business growth.
- Adopt the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity to apply the principles and best practices of risk management for improved security and resilience across five pillars: Identify, Protect, Detect, Respond, and Recover.
Download Axcient’s NIST Risk Assessment >>
- Implement an Incident Response Plan that clearly defines the necessary business and technical steps to take after a critical event occurs in order protect your MSP and your clients.
- Upgrade to BCDR with Chain-Free backup technology, unlimited storage and retention, simple and affordable pricing, and features specifically designed to address today’s cybersecurity threats. Axcient x360Recover offers MSPs near instant virtualization, ransomware rollback, and hardware-free BDR so MSPs can solve multiple use cases with just one solution.