The volume and severity of cyberthreats is growing exponentially, with the number of connected devices and remote workers being the main contributors to this trend.
According to Spiceworks, data privacy and security concerns will become more important than ever before in 2023.
Now is not the time to be complacent with your cybersecurity protocols. New threats arise daily. And they increase in frequency every 39 seconds, to be exact.
According to Statista, during the third quarter of 2022, internet users worldwide saw approximately 15 million data breaches, up by 167% compared to the previous quarter.
Common threats include ransomware, social engineering, phishing scams, viruses, and malware attacks. While these threats remain significant concerns, IT security providers may inadvertently overlook new ones.
Here are some lesser-known attacks and tips that managed service providers can use to combat them.
Third-Party Attacks
A third-party attack, also known as a supply chain attack, occurs when a hacker gets into a system through a third-party vendor, which is often overlooked as a security risk.
A 2019 eSentire survey found that 44% of all firms surveyed had experienced a significant data breach caused by a third-party vendor.
It's difficult for companies to monitor and evaluate all of their outside vendors' cybersecurity practices. As such, they may unwittingly entrust their data security to companies incapable of protecting it.
One notable example of a third-party breach occurred when hackers infiltrated a vendor that worked with Facebook, Instagram, and LinkedIn and leaked personal data from over 214 million user accounts.
This example illustrates why MSPs need to ensure that their systems are protected against outside threats.
Configuration Mistakes
We've written about human error as a primary cause of security breaches, including configuration mishaps. If you don't set up your clients' security software correctly, you are putting them and your IT services business' reputation at risk.
The Cybersecurity and Infrastructure Security Agency (CISA) recently noted that poor security practices and misconfigured software allow threat actors to exploit vulnerabilities to access IT service providers' networks (third-party attacks) or systems.
Furthermore, employee mistakes are on the rise due to stress and other mental health issues stemming from the COVID-19 pandemic, socio-political upheavals, and ongoing financial concerns. These mistakes are creating new opportunities for cybercriminals to launch attacks.
According to a Lyra Health report, 65% of workers surveyed said their mental health has directly impacted their work performance. Meanwhile, Ponemon Institute reports that half of IT experts don't know if their installed security tools work. This oversight means MSPs are failing to perform regular tests and updates.
IoT Security Lapses
According to a recent Gartner report, approximately one-fifth of organizations said cybercriminals attacked their IoT devices in 2020.
While IoT devices improve connectivity, they also increase an organization's susceptibility to cyberattacks. For example, cybercriminals can access a client's network via a smart coffee maker in the company kitchen or smart TV in the conference room.
A recent example of an IoT breach involved a Silicon Valley-funded security camera startup. Hackers were reportedly able to access 150,000 live camera feeds from surveillance cameras inside hospitals, police departments, prisons, and schools.
The challenge with IoT devices is that most don't come with built-in security. Other concerns include weak default passwords; they are difficult to patch and often run on legacy operating systems.
In addition, IoT devices expand your attack surface, as employees and vendors can access them remotely from anywhere.
Cross-Site Scripting (XSS)
XSS attacks are code injections in which hackers insert malicious scripts into trusted websites. They threaten more than 60% of websites worldwide.
Recently, hackers used a "URL" parameter on eBay to launch an XSS attack in which they redirected users to different pages. Since eBay did not validate the parameter's value, the attackers were able to inject malicious code into these pages. This code enabled the attackers to gain full access to eBay seller accounts, sell discounted products, and steal payment information.
How to Protect Your Clients
As cyberthreats continue to evolve and increase in volume and severity, MSPs must be proactive and implement tools and protocols to keep their customers safe. We recommend the following:
- Never implement devices that cannot have their software, passwords, or firmware updated or patched.
- Implement a zero-trust policy.
- Provide regular training and awareness sessions with clients based on the latest cyberthreats, best practices, and regulatory requirements.
- Protect your clients with the latest cyber protection solutions from Acronis.
- Ensure all client software is configured correctly.
- Frequently monitor and test client systems, software, and networks, both on premise and in the cloud.
Keeping up with the latest threats will protect your MSP business and its clients from lesser-known attacks. The vulnerabilities associated with remote work, IoT devices, and other issues can cost a company hundreds of thousands of dollars and put your MSP business at risk of damaging its reputation, especially in the unfortunate event of a third-party attack. Being vigilant and aware of these attacks is crucial to protecting your clients now and in the months and years ahead.
Want access to a security tool that protects your clients from the latest threats? Contact Acronis today for more information.
This guest blog is courtesy of Acronis. Read more Acronis guest blogs here. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.