Ransomware, a type of malware designed to block access to critical systems until a sum of money is paid, is a major threat facing organizations of all kinds, from small businesses to large enterprises. But one of the sectors most at risk from ransomware is the managed service providers (MSP) community.
To find out more about the risks that ransomware can cause to MSPs, Expert Insights spoke to cybersecurity expert Jason Whitehurst. Working on the frontline with MSPs for over 16 years, Whitehurst realized that many service providers have no clear strategy for providing cybersecurity solutions for their clients, as well as a lack of expertise about critical security threats like ransomware.
To help solve these challenges, Whitehurst founded Service Provider Partners (SPP), with the mission of providing his guidance, expertise and the top cybersecurity products, to the MSP and MSSP community, for them to pass on to their clients.
How Harmful Is Ransomware For MSPs?
Whitehurst has found that, in his experience working with MSPs across the United States, ransomware in is one of the “most preeminent and common” types of malware attack that is facing MSPs today. In his view, one of main reasons for this is that many MSPs, smaller MSPs in particular, don’t take the risks of ransomware seriously enough.
“Many SMBs and organizations have the same thought concept which is: ’Oh, I’m too small, it won’t happen to me!’” Whitehurst says. “They have the notion that if they pretend it won’t happen to them, then it won’t, which is completely not the case.”
MSPs are an attractive target for cybercriminals, especially for those distributing ransomware. If the ransomware is able to infiltrate the MSP network, it is also possible for it to also affect the MSPs’ clients as a byproduct.
That’s what attackers are really after, Whitehurst says. “They’re after the 20, or 30 clients of the MSP,” he says. “I’m dealing with a ransomware incident right now for an MSP who didn’t have appropriate security in place in a certain part of their infrastructure.”
“The threat actors were able to use that vulnerability to fully infect their 23 clients, some of them in healthcare, manufacturing, healthcare clients, some of them up to 200 to 300 employees. Now there is a demand for a ransom for each of the 23 institutions.”
The effects of ransomware can be devastating for MSPs. As well as the initial ransom payment, the cost of repairing and securing systems after an attack, legal challenges that may arise from clients and any fines that may occur from loss of personal data, MSPs will also face often irreparable damage to their brand and loss of client confidence if they suffer from a well-publicized attack. And unfortunately, the risks from ransomware only seem to be increasing.
The Ransomware Threat Is Increasing
The coronavirus pandemic has seen the number of ransomware attacks Whitehurst deals with rise exponentially. “It’s ridiculous right now,” he says. “The more people are working from home, the less appropriate security we see covering home-worker devices.”
In addition, ransomware actors have evolved to more effectively target MSP customers, Whitehurst says. In the past, ransomware would typically involve malware encrypting user data, with the threat to users being pay up, or we’ll delete your personal data.
To combat this, organizations have started to invest more in backup solutions, which ensure that any lost data can be quickly recovered, and help businesses back to operational effectiveness in just a day or two.
This has some issues of its own, Whitehurst says. One of his clients used a data back-up after being hit by ransomware, and found themselves immediately re-infected, because they didn’t address the underlying reason as to why the attack was successful. But cybercriminals have also seen MSPs rely more on backups to protect against ransomware, and have shifted their attack methodology accordingly.
“These days, it’s more about data exfiltration and ransom,” Whitehurst says. “Attackers will target a company’s intellectual property, and then hold that data for ransom, threatening to make it public, rather than delete it. This causes a much bigger problem than simple data encryption.” And there is no easy fix.
Why Are MPSs So At Risk Of Ransomware Attack?
One of the other main reasons MSPs in particular are so at risk from ransomware comes from a lack of knowledge and expertise around cybersecurity issues, Whitehurst says. “Many of the MSPs don’t know how to protect themselves, so clearly they’re not going to be able to protect their downstream clients.”
“We do 30 or 40 MSP risk assessments a year, determining what the MSP’s susceptibility is to ransomware,” he says. “A lot of the times they think: ’Oh, we’re in pretty good shape.’ Rarely are they.”
One of the main problems is that MSPs are having is not knowing what to provide as a service to their clients, and then subsequently not knowing how to configure those services so they provide the right level of security.”
In addition, many MSPs find it difficult to explain the benefit and sell cybersecurity solutions to their clients, often treating the solutions as an afterthought rather than an integral component of a managed service offering.
One of the ways that Whitehurst helps MSPs at SPP has been by creating a package offering which includes a core group of security fundamentals that MSPs can cover to appropriately protect their clients. “We package these products together and help MSPs to understand how to position and sell those to their clients.”
How Can MSPs Stay Protected Against Ransomware?
The first step for MSPs to protect themselves against ransomware is by doing a risk assessment. “A traditional risk assessment simply identifies what the risks are. We go a step further, and we provide a detailed set of remediation recommendations and guidelines to cover the risks and vulnerabilities we found in the risk assessment.”
Next, MSPs must implement the specific products that will help them to address these vulnerabilities. One of the major avenues that ransomware is delivered into an organization is via email, and so Whitehurst recommends that MSPs find a solid partner that can deliver powerful email security to protect against the ransomware threat.
“In the many hundreds of ransomwares incidents we have addressed over the past year, the point of entry has been a spear-phishing attack. It’s quite rare that ransomware is distributed in some other fashion.”
Whitehurst also recommends that MSPs should recognize that there are full-service partners out there, like SSP, who can work with the MSP to help manage and mitigate the risks of ransomware attacks.
“Give us a call,” he says. “We work with organizations that can help you deliver a solid, vetted and white-labeled security product to your clients to stop ransomware. We don’t work with the client; we work through the MSP.”
“We also make sure the MSP can increase their margin, while having a strong product for their client, so it’s a win-win for everyone. At the end of the day, it’s giving the customer what they need, which is the appropriate level of protection, and making sure that protection stays in place as the security threats change.”
Thanks to Jason Whitehurst for participating in this interview. You can find out more about SPP and how they work with MSPs to protect them and their clients against ransomware here: https://www.spp.work/